firewalld-0.8.2/0000775007115300711530000000000013641123257014660 5ustar00egarveregarver00000000000000firewalld-0.8.2/doc/0000775007115300711530000000000013641123257015425 5ustar00egarveregarver00000000000000firewalld-0.8.2/doc/Makefile.in0000664007115300711530000004502513641123176017500 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = xml man all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic cscopelist-am ctags ctags-am \ distclean distclean-generic distclean-tags distdir dvi dvi-am \ html html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/doc/man/0000775007115300711530000000000013641123257016200 5ustar00egarveregarver00000000000000firewalld-0.8.2/doc/man/man1/0000775007115300711530000000000013641123257017034 5ustar00egarveregarver00000000000000firewalld-0.8.2/doc/man/man1/firewalld.10000664007115300711530000002151613641123207021067 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD" "1" "" "firewalld 0.8.2" "firewalld" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld \- Dynamic Firewall Manager .SH "SYNOPSIS" .HP \w'\fBfirewalld\ \fR\fB[OPTIONS...]\fR\ 'u \fBfirewalld \fR\fB[OPTIONS...]\fR .SH "DESCRIPTION" .PP firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces\&. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options\&. It also supports an interface for services or applications to add firewall rules directly\&. .SH "OPTIONS" .PP These are the command line options of firewalld: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exists\&. .RE .PP \fB\-\-default\-config\fR .RS 4 Path to firewalld default configuration\&. This usually defaults to \fI/usr/lib/firewalld\fR\&. .RE .PP \fB\-\-debug\fR[=\fIlevel\fR] .RS 4 Set the debug level for firewalld to \fIlevel\fR\&. The range of the debug level is 1 (lowest level) to 10 (highest level)\&. The debug output will be written to the firewalld log file \fI/var/log/firewalld\fR\&. .RE .PP \fB\-\-debug\-gc\fR .RS 4 Print garbage collector leak information\&. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks\&. .RE .PP \fB\-\-nofork\fR .RS 4 Turn off daemon forking\&. Force firewalld to run as a foreground process instead of as a daemon in the background\&. .RE .PP \fB\-\-nopid\fR .RS 4 Disable writing pid file\&. By default the program will write a pid file\&. If the program is invoked with this option it will not check for an existing server process\&. .RE .PP \fB\-\-system\-config\fR .RS 4 Path to firewalld system (user) configuration\&. This usually defaults to \fI/etc/firewalld\fR\&. .RE .SH "CONCEPTS" .PP firewalld has a D\-Bus interface for firewall configuration of services and applications\&. It also has a command line client for the user\&. Services or applications already using D\-Bus can request changes to the firewall with the D\-Bus interface directly\&. For more information on the firewalld D\-Bus interface, please have a look at \fBfirewalld.dbus\fR(5)\&. .PP firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options\&. Permanent configuration is loaded from XML files in \fI/usr/lib/firewalld\fR (\fB\-\-default\-config\fR) or \fI/etc/firewalld\fR (\fB\-\-system\-config\fR) (see the section called \(lqDIRECTORIES\(rq)\&. .PP If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file\&. The interfaces will automatically be handled by the default zone\&. firewalld will also not get notified about network device renames\&. All this also applies to interfaces that are not controlled by NetworkManager if \fINM_CONTROLLED=no\fR is set\&. .PP You can add these interfaces to a zone with \fBfirewall\-cmd [\-\-permanent] \-\-zone=\fR\fB\fIzone\fR\fR\fB \-\-add\-interface=\fR\fB\fIinterface\fR\fR\&. If there is a /etc/sysconfig/network\-scripts/ifcfg\-\fIinterface\fR file, firewalld tries to change the ZONE=\fIzone\fR setting in this file\&. .PP If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces\&. This mechanism is not possible in the case of a firewalld service restart\&. .PP It is essential to keep the ZONE= setting in the ifcfg file consistent to the binding in firewalld in the case of NetworkManager uncontrolled interfaces\&. .SS "Zones" .PP A network or firewall zone defines the trust level of the interface used for a connection\&. There are several pre\-defined zones provided by firewalld\&. Zone configuration options and generic information about zones are described in \fBfirewalld.zone\fR(5) .SS "Services" .PP A service can be a list of local ports, protocols and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled\&. Service configuration options and generic information about services are described in \fBfirewalld.service\fR(5)\&. The use of predefined services makes it easier for the user to enable and disable access to a service\&. .SS "ICMP types" .PP The Internet Control Message Protocol (ICMP) is used to exchange information and also error messages in the Internet Protocol (IP)\&. ICMP types can be used in firewalld to limit the exchange of these messages\&. For more information, please have a look at \fBfirewalld.icmptype\fR(5)\&. .SS "Runtime configuration" .PP Runtime configuration is the actual active configuration and is not permanent\&. After reload/restart of the service or a system reboot, runtime settings will be gone if they haven\*(Aqt been also in permanent configuration\&. .SS "Permanent configuration" .PP The permanent configuration is stored in config files and will be loaded and become new runtime configuration with every machine boot or service reload/restart\&. .SS "Direct interface" .PP The direct interface is mainly used by services or applications to add specific firewall rules\&. It requires basic knowledge of ip(6)tables concepts (tables, chains, commands, parameters, targets)\&. .SH "DIRECTORIES" .PP firewalld supports two configuration directories: .SS "Default/Fallback configuration in \fI/usr/lib/firewalld\fR (\-\-default\-config)" .PP This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones\&. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package\&. Additional \fBicmptypes\fR, \fBservices\fR and \fBzones\fR can be provided with packages or by creating files\&. .SS "System configuration settings in \fI/etc/firewalld\fR (\-\-system\-config)" .PP The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand\&. The files will overload the default configuration files\&. .PP To manually change settings of pre\-defined icmptypes, zones or services, copy the file from the default configuration directory to the corresponding directory in the system configuration directory and change it accordingly\&. .PP For more information on icmptypes, please have a look at the \fBfirewalld.icmptype\fR(5) man page, for services at \fBfirewalld.service\fR(5) and for zones at \fBfirewalld.zone\fR(5)\&. .SH "SIGNALS" .PP Currently only SIGHUP is supported\&. .SS "SIGHUP" .PP Reloads the complete firewall configuration\&. You can also use \fBfirewall\-cmd \-\-reload\fR\&. All runtime configuration settings will be restored\&. Permanent configuration will change according to options defined in the configuration files\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man1/firewall-cmd.10000664007115300711530000017550113641123256021474 0ustar00egarveregarver00000000000000'\" t .\" Title: firewall-cmd .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewall-cmd .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALL\-CMD" "1" "" "firewalld 0.8.2" "firewall-cmd" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-cmd \- firewalld command line client .SH "SYNOPSIS" .HP \w'\fBfirewall\-cmd\fR\ 'u \fBfirewall\-cmd\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-cmd is the command line client of the firewalld daemon\&. It provides interface to manage runtime and permanent configuration\&. .PP The runtime configuration in firewalld is separated from the permanent configuration\&. This means that things can get changed in the runtime or permanent configuration\&. .SH "OPTIONS" .PP Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded\&. The \fIALREADY_ENABLED\fR (11), \fINOT_ENABLED\fR (12) and also \fIZONE_ALREADY_SET\fR (16) errors are treated as succeeded\&. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one\&. Without any succeeded item, the exit code will depend on the error codes\&. If there is exactly one error code, then this is used\&. If there are more than one then \fIUNKNOWN_ERROR\fR (254) will be used\&. .PP The following options are supported: .SS "General Options" .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exits\&. .RE .PP \fB\-V\fR, \fB\-\-version\fR .RS 4 Print the version string of firewalld\&. This option is not combinable with other options\&. .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Do not print status messages\&. .RE .SS "Status Options" .PP \fB\-\-state\fR .RS 4 Check whether the firewalld daemon is active (i\&.e\&. running)\&. Returns an exit code 0 if it is active, \fIRUNNING_BUT_FAILED\fR if failure occurred on startup, \fINOT_RUNNING\fR otherwise\&. See the section called \(lqEXIT CODES\(rq\&. This will also print the state to \fISTDOUT\fR\&. .RE .PP \fB\-\-reload\fR .RS 4 Reload firewall rules and keep state information\&. Current permanent configuration will become new runtime configuration, i\&.e\&. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration\&. .sp Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely\&. .RE .PP \fB\-\-complete\-reload\fR .RS 4 Reload firewall completely, even netfilter kernel modules\&. This will most likely terminate active connections, because state information is lost\&. This option should only be used in case of severe firewall problems\&. For example if there are state information problems that no connection can be established with correct firewall rules\&. .sp Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely\&. .RE .PP \fB\-\-runtime\-to\-permanent\fR .RS 4 Save active runtime configuration and overwrite permanent configuration with it\&. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you\*(Aqre happy with the configuration and you tested that it works the way you want, you save the configuration to disk\&. .RE .PP \fB\-\-check\-config\fR .RS 4 Run checks on the permanent configuration\&. This includes XML validity and semantics\&. .RE .SS "Log Denied Options" .PP \fB\-\-get\-log\-denied\fR .RS 4 Print the log denied setting\&. .RE .PP \fB\-\-set\-log\-denied\fR=\fIvalue\fR .RS 4 Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link\-layer packet type\&. The possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default setting is \fIoff\fR, which disables the logging\&. .sp This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules\&. .RE .SS "Permanent Options" .PP \fB\-\-permanent\fR .RS 4 The permanent option \fB\-\-permanent\fR can be used to set options permanently\&. These changes are not effective immediately, only after service restart/reload or system reboot\&. Without the \fB\-\-permanent\fR option, a change will only be part of the runtime configuration\&. .sp If you want to make a change in runtime and permanent configuration, use the same call with and without the \fB\-\-permanent\fR option\&. .sp The \fB\-\-permanent\fR option can be optionally added to all options further down where it is supported\&. .RE .SS "Zone Options" .PP \fB\-\-get\-default\-zone\fR .RS 4 Print default zone for connections and interfaces\&. .RE .PP \fB\-\-set\-default\-zone\fR=\fIzone\fR .RS 4 Set default zone for connections and interfaces where no zone has been selected\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. .sp This is a runtime and permanent change\&. .RE .PP \fB\-\-get\-active\-zones\fR .RS 4 Print currently active zones altogether with interfaces and sources used in these zones\&. Active zones are zones, that have a binding to an interface or source\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone1\fR interfaces: \fIinterface1\fR \fIinterface2\fR \&.\&. sources: \fIsource1\fR \&.\&. \fIzone2\fR interfaces: \fIinterface3\fR \&.\&. \fIzone3\fR sources: \fIsource2\fR \&.\&. .fi .if n \{\ .RE .\} .sp If there are no interfaces or sources bound to the zone, the corresponding line will be omitted\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-zones\fR .RS 4 Print predefined zones as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-services\fR .RS 4 Print predefined services as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-icmptypes\fR .RS 4 Print predefined icmptypes as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-zone\-of\-interface\fR=\fIinterface\fR .RS 4 Print the name of the zone the \fIinterface\fR is bound to or \fIno zone\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-zone\-of\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Print the name of the zone the source is bound to or \fIno zone\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-info\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print information about the zone \fIzone\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-all\-zones\fR .RS 4 List everything added for or enabled in all zones\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone1\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-permanent\fR \fB\-\-new\-zone\fR=\fIzone\fR .RS 4 Add a new permanent and empty zone\&. .sp Zone names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-zone\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIzone\fR] .RS 4 Add a new permanent zone from a prepared zone file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-zone\fR=\fIzone\fR .RS 4 Delete an existing permanent zone\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-zone\-defaults\fR=\fIzone\fR .RS 4 Load zone default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print path of the zone configuration file\&. .RE .PP \fB\-\-permanent\fR \fB\-\-zone\fR=\fIzone\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to zone .RE .PP \fB\-\-permanent\fR \fB\-\-zone\fR=\fIzone\fR \fB\-\-get\-description\fR .RS 4 Print description for zone .RE .PP \fB\-\-permanent\fR \fB\-\-zone\fR=\fIzone\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to zone .RE .PP \fB\-\-permanent\fR \fB\-\-zone\fR=\fIzone\fR \fB\-\-get\-short\fR .RS 4 Print short description for zone .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-get\-target\fR .RS 4 Get the target of a permanent zone\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-set\-target\fR=\fItarget\fR .RS 4 Set the target of a permanent zone\&. \fItarget\fR is one of: \fIdefault\fR, \fIACCEPT\fR, \fIDROP\fR, \fIREJECT\fR .sp \fIdefault\fR is similar to \fIREJECT\fR, but has special meaning in the following scenarios: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} ICMP explicitly allowed .sp At the end of the zone\*(Aqs ruleset ICMP packets are explicitly allowed\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} forwarded packets follow the \fItarget\fR of the egress zone .sp In the case of forwarded packets, if the ingress zone uses \fIdefault\fR then whether or not the packet will be allowed is determined by the egress zone\&. .sp For a forwarded packet that ingresses zoneA and egresses zoneB: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} if zoneA\*(Aqs \fItarget\fR is \fIACCEPT\fR, \fIDROP\fR, or \fIREJECT\fR then the packet is accepted, dropped, or rejected respectively\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} if zoneA\*(Aqs \fItarget\fR is \fIdefault\fR, then the packet is accepted, dropped, or rejected based on zoneB\*(Aqs \fItarget\fR\&. If zoneB\*(Aqs \fItarget\fR is also \fIdefault\fR, then the packet will be rejected by firewalld\*(Aqs catchall reject\&. .RE .RE .sp .RS 4 .ie n \{\ \h'-04' 3.\h'+01'\c .\} .el \{\ .sp -1 .IP " 3." 4.2 .\} Zone drifting from source\-based zone to interface\-based zone .sp This only applies if \fBAllowZoneDrifting\fR is enabled\&. See \fBfirewalld.conf\fR(5)\&. .sp If a packet ingresses a source\-based zone with a \fItarget\fR of \fIdefault\fR, it may still enter an interface\-based zone (including the default zone)\&. .RE .sp .RE .SS "Options to Adapt and Query Zones" .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-all\fR .RS 4 List everything added for or enabled in \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-services\fR .RS 4 List services added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-service\fR=\fIservice\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add a service for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-service\fR=\fIservice\fR .RS 4 Remove a service from \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-service\fR=\fIservice\fR .RS 4 Return whether \fIservice\fR has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-ports\fR .RS 4 List ports added for \fIzone\fR as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR, it can be either a port and protocol pair or a port range with a protocol\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the port for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the port from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-protocols\fR .RS 4 List protocols added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-protocol\fR=\fIprotocol\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the protocol for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove the protocol from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return whether the protocol has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-source\-ports\fR .RS 4 List source ports added for \fIzone\fR as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the source port for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the source port from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the source port has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-icmp\-blocks\fR .RS 4 List Internet Control Message Protocol (ICMP) type blocks added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-icmp\-block\fR=\fIicmptype\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add an ICMP block for \fIicmptype\fR for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The \fIicmptype\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-icmp\-block\fR=\fIicmptype\fR .RS 4 Remove the ICMP block for \fIicmptype\fR from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-icmp\-block\fR=\fIicmptype\fR .RS 4 Return whether an ICMP block for \fIicmptype\fR has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-forward\-ports\fR .RS 4 List \fIIPv4\fR forward ports added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the \fIIPv4\fR forward port for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. The destination address is a simple IP address\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled if \fBtoaddr\fR is specified\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Remove the \fIIPv4\fR forward port from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Return whether the \fIIPv4\fR forward port has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-masquerade\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Enable \fIIPv4\fR masquerade for \fIzone\fR\&. If zone is omitted, default zone will be used\&. If a timeout is supplied, masquerading will be active for the specified amount of time\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-masquerade\fR .RS 4 Disable \fIIPv4\fR masquerade for \fIzone\fR\&. If zone is omitted, default zone will be used\&. If the masquerading was enabled with a timeout, it will be disabled also\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-masquerade\fR .RS 4 Return whether \fIIPv4\fR masquerading has been enabled for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-rich\-rules\fR .RS 4 List rich language rules added for \fIzone\fR as a newline separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add rich language rule \*(Aq\fIrule\fR\*(Aq for \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. If a timeout is supplied, the \fIrule\fR will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Remove rich language rule \*(Aq\fIrule\fR\*(Aq from \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Return whether a rich language rule \*(Aq\fIrule\fR\*(Aq has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .SS "Options to Handle Bindings of Interfaces" .PP Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \-\-get\-zones\fR\&. .PP An interface name is a string up to 16 characters long, that may not contain \fB\*(Aq \*(Aq\fR, \fB\*(Aq/\*(Aq\fR, \fB\*(Aq!\*(Aq\fR and \fB\*(Aq*\*(Aq\fR\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-interfaces\fR .RS 4 List interfaces that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-interface\fR=\fIinterface\fR .RS 4 Bind interface \fIinterface\fR to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .sp If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface\&. If this fails, the zone binding is created in firewalld and the limitations below apply\&. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists\&. .sp As a end user you don\*(Aqt need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to \fBZONE=\fR option from ifcfg\-\fIinterface\fR file) if \fINM_CONTROLLED=no\fR is not set\&. You should do it only if there\*(Aqs no /etc/sysconfig/network\-scripts/ifcfg\-\fIinterface\fR file\&. If there is such file and you add interface to zone with this \fB\-\-add\-interface\fR option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined\&. Please also have a look at the \fBfirewalld\fR(1) man page in the \fIConcepts\fR section\&. For permanent association of interface with a zone, see also \*(AqHow to set or change a zone for a connection?\*(Aq in \fBfirewalld.zones\fR(5)\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-interface\fR=\fIinterface\fR .RS 4 If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface\&. If this fails, the zone binding is created in firewalld and the limitations below apply\&. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists\&. .sp Change zone the interface \fIinterface\fR is bound to to zone \fIzone\fR\&. It\*(Aqs basically \fB\-\-remove\-interface\fR followed by \fB\-\-add\-interface\fR\&. If the interface has not been bound to a zone before, it behaves like \fB\-\-add\-interface\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-interface\fR=\fIinterface\fR .RS 4 Query whether interface \fIinterface\fR is bound to zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-interface\fR=\fIinterface\fR .RS 4 If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface\&. If this fails, the zone binding is created in firewalld and the limitations below apply\&. .sp For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface\&. .sp Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file\&. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone\&. Only the zone binding is then removed in firewalld then\&. .sp Remove binding of interface \fIinterface\fR from zone it was previously added to\&. .RE .SS "Options to Handle Bindings of Sources" .PP Binding a source to a zone means that this zone settings will be used to restrict traffic from this source\&. .PP A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. The use of host names is not supported\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \fR\fB[\fB\-\-permanent\fR]\fR\fB \-\-get\-zones\fR\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-sources\fR .RS 4 List sources that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Bind the source to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Change zone the source is bound to to zone \fIzone\fR\&. It\*(Aqs basically \fB\-\-remove\-source\fR followed by \fB\-\-add\-source\fR\&. If the source has not been bound to a zone before, it behaves like \fB\-\-add\-source\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Query whether the source is bound to the zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Remove binding of the source from zone it was previously added to\&. .RE .SS "IPSet Options" .PP \fB\-\-get\-ipset\-types\fR .RS 4 Print the supported ipset types\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-ipset\fR=\fIipset\fR \fB\-\-type\fR=\fItype\fR [\fB\-\-family\fR=\fIinet\fR|\fIinet6\fR] [\fB\-\-option\fR=\fIkey\fR[=\fIvalue\fR]] .RS 4 Add a new permanent and empty ipset with specifying the type and optional the family and options like \fItimeout\fR, \fIhashsize\fR and \fImaxelem\fR\&. For more information please have a look at \fBipset\fR(8) man page\&. .sp ipset names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-ipset\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIipset\fR] .RS 4 Add a new permanent ipset from a prepared ipset file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-ipset\fR=\fIipset\fR .RS 4 Delete an existing permanent ipset\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-ipset\-defaults\fR=\fIipset\fR .RS 4 Load ipset default settings or report NO_DEFAULTS error\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-info\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print information about the ipset \fIipset\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIipset\fR type: \fItype\fR options: \fIoption1[=value1]\fR \&.\&. entries: \fIentry1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-ipsets\fR .RS 4 Print predefined ipsets as a space separated list\&. .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to ipset .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-description\fR .RS 4 Print description for ipset .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to ipset .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-short\fR .RS 4 Print short description for ipset .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entry\fR=\fIentry\fR .RS 4 Add a new entry to the ipset\&. .sp Adding an entry to an ipset with option \fItimeout\fR is permitted, but these entries are not tracked by firewalld\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entry\fR=\fIentry\fR .RS 4 Remove an entry from the ipset\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-query\-entry\fR=\fIentry\fR .RS 4 Return whether the entry has been added to an ipset\&. Returns 0 if true, 1 otherwise\&. .sp Querying an ipset with a timeout will yield an error\&. Entries are not tracked for ipsets with a timeout\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-entries\fR .RS 4 List all entries of the ipset\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Add a new entries to the ipset from the file\&. For all entries that are listed in the file but already in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Remove existing entries from the ipset from the file\&. For all entries that are listed in the file but not in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print path of the ipset configuration file\&. .RE .SS "Service Options" .PP Options in this section affect only one particular service\&. .PP [\fB\-\-permanent\fR] \fB\-\-info\-service=\fR\fB\fIservice\fR\fR .RS 4 Print information about the service \fIservice\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIservice\fR ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. helpers: \fIhelper1\fR \&.\&. destination: \fIipv1\fR:\fIaddress1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-permanent\fR \fB\-\-new\-service\fR=\fIservice\fR .RS 4 Add a new permanent and empty service\&. .sp Service names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-service\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIservice\fR] .RS 4 Add a new permanent service from a prepared service file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-service\fR=\fIservice\fR .RS 4 Delete an existing permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-service\-defaults\fR=\fIservice\fR .RS 4 Load service default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-service=\fR\fB\fIservice\fR\fR .RS 4 Print path of the service configuration file\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-description\fR .RS 4 Print description for service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-short\fR .RS 4 Print short description for service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return wether the port has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-protocol\fR=\fIprotocol\fR .RS 4 Add a new protocol to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove a protocol from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return wether the protocol has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-protocols\fR .RS 4 List protocols added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new source port to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a source port from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return wether the source port has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-source\-ports\fR .RS 4 List source ports added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-helper\fR=\fIhelper\fR .RS 4 Add a new helper to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-helper\fR=\fIhelper\fR .RS 4 Remove a helper from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-helper\fR=\fIhelper\fR .RS 4 Return wether the helper has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-service\-helpers\fR .RS 4 List helpers added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Set destination for ipv to address[/mask] in the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Remove the destination for ipv from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Return wether the destination ipv to address[/mask] has been set in the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-destinations\fR .RS 4 List destinations added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-include\fR=\fIservice\fR .RS 4 Add a new include to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-include\fR=\fIservice\fR .RS 4 Remove a include from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-include\fR=\fIservice\fR .RS 4 Return wether the include has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-includes\fR .RS 4 List includes added to the permanent service\&. .RE .SS "Helper Options" .PP Options in this section affect only one particular helper\&. .PP [\fB\-\-permanent\fR] \fB\-\-info\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print information about the helper \fIhelper\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIhelper\fR family: \fIfamily\fR module: \fImodule\fR ports: \fIport1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-permanent\fR \fB\-\-new\-helper\fR=\fIhelper\fR \fB\-\-module\fR=\fInf_conntrack_module\fR [\fB\-\-family\fR=\fIipv4\fR|\fIipv6\fR] .RS 4 Add a new permanent helper with module and optionally family defined\&. .sp Helper names must be alphanumeric and may additionally include characters: \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-helper\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIhelper\fR] .RS 4 Add a new permanent helper from a prepared helper file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-helper\fR=\fIhelper\fR .RS 4 Delete an existing permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-helper\-defaults\fR=\fIhelper\fR .RS 4 Load helper default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print path of the helper configuration file\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-helpers\fR .RS 4 Print predefined helpers as a space separated list\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-description\fR .RS 4 Print description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-short\fR .RS 4 Print short description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return wether the port has been added to the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-module\fR=\fIdescription\fR .RS 4 Set module description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-module\fR .RS 4 Print module description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-family\fR=\fIdescription\fR .RS 4 Set family description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-family\fR .RS 4 Print family description of helper .RE .SS "Internet Control Message Protocol (ICMP) type Options" .PP Options in this section affect only one particular icmptype\&. .PP [\fB\-\-permanent\fR] \fB\-\-info\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print information about the icmptype \fIicmptype\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIicmptype\fR destination: \fIipv1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-permanent\fR \fB\-\-new\-icmptype\fR=\fIicmptype\fR .RS 4 Add a new permanent and empty icmptype\&. .sp ICMP type names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-icmptype\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIicmptype\fR] .RS 4 Add a new permanent icmptype from a prepared icmptype file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-icmptype\fR=\fIicmptype\fR .RS 4 Delete an existing permanent icmptype\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-icmptype\-defaults\fR=\fIicmptype\fR .RS 4 Load icmptype default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-description\fR .RS 4 Print description for icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-short\fR .RS 4 Print short description for icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-add\-destination\fR=\fIipv\fR .RS 4 Enable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Disable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-query\-destination\fR=\fIipv\fR .RS 4 Return whether destination for ipv is enabled in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-destinations\fR .RS 4 List destinations in permanent icmptype\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print path of the icmptype configuration file\&. .RE .SS "Direct Options" .PP The direct options give a more direct access to the firewall\&. These options require user to know basic iptables concepts, i\&.e\&. \fItable\fR (filter/mangle/nat/\&.\&.\&.), \fIchain\fR (INPUT/OUTPUT/FORWARD/\&.\&.\&.), \fIcommands\fR (\-A/\-D/\-I/\&.\&.\&.), \fIparameters\fR (\-p/\-s/\-d/\-j/\&.\&.\&.) and \fItargets\fR (ACCEPT/DROP/REJECT/\&.\&.\&.)\&. .PP Direct options should be used only as a last resort when it\*(Aqs not possible to use for example \fB\-\-add\-service\fR=\fIservice\fR or \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq\&. .PP \fBWarning\fR: Direct rules behavior is different depending on the value of \fIFirewallBackend\fR\&. See \fICAVEATS\fR in \fBfirewalld.direct\fR(5)\&. .PP The first argument of each option has to be \fIipv4\fR or \fIipv6\fR or \fIeb\fR\&. With \fIipv4\fR it will be for IPv4 (\fBiptables\fR(8)), with \fIipv6\fR for IPv6 (\fBip6tables\fR(8)) and with \fIeb\fR for ethernet bridges (\fBebtables\fR(8))\&. .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-all\-chains\fR .RS 4 Get all chains added to all tables\&. This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-chains\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR .RS 4 Get all chains added to table \fItable\fR as a space separated list\&. This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-add\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Add a new chain with name \fIchain\fR to table \fItable\fR\&. Make sure there\*(Aqs no other chain with this name already\&. .sp There already exist basic chains to use with direct options, for example \fIINPUT_direct\fR chain (see \fIiptables\-save | grep direct\fR output for all of them)\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove chain with name \fIchain\fR from table \fItable\fR\&. Only chains previously added with \fB\-\-direct \-\-add\-chain\fR can be removed this way\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-query\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Return whether a chain with name \fIchain\fR exists in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-all\-rules\fR .RS 4 Get all rules added to all chains in all tables as a newline separated list of the priority and arguments\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Get all rules added to chain \fIchain\fR in table \fItable\fR as a newline separated list of the priority and arguments\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-add\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Add a rule with the arguments \fIargs\fR to chain \fIchain\fR in table \fItable\fR with priority \fIpriority\fR\&. .sp The \fIpriority\fR is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Remove a rule with \fIpriority\fR and the arguments \fIargs\fR from chain \fIchain\fR in table \fItable\fR\&. Only rules previously added with \fB\-\-direct \-\-add\-rule\fR can be removed this way\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove all rules in the chain with name \fIchain\fR exists in table \fItable\fR\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR in this chain\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-query\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in chain \fIchain\fR in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Pass a command through to the firewall\&. \fIargs\fR can be all \fBiptables\fR, \fBip6tables\fR and \fBebtables\fR command line arguments\&. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-all\-passthroughs\fR .RS 4 Get all passthrough rules as a newline separated list of the ipv value and arguments\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-passthroughs\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } .RS 4 Get all passthrough rules for the ipv value as a newline separated list of the priority and arguments\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-add\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Add a passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Remove a passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-query\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Return whether a passthrough rule with the arguments \fIargs\fR exists for the ipv value\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Lockdown Options" .PP Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit\&. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes\&. .PP The lockdown access check limits D\-Bus methods that are changing firewall rules\&. Query, list and get methods are not limited\&. .PP The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default\&. .PP \fB\-\-lockdown\-on\fR .RS 4 Enable lockdown\&. Be careful \- if firewall\-cmd is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with firewall\-cmd, you would need to edit firewalld\&.conf\&. .sp This is a runtime and permanent change\&. .RE .PP \fB\-\-lockdown\-off\fR .RS 4 Disable lockdown\&. .sp This is a runtime and permanent change\&. .RE .PP \fB\-\-query\-lockdown\fR .RS 4 Query whether lockdown is enabled\&. Returns 0 if lockdown is enabled, 1 otherwise\&. .RE .SS "Lockdown Whitelist Options" .PP The lockdown whitelist can contain \fIcommands\fR, \fIcontexts\fR, \fIusers\fR and \fIuser ids\fR\&. .PP If a command entry on the whitelist ends with an asterisk \*(Aq*\*(Aq, then all command lines starting with the command will match\&. If the \*(Aq*\*(Aq is not there the absolute command inclusive arguments must match\&. .PP Commands for user root and others is not always the same\&. Example: As root \fB/bin/firewall\-cmd\fR is used, as a normal user \fB/usr/bin/firewall\-cmd\fR is be used on Fedora\&. .PP The context is the security (SELinux) context of a running application or service\&. To get the context of a running application use \fBps \-e \-\-context\fR\&. .PP \fBWarning:\fR If the context is unconfined, then this will open access for more than the desired application\&. .PP The lockdown whitelist entries are checked in the following order: .RS 4 1\&. \fIcontext\fR .RE .RS 4 2\&. \fIuid\fR .RE .RS 4 3\&. \fIuser\fR .RE .RS 4 4\&. \fIcommand\fR .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-commands\fR .RS 4 List all command lines that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Add the \fIcommand\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Remove the \fIcommand\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Query whether the \fIcommand\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-contexts\fR .RS 4 List all contexts that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Add the context \fIcontext\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Remove the \fIcontext\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Query whether the \fIcontext\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-uids\fR .RS 4 List all user ids that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Add the user id \fIuid\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Remove the user id \fIuid\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Query whether the user id \fIuid\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-users\fR .RS 4 List all user names that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Add the user name \fIuser\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Remove the user name \fIuser\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Query whether the user name \fIuser\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Panic Options" .PP \fB\-\-panic\-on\fR .RS 4 Enable panic mode\&. All incoming and outgoing packets are dropped, active connections will expire\&. Enable this only if there are serious problems with your network environment\&. For example if the machine is getting hacked in\&. .sp This is a runtime only change\&. .RE .PP \fB\-\-panic\-off\fR .RS 4 Disable panic mode\&. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time\&. .sp This is a runtime only change\&. .RE .PP \fB\-\-query\-panic\fR .RS 4 Returns 0 if panic mode is enabled, 1 otherwise\&. .RE .SH "EXAMPLES" .PP For more examples see \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .SS "Example 1" .PP Enable http service in default zone\&. This is runtime only change, i\&.e\&. effective until restart\&. .PP .if n \{\ .RS 4 .\} .nf firewall\-cmd \-\-add\-service=http .fi .if n \{\ .RE .\} .sp .SS "Example 2" .PP Enable port 443/tcp immediately and permanently in default zone\&. To make the change effective immediately and also after restart we need two commands\&. The first command makes the change in runtime configuration, i\&.e\&. makes it effective immediately, until restart\&. The second command makes the change in permanent configuration, i\&.e\&. makes it effective after restart\&. .PP .if n \{\ .RS 4 .\} .nf firewall\-cmd \-\-add\-port=443/tcp firewall\-cmd \-\-permanent \-\-add\-port=443/tcp .fi .if n \{\ .RE .\} .sp .SH "EXIT CODES" .PP On success 0 is returned\&. On failure the output is red colored and exit code is either 2 in case of wrong command\-line option usage or one of the following error codes in other cases: .TS allbox tab(:); lB rB. T{ String T}:T{ Code T} .T& l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r. T{ ALREADY_ENABLED T}:T{ 11 T} T{ NOT_ENABLED T}:T{ 12 T} T{ COMMAND_FAILED T}:T{ 13 T} T{ NO_IPV6_NAT T}:T{ 14 T} T{ PANIC_MODE T}:T{ 15 T} T{ ZONE_ALREADY_SET T}:T{ 16 T} T{ UNKNOWN_INTERFACE T}:T{ 17 T} T{ ZONE_CONFLICT T}:T{ 18 T} T{ BUILTIN_CHAIN T}:T{ 19 T} T{ EBTABLES_NO_REJECT T}:T{ 20 T} T{ NOT_OVERLOADABLE T}:T{ 21 T} T{ NO_DEFAULTS T}:T{ 22 T} T{ BUILTIN_ZONE T}:T{ 23 T} T{ BUILTIN_SERVICE T}:T{ 24 T} T{ BUILTIN_ICMPTYPE T}:T{ 25 T} T{ NAME_CONFLICT T}:T{ 26 T} T{ NAME_MISMATCH T}:T{ 27 T} T{ PARSE_ERROR T}:T{ 28 T} T{ ACCESS_DENIED T}:T{ 29 T} T{ UNKNOWN_SOURCE T}:T{ 30 T} T{ RT_TO_PERM_FAILED T}:T{ 31 T} T{ IPSET_WITH_TIMEOUT T}:T{ 32 T} T{ BUILTIN_IPSET T}:T{ 33 T} T{ ALREADY_SET T}:T{ 34 T} T{ MISSING_IMPORT T}:T{ 35 T} T{ DBUS_ERROR T}:T{ 36 T} T{ BUILTIN_HELPER T}:T{ 37 T} T{ NOT_APPLIED T}:T{ 38 T} T{ INVALID_ACTION T}:T{ 100 T} T{ INVALID_SERVICE T}:T{ 101 T} T{ INVALID_PORT T}:T{ 102 T} T{ INVALID_PROTOCOL T}:T{ 103 T} T{ INVALID_INTERFACE T}:T{ 104 T} T{ INVALID_ADDR T}:T{ 105 T} T{ INVALID_FORWARD T}:T{ 106 T} T{ INVALID_ICMPTYPE T}:T{ 107 T} T{ INVALID_TABLE T}:T{ 108 T} T{ INVALID_CHAIN T}:T{ 109 T} T{ INVALID_TARGET T}:T{ 110 T} T{ INVALID_IPV T}:T{ 111 T} T{ INVALID_ZONE T}:T{ 112 T} T{ INVALID_PROPERTY T}:T{ 113 T} T{ INVALID_VALUE T}:T{ 114 T} T{ INVALID_OBJECT T}:T{ 115 T} T{ INVALID_NAME T}:T{ 116 T} T{ INVALID_FILENAME T}:T{ 117 T} T{ INVALID_DIRECTORY T}:T{ 118 T} T{ INVALID_TYPE T}:T{ 119 T} T{ INVALID_SETTING T}:T{ 120 T} T{ INVALID_DESTINATION T}:T{ 121 T} T{ INVALID_RULE T}:T{ 122 T} T{ INVALID_LIMIT T}:T{ 123 T} T{ INVALID_FAMILY T}:T{ 124 T} T{ INVALID_LOG_LEVEL T}:T{ 125 T} T{ INVALID_AUDIT_TYPE T}:T{ 126 T} T{ INVALID_MARK T}:T{ 127 T} T{ INVALID_CONTEXT T}:T{ 128 T} T{ INVALID_COMMAND T}:T{ 129 T} T{ INVALID_USER T}:T{ 130 T} T{ INVALID_UID T}:T{ 131 T} T{ INVALID_MODULE T}:T{ 132 T} T{ INVALID_PASSTHROUGH T}:T{ 133 T} T{ INVALID_MAC T}:T{ 134 T} T{ INVALID_IPSET T}:T{ 135 T} T{ INVALID_ENTRY T}:T{ 136 T} T{ INVALID_OPTION T}:T{ 137 T} T{ INVALID_HELPER T}:T{ 138 T} T{ INVALID_PRIORITY T}:T{ 139 T} T{ MISSING_TABLE T}:T{ 200 T} T{ MISSING_CHAIN T}:T{ 201 T} T{ MISSING_PORT T}:T{ 202 T} T{ MISSING_PROTOCOL T}:T{ 203 T} T{ MISSING_ADDR T}:T{ 204 T} T{ MISSING_NAME T}:T{ 205 T} T{ MISSING_SETTING T}:T{ 206 T} T{ MISSING_FAMILY T}:T{ 207 T} T{ RUNNING_BUT_FAILED T}:T{ 251 T} T{ NOT_RUNNING T}:T{ 252 T} T{ NOT_AUTHORIZED T}:T{ 253 T} T{ UNKNOWN_ERROR T}:T{ 254 T} .TE .sp 1 .PP Note that return codes of \fB\-\-query\-*\fR options are special: Successful queries return 0, unsuccessful ones return 1 unless an error occurred in which case the table above applies\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man1/firewall-config.10000664007115300711530000000526013641123207022164 0ustar00egarveregarver00000000000000'\" t .\" Title: firewall-config .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewall-config .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALL\-CONFIG" "1" "" "firewalld 0.8.2" "firewall-config" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-config \- firewalld GUI configuration tool .SH "SYNOPSIS" .HP \w'\fBfirewall\-config\fR\ 'u \fBfirewall\-config\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-config is a GUI configuration tool for firewalld\&. .SH "OPTIONS" .PP \fBfirewall\-config\fR does not support any special options\&. The only options that can be used are the general options that Gtk uses for Gtk application initialization\&. For more information on these options, please have a look at the runtime documentation for Gtk\&. .PP The following options are supported: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exits\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man1/Makefile.in0000664007115300711530000003665613641123176021121 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/man/man1 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @ENABLE_DOCS_TRUE@EXTRA_DIST = $(man_MANS) @ENABLE_DOCS_TRUE@man_MANS = firewall*.1 all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/man1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/man/man1/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man1: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man1dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man1 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man1 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man1 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/doc/man/man1/firewall-applet.10000664007115300711530000001257313641123206022210 0ustar00egarveregarver00000000000000'\" t .\" Title: firewall-applet .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewall-applet .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALL\-APPLET" "1" "" "firewalld 0.8.2" "firewall-applet" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-applet \- firewalld applet .SH "SYNOPSIS" .HP \w'\fBfirewall\-applet\fR\ 'u \fBfirewall\-applet\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-applet is a tray applet for firewalld\&. .SH "OPTIONS" .PP \fBfirewall\-applet\fR does not support any special options\&. .PP The following options are supported: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exists\&. .RE .SH "QSETTINGS" .PP \fBfirewall\-applet\fR has additional settings to adapt the look and feel\&. QSettings is used and stores them in \fI~/\&.config/firewall/applet\&.conf\fR\&. The file is automatically reloaded if it has been changed and the new settings will immediately be effective\&. .PP There is also the global config file \fI/etc/firewall/applet\&.conf\fR, which contains the default values\&. The settings in this file will be overloaded by settings in the user settings file\&. .PP Here is an example \fIapplet\&.conf\fR file: .sp .if n \{\ .RS 4 .\} .nf [General] notifications=true show\-inactive=true .fi .if n \{\ .RE .\} .PP The following settings are supported: .PP \fBnotifications\fR .RS 4 The applet shows notifications if enabled\&. This setting can be enabled also in the applet with the "Enable Notifications" checkbox in the right mouse menu\&. .sp This setting defaults to \fBfalse\fR\&. .sp If notifications are shown for these actions if enabled: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Connection to firewalld established .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Connection to firewalld lost .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Firewall has been reloaded .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Default zone has been changed .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Panic mode has been enabled or disabled .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Activation, deactivation or change of zones bound to interfaces .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Activation, deactivation or change of zones bound to sources addresses .RE .sp .RE .PP \fBshow\-inactive\fR .RS 4 Show applet also if firewalld is not running\&. If firewalld has been stopped or is not running the applet will be hidden and not visible in the applet tray\&. Enable this setting to see the applet all the time for example to be sure that the firewall is active\&. .sp This setting defaults to \fBfalse\fR\&. .RE .PP \fBshields\-up\fR .RS 4 The shields\-up zone name to be used if shields\-up is enabled\&. .sp This setting defaults to \*(Aq\fBblock\fR\*(Aq\&. .RE .PP \fBshields\-down\fR .RS 4 The shields\-down zone name to be used if shields\-up has been deactivated again\&. .sp This setting defaults to \*(Aq\fBpublic\fR\*(Aq\&. .RE .PP \fBblink\fR .RS 4 If enabled, the applet icon blinks in these cases: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Connection to firewalld lost .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Panic mode has been enabled or disabled .RE .sp This setting defaults to \fBfalse\fR\&. .RE .PP \fBblink\-count\fR .RS 4 The number of blinks if \fBblink\fR is enabled\&. .sp This setting defaults to \fB5\fR\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man1/Makefile.am0000664007115300711530000000010613641106161021060 0ustar00egarveregarver00000000000000if ENABLE_DOCS EXTRA_DIST = $(man_MANS) man_MANS = firewall*.1 endif firewalld-0.8.2/doc/man/man1/firewall-offline-cmd.10000664007115300711530000014350713641123210023103 0ustar00egarveregarver00000000000000'\" t .\" Title: firewall-offline-cmd .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewall-offline-cmd .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALL\-OFFLINE\-C" "1" "" "firewalld 0.8.2" "firewall-offline-cmd" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-offline-cmd \- firewalld offline command line client .SH "SYNOPSIS" .HP \w'\fBfirewall\-offline\-cmd\fR\ 'u \fBfirewall\-offline\-cmd\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-offline\-cmd is an offline command line client of the firewalld daemon\&. It should be used only if the firewalld service is not running\&. For example to migrate from system\-config\-firewall/lokkit or in the install environment to configure firewall settings with kickstart\&. .PP Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message\&. This tool tries to convert as much as possible, but there are limitations for example with custom rules, modules and masquerading\&. .PP Check the firewall configuration after using this tool\&. .SH "OPTIONS" .PP If no options are given, configuration from \fB/etc/sysconfig/system\-config\-firewall\fR will be migrated\&. .PP Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded\&. The \fIALREADY_ENABLED\fR (11), \fINOT_ENABLED\fR (12) and also \fIZONE_ALREADY_SET\fR (16) errors are treated as succeeded\&. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one\&. Without any succeeded item, the exit code will depend on the error codes\&. If there is exactly one error code, then this is used\&. If there are more than one then \fIUNKNOWN_ERROR\fR (254) will be used\&. .PP The following options are supported: .SS "General Options" .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exists\&. .RE .PP \fB\-V\fR, \fB\-\-version\fR .RS 4 Prints the version string of firewalld and exits\&. .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Do not print status messages\&. .RE .PP \fB\-\-default\-config\fR .RS 4 Path to firewalld default configuration\&. This usually defaults to \fI/usr/lib/firewalld\fR\&. .RE .PP \fB\-\-system\-config\fR .RS 4 Path to firewalld system (user) configuration\&. This usually defaults to \fI/etc/firewalld\fR\&. .RE .SS "Status Options" .PP \fB\-\-enabled\fR .RS 4 Enable the firewall\&. This option is a default option and will activate the firewall if not already enabled as long as the option \fB\-\-disabled\fR is not given\&. .RE .PP \fB\-\-disabled\fR .RS 4 Disable the firewall by disabling the firewalld service\&. .RE .PP \fB\-\-check\-config\fR .RS 4 Run checks on the permanent (default and system) configuration\&. This includes XML validity and semantics\&. .sp This is may be used with \fB\-\-system\-config\fR to check the validity of handwritten configuration files before copying them to the standard location\&. .RE .SS "Lokkit Compatibility Options" .PP These options are nearly identical to the options of \fBlokkit\fR\&. .PP \fB\-\-migrate\-system\-config\-firewall=\fR\fB\fIfile\fR\fR .RS 4 Migrate system\-config\-firewall configuration from the given file\&. No further .RE .PP \fB\-\-addmodule\fR=\fImodule\fR .RS 4 This option will result in a warning message and will be ignored\&. .sp Handling of netfilter helpers has been merged into services completely\&. Adding or removing netfilter helpers outside of services is therefore not needed anymore\&. For more information on handling netfilter helpers in services, please have a look at \fBfirewalld.zone\fR(5)\&. .RE .PP \fB\-\-removemodule\fR .RS 4 This option will result in a warning message and will be ignored\&. .sp Handling of netfilter helpers has been merged into services completely\&. Adding or removing netfilter helpers outside of services is therefore not needed anymore\&. For more information on handling netfilter helpers in services, please have a look at \fBfirewalld.zone\fR(5)\&. .RE .PP \fB\-\-remove\-service\fR=\fIservice\fR .RS 4 Remove a service from the default zone\&. This option can be specified multiple times\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .RE .PP \fB\-s\fR \fIservice\fR, \fB\-\-service\fR=\fIservice\fR .RS 4 Add a service to the default zone\&. This option can be specified multiple times\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .RE .PP \fB\-p\fR \fIportid\fR[\-\fIportid\fR]:\fIprotocol\fR, \fB\-\-port\fR=\fIportid\fR[\-\fIportid\fR]:\fIprotocol\fR .RS 4 Add the port to the default zone\&. This option can be specified multiple times\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP \fB\-t\fR \fIinterface\fR, \fB\-\-trust\fR=\fIinterface\fR .RS 4 This option will result in a warning message\&. .sp Mark an interface as trusted\&. This option can be specified multiple times\&. The interface will be bound to the trusted zone\&. .sp If the interface is used in a NetworkManager managed connection or if there is an ifcfg file for this interface, the zone will be changed to the zone defined in the configuration as soon as it gets activated\&. To change the zone of a connection use \fBnm\-connection\-editor\fR and set the zone to trusted, for an ifcfg file, use an editor and add "ZONE=trusted"\&. If the zone is not defined in the ifcfg file, the firewalld default zone will be used\&. .RE .PP \fB\-m\fR \fIinterface\fR, \fB\-\-masq\fR=\fIinterface\fR .RS 4 This option will result in a warning message\&. .sp Masquerading will be enabled in the default zone\&. The interface argument will be ignored\&. This is for \fIIPv4\fR only\&. .RE .PP \fB\-\-custom\-rules\fR=[\fItype\fR:][\fItable\fR:]\fIfilename\fR .RS 4 This option will result in a warning message and will be ignored\&. .sp Custom rule files are not supported by firewalld\&. .RE .PP \fB\-\-forward\-port\fR=if=\fIinterface\fR:port=\fIport\fR:proto=\fIprotocol\fR[:toport=\fIdestination port\fR:][:toaddr=\fIdestination address\fR] .RS 4 This option will result in a warning message\&. .sp Add the \fIIPv4\fR forward port in the default zone\&. This option can be specified multiple times\&. .sp The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. The destination address is an IP address\&. .RE .PP \fB\-\-block\-icmp\fR=\fIicmptype\fR .RS 4 This option will result in a warning message\&. .sp Add an ICMP block for \fIicmptype\fR in the default zone\&. This option can be specified multiple times\&. .sp The \fIicmptype\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .RE .SS "Log Denied Options" .PP \fB\-\-get\-log\-denied\fR .RS 4 Print the log denied setting\&. .RE .PP \fB\-\-set\-log\-denied\fR=\fIvalue\fR .RS 4 Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link\-layer packet type\&. The possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default setting is \fIoff\fR, which disables the logging\&. .sp This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules\&. .RE .SS "Zone Options" .PP \fB\-\-get\-default\-zone\fR .RS 4 Print default zone for connections and interfaces\&. .RE .PP \fB\-\-set\-default\-zone\fR=\fIzone\fR .RS 4 Set default zone for connections and interfaces where no zone has been selected\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. .RE .PP \fB\-\-get\-zones\fR .RS 4 Print predefined zones as a space separated list\&. .RE .PP \fB\-\-get\-services\fR .RS 4 Print predefined services as a space separated list\&. .RE .PP \fB\-\-get\-icmptypes\fR .RS 4 Print predefined icmptypes as a space separated list\&. .RE .PP \fB\-\-get\-zone\-of\-interface\fR=\fIinterface\fR .RS 4 Print the name of the zone the \fIinterface\fR is bound to or \fIno zone\fR\&. .RE .PP \fB\-\-get\-zone\-of\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Print the name of the zone the source is bound to or \fIno zone\fR\&. .RE .PP \fB\-\-info\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print information about the zone \fIzone\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-list\-all\-zones\fR .RS 4 List everything added for or enabled in all zones\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone1\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-new\-zone\fR=\fIzone\fR .RS 4 Add a new permanent zone\&. .sp Zone names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-zone\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIzone\fR] .RS 4 Add a new permanent zone from a prepared zone file with an optional name override\&. .RE .PP \fB\-\-path\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print path of the zone configuration file\&. .RE .PP \fB\-\-delete\-zone\fR=\fIzone\fR .RS 4 Delete an existing permanent zone\&. .RE .PP \fB\-\-zone\fR=\fIzone\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to zone .RE .PP \fB\-\-zone\fR=\fIzone\fR \fB\-\-get\-description\fR .RS 4 Print description for zone .RE .PP \fB\-\-zone\fR=\fIzone\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to zone .RE .PP \fB\-\-zone\fR=\fIzone\fR \fB\-\-get\-short\fR .RS 4 Print short description for zone .RE .PP \fB\-\-zone\fR=\fIzone\fR \fB\-\-get\-target\fR .RS 4 Get the target of a permanent zone\&. .RE .PP \fB\-\-zone\fR=\fIzone\fR \fB\-\-set\-target\fR=\fIzone\fR .RS 4 Set the target of a permanent zone\&. \fItarget\fR is one of: \fIdefault\fR, \fIACCEPT\fR, \fIDROP\fR, \fIREJECT\fR .sp \fIdefault\fR is similar to \fIREJECT\fR, but has special meaning in the following scenarios: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} ICMP explicitly allowed .sp At the end of the zone\*(Aqs ruleset ICMP packets are explicitly allowed\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} forwarded packets follow the \fItarget\fR of the egress zone .sp In the case of forwarded packets, if the ingress zone uses \fIdefault\fR then whether or not the packet will be allowed is determined by the egress zone\&. .sp For a forwarded packet that ingresses zoneA and egresses zoneB: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} if zoneA\*(Aqs \fItarget\fR is \fIACCEPT\fR, \fIDROP\fR, or \fIREJECT\fR then the packet is accepted, dropped, or rejected respectively\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} if zoneA\*(Aqs \fItarget\fR is \fIdefault\fR, then the packet is accepted, dropped, or rejected based on zoneB\*(Aqs \fItarget\fR\&. If zoneB\*(Aqs \fItarget\fR is also \fIdefault\fR, then the packet will be rejected by firewalld\*(Aqs catchall reject\&. .RE .RE .sp .RS 4 .ie n \{\ \h'-04' 3.\h'+01'\c .\} .el \{\ .sp -1 .IP " 3." 4.2 .\} Zone drifting from source\-based zone to interface\-based zone .sp This only applies if \fBAllowZoneDrifting\fR is enabled\&. See \fBfirewalld.conf\fR(5)\&. .sp If a packet ingresses a source\-based zone with a \fItarget\fR of \fIdefault\fR, it may still enter an interface\-based zone (including the default zone)\&. .RE .sp .RE .SS "Options to Adapt and Query Zones" .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-all\fR .RS 4 List everything added for or enabled in \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-services\fR .RS 4 List services added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-service\fR=\fIservice\fR .RS 4 Add a service for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-service\-from\-zone\fR=\fIservice\fR .RS 4 Remove a service from \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-service\fR=\fIservice\fR .RS 4 Return whether \fIservice\fR has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-ports\fR .RS 4 List ports added for \fIzone\fR as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR, it can be either a port and protocol pair or a port range with a protocol\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add the port for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the port from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-protocols\fR .RS 4 List protocols added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-protocol\fR=\fIprotocol\fR .RS 4 Add the protocol for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove the protocol from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return whether the protocol has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-icmp\-blocks\fR .RS 4 List Internet Control Message Protocol (ICMP) type blocks added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-icmp\-block\fR=\fIicmptype\fR .RS 4 Add an ICMP block for \fIicmptype\fR for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .sp The \fIicmptype\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-icmp\-block\fR=\fIicmptype\fR .RS 4 Remove the ICMP block for \fIicmptype\fR from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-icmp\-block\fR=\fIicmptype\fR .RS 4 Return whether an ICMP block for \fIicmptype\fR has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-forward\-ports\fR .RS 4 List \fIIPv4\fR forward ports added for \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Add the \fIIPv4\fR forward port for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .sp The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. The destination address is a simple IP address\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled if \fBtoaddr\fR is specified\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Remove the \fIIPv4\fR forward port from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Return whether the \fIIPv4\fR forward port has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-source\-ports\fR .RS 4 List source ports added for \fIzone\fR as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add the source port for \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the source port from \fIzone\fR\&. If zone is omitted, default zone will be used\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the source port has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-masquerade\fR .RS 4 Enable \fIIPv4\fR masquerade for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-masquerade\fR .RS 4 Disable \fIIPv4\fR masquerade for \fIzone\fR\&. If zone is omitted, default zone will be used\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-masquerade\fR .RS 4 Return whether \fIIPv4\fR masquerading has been enabled for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-rich\-rules\fR .RS 4 List rich language rules added for \fIzone\fR as a newline separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Add rich language rule \*(Aq\fIrule\fR\*(Aq for \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Remove rich language rule \*(Aq\fIrule\fR\*(Aq from \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Return whether a rich language rule \*(Aq\fIrule\fR\*(Aq has been added for \fIzone\fR\&. If zone is omitted, default zone will be used\&. Returns 0 if true, 1 otherwise\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .SS "Options to Handle Bindings of Interfaces" .PP Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \-\-get\-zones\fR\&. .PP An interface name is a string up to 16 characters long, that may not contain \fB\*(Aq \*(Aq\fR, \fB\*(Aq/\*(Aq\fR, \fB\*(Aq!\*(Aq\fR and \fB\*(Aq*\*(Aq\fR\&. .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-interfaces\fR .RS 4 List interfaces that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-interface\fR=\fIinterface\fR .RS 4 Bind interface \fIinterface\fR to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-interface\fR=\fIinterface\fR .RS 4 Change zone the interface \fIinterface\fR is bound to to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. If old and new zone are the same, the call will be ignored without an error\&. If the interface has not been bound to a zone before, it will behave like \fB\-\-add\-interface\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-interface\fR=\fIinterface\fR .RS 4 Query whether interface \fIinterface\fR is bound to zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-interface\fR=\fIinterface\fR .RS 4 Remove binding of interface \fIinterface\fR from zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .SS "Options to Handle Bindings of Sources" .PP Binding a source to a zone means that this zone settings will be used to restrict traffic from this source\&. .PP A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. The use of host names is not supported\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \-\-get\-zones\fR\&. .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-sources\fR .RS 4 List sources that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Bind the source to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Change zone the source is bound to to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. If old and new zone are the same, the call will be ignored without an error\&. If the source has not been bound to a zone before, it will behave like \fB\-\-add\-source\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Query whether the source is bound to the zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Remove binding of the source from zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .SS "IPSet Options" .PP \fB\-\-new\-ipset\fR=\fIipset\fR \fB\-\-type\fR=\fIipset type\fR [\fB\-\-option\fR=\fIipset option\fR[=\fIvalue\fR]] .RS 4 Add a new permanent ipset with specifying the type and optional options\&. .sp ipset names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-ipset\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIipset\fR] .RS 4 Add a new permanent ipset from a prepared ipset file with an optional name override\&. .RE .PP \fB\-\-delete\-ipset\fR=\fIipset\fR .RS 4 Delete an existing permanent ipset\&. .RE .PP \fB\-\-info\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print information about the ipset \fIipset\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIipset\fR type: \fItype\fR options: \fIoption1[=value1]\fR \&.\&. entries: \fIentry1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-get\-ipsets\fR .RS 4 Print predefined ipsets as a space separated list\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entry\fR=\fIentry\fR .RS 4 Add a new entry to the ipset\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entry\fR=\fIentry\fR .RS 4 Remove an entry from the ipset\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-query\-entry\fR=\fIentry\fR .RS 4 Return whether the entry has been added to an ipset\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-entries\fR .RS 4 List all entries of the ipset\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Add a new entries to the ipset from the file\&. For all entries that are listed in the file but already in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Remove existing entries from the ipset from the file\&. For all entries that are listed in the file but not in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to ipset .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-description\fR .RS 4 Print description for ipset .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set new short description to ipset .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-short\fR .RS 4 Print short description for ipset .RE .PP \fB\-\-path\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print path of the ipset configuration file\&. .RE .SS "Service Options" .PP \fB\-\-info\-service=\fR\fB\fIservice\fR\fR .RS 4 Print information about the service \fIservice\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIservice\fR ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. helpers: \fIhelper1\fR \&.\&. destination: \fIipv1\fR:\fIaddress1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-new\-service\fR=\fIservice\fR .RS 4 Add a new permanent service\&. .sp Service names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-service\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIservice\fR] .RS 4 Add a new permanent service from a prepared service file with an optional name override\&. .RE .PP \fB\-\-delete\-service\fR=\fIservice\fR .RS 4 Delete an existing permanent service\&. .RE .PP \fB\-\-path\-service=\fR\fB\fIservice\fR\fR .RS 4 Print path of the service configuration file\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-description\fR .RS 4 Print description for service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-short\fR .RS 4 Print short description for service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return wether the port has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-protocol\fR=\fIprotocol\fR .RS 4 Add a new protocol to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove a protocol from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return wether the protocol has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-protocols\fR .RS 4 List protocols added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new source port to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a source port from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return wether the source port has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-source\-ports\fR .RS 4 List source ports added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-helper\fR=\fIhelper\fR .RS 4 Add a new helper to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-helper\fR=\fIhelper\fR .RS 4 Remove a helper from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-helper\fR=\fIhelper\fR .RS 4 Return wether the helper has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-service\-helpers\fR .RS 4 List helpers added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Set destination for ipv to address[/mask] in the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Remove the destination for ipv from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Return wether the destination ipv to address[/mask] has been set in the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-destinations\fR .RS 4 List destinations added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-include\fR=\fIservice\fR .RS 4 Add a new include to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-include\fR=\fIservice\fR .RS 4 Remove a include from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-include\fR=\fIservice\fR .RS 4 Return wether the include has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-includes\fR .RS 4 List includes added to the permanent service\&. .RE .SS "Helper Options" .PP Options in this section affect only one particular helper\&. .PP \fB\-\-info\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print information about the helper \fIhelper\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIhelper\fR family: \fIfamily\fR module: \fImodule\fR ports: \fIport1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-new\-helper\fR=\fIhelper\fR \fB\-\-module\fR=\fInf_conntrack_module\fR [\fB\-\-family\fR=\fIipv4\fR|\fIipv6\fR] .RS 4 Add a new permanent helper with module and optionally family defined\&. .sp Helper names must be alphanumeric and may additionally include characters: \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-helper\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIhelper\fR] .RS 4 Add a new permanent helper from a prepared helper file with an optional name override\&. .RE .PP \fB\-\-delete\-helper\fR=\fIhelper\fR .RS 4 Delete an existing permanent helper\&. .RE .PP \fB\-\-load\-helper\-defaults\fR=\fIhelper\fR .RS 4 Load helper default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-path\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print path of the helper configuration file\&. .RE .PP \fB\-\-get\-helpers\fR .RS 4 Print predefined helpers as a space separated list\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-description\fR .RS 4 Print description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-short\fR .RS 4 Print short description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return wether the port has been added to the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-module\fR=\fIdescription\fR .RS 4 Set module description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-module\fR .RS 4 Print module description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-family\fR=\fIdescription\fR .RS 4 Set family description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-family\fR .RS 4 Print family description of helper .RE .SS "Internet Control Message Protocol (ICMP) type Options" .PP \fB\-\-info\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print information about the icmptype \fIicmptype\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIicmptype\fR destination: \fIipv1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-new\-icmptype\fR=\fIicmptype\fR .RS 4 Add a new permanent icmptype\&. .sp ICMP type names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-icmptype\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIicmptype\fR] .RS 4 Add a new permanent icmptype from a prepared icmptype file with an optional name override\&. .RE .PP \fB\-\-delete\-icmptype\fR=\fIicmptype\fR .RS 4 Delete an existing permanent icmptype\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-description\fR .RS 4 Print description for icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-short\fR .RS 4 Print short description for icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-add\-destination\fR=\fIipv\fR .RS 4 Enable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Disable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-query\-destination\fR=\fIipv\fR .RS 4 Return whether destination for ipv is enabled in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-destinations\fR .RS 4 List destinations in permanent icmptype\&. .RE .PP \fB\-\-path\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print path of the icmptype configuration file\&. .RE .SS "Direct Options" .PP The direct options give a more direct access to the firewall\&. These options require user to know basic iptables concepts, i\&.e\&. \fItable\fR (filter/mangle/nat/\&.\&.\&.), \fIchain\fR (INPUT/OUTPUT/FORWARD/\&.\&.\&.), \fIcommands\fR (\-A/\-D/\-I/\&.\&.\&.), \fIparameters\fR (\-p/\-s/\-d/\-j/\&.\&.\&.) and \fItargets\fR (ACCEPT/DROP/REJECT/\&.\&.\&.)\&. .PP Direct options should be used only as a last resort when it\*(Aqs not possible to use for example \fB\-\-add\-service\fR=\fIservice\fR or \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq\&. .PP \fBWarning\fR: Direct rules behavior is different depending on the value of \fIFirewallBackend\fR\&. See \fICAVEATS\fR in \fBfirewalld.direct\fR(5)\&. .PP The first argument of each option has to be \fIipv4\fR or \fIipv6\fR or \fIeb\fR\&. With \fIipv4\fR it will be for IPv4 (\fBiptables\fR(8)), with \fIipv6\fR for IPv6 (\fBip6tables\fR(8)) and with \fIeb\fR for ethernet bridges (\fBebtables\fR(8))\&. .PP \fB\-\-direct\fR \fB\-\-get\-all\-chains\fR .RS 4 Get all chains added to all tables\&. .sp This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-chains\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR .RS 4 Get all chains added to table \fItable\fR as a space separated list\&. .sp This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-add\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Add a new chain with name \fIchain\fR to table \fItable\fR\&. .sp There already exist basic chains to use with direct options, for example \fIINPUT_direct\fR chain (see \fIiptables\-save | grep direct\fR output for all of them)\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove the chain with name \fIchain\fR from table \fItable\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-query\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Return whether a chain with name \fIchain\fR exists in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. .sp This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-all\-rules\fR .RS 4 Get all rules added to all chains in all tables as a newline separated list of the priority and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Get all rules added to chain \fIchain\fR in table \fItable\fR as a newline separated list of the priority and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-add\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Add a rule with the arguments \fIargs\fR to chain \fIchain\fR in table \fItable\fR with priority \fIpriority\fR\&. .sp The \fIpriority\fR is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Remove a rule with \fIpriority\fR and the arguments \fIargs\fR from chain \fIchain\fR in table \fItable\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove all rules in the chain with name \fIchain\fR exists in table \fItable\fR\&. .sp This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR in this chain\&. .RE .PP \fB\-\-direct\fR \fB\-\-query\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in chain \fIchain\fR in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-all\-passthroughs\fR .RS 4 Get all permanent passthrough as a newline separated list of the ipv value and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-passthroughs\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } .RS 4 Get all permanent passthrough rules for the ipv value as a newline separated list of the priority and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-add\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Add a permanent passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Remove a permanent passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP \fB\-\-direct\fR \fB\-\-query\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Return whether a permanent passthrough rule with the arguments \fIargs\fR exists for the ipv value\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Lockdown Options" .PP Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit\&. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes\&. .PP The lockdown access check limits D\-Bus methods that are changing firewall rules\&. Query, list and get methods are not limited\&. .PP The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default\&. .PP \fB\-\-lockdown\-on\fR .RS 4 Enable lockdown\&. Be careful \- if firewall\-cmd is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with firewall\-cmd, you would need to edit firewalld\&.conf\&. .RE .PP \fB\-\-lockdown\-off\fR .RS 4 Disable lockdown\&. .RE .PP \fB\-\-query\-lockdown\fR .RS 4 Query whether lockdown is enabled\&. Returns 0 if lockdown is enabled, 1 otherwise\&. .RE .SS "Lockdown Whitelist Options" .PP The lockdown whitelist can contain \fIcommands\fR, \fIcontexts\fR, \fIusers\fR and \fIuser ids\fR\&. .PP If a command entry on the whitelist ends with an asterisk \*(Aq*\*(Aq, then all command lines starting with the command will match\&. If the \*(Aq*\*(Aq is not there the absolute command inclusive arguments must match\&. .PP Commands for user root and others is not always the same\&. Example: As root \fB/bin/firewall\-cmd\fR is used, as a normal user \fB/usr/bin/firewall\-cmd\fR is be used on Fedora\&. .PP The context is the security (SELinux) context of a running application or service\&. To get the context of a running application use \fBps \-e \-\-context\fR\&. .PP \fBWarning:\fR If the context is unconfined, then this will open access for more than the desired application\&. .PP The lockdown whitelist entries are checked in the following order: .RS 4 1\&. \fIcontext\fR .RE .RS 4 2\&. \fIuid\fR .RE .RS 4 3\&. \fIuser\fR .RE .RS 4 4\&. \fIcommand\fR .RE .PP \fB\-\-list\-lockdown\-whitelist\-commands\fR .RS 4 List all command lines that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Add the \fIcommand\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Remove the \fIcommand\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Query whether the \fIcommand\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-list\-lockdown\-whitelist\-contexts\fR .RS 4 List all contexts that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Add the context \fIcontext\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Remove the \fIcontext\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Query whether the \fIcontext\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-list\-lockdown\-whitelist\-uids\fR .RS 4 List all user ids that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Add the user id \fIuid\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Remove the user id \fIuid\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Query whether the user id \fIuid\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-list\-lockdown\-whitelist\-users\fR .RS 4 List all user names that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Add the user name \fIuser\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Remove the user name \fIuser\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Query whether the user name \fIuser\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Policy Options" .PP \fB\-\-policy\-server\fR .RS 4 Change Polkit actions to \*(Aqserver\*(Aq (more restricted) .RE .PP \fB\-\-policy\-desktop\fR .RS 4 Change Polkit actions to \*(Aqdesktop\*(Aq (less restricted) .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/Makefile.in0000664007115300711530000004504313641123176020253 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/man DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = man1 man5 all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic cscopelist-am ctags ctags-am \ distclean distclean-generic distclean-tags distdir dvi dvi-am \ html html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/doc/man/man5/0000775007115300711530000000000013641123257017040 5ustar00egarveregarver00000000000000firewalld-0.8.2/doc/man/man5/firewalld.ipset.50000664007115300711530000001035613641123212022216 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.ipset .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.ipset .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.IPSET" "5" "" "firewalld 0.8.2" "firewalld.ipset" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.ipset \- firewalld ipset configuration files .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/ipsets/ipset\&.xml\fR \fI/usr/lib/firewalld/ipsets/ipset\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld ipset configuration file provides the information of an ip set for firewalld\&. The most important configuration options are type, option and entry\&. .PP This example configuration file shows the structure of an ipset configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Ipset\fR \fIdescription\fR \fI1\&.2\&.3\&.4\fR \fI1\&.2\&.3\&.5\fR \fI1\&.2\&.3\&.6\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "ipset" .PP The mandatory ipset start and end tag defines the ipset\&. This tag can only be used once in a ipset configuration file\&. There is one mandatory and also optional attributes for ipsets: .PP type="\fIstring\fR" .RS 4 The mandatory type of the ipset\&. To get the list of supported types, use \fBfirewall\-cmd \-\-get\-ipset\-types\fR\&. .RE .PP version="\fIstring\fR" .RS 4 To give the ipset a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an ipset a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a ipset\&. .SS "option" .PP Is an optional empty\-element tag and can be used several times to have more than one option\&. Mostly all attributes of an option entry are mandatory: .PP name="\fIstring\fR" .RS 4 The mandatory option name \fIstring\fR\&. .RE .PP value="\fIstring\fR" .RS 4 The optional value of the option\&. .RE .PP The supported options are: family: \fI"inet"\fR|\fI"inet6"\fR, timeout: \fIinteger\fR, hashsize: \fIinteger\fR, maxelem: \fIinteger\fR\&. For more information on these options, please have a look at the ipset documentation\&. .SS "entry" .PP Is an optional start and end tag and can be used several times to have more than one entry entry\&. An entry entry does not have attributes\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.richlanguage.50000664007115300711530000003635613641123212023533 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.richlanguage .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.richlanguage .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.RICHLANG" "5" "" "firewalld 0.8.2" "firewalld.richlanguage" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.richlanguage \- Rich Language Documentation .SH "DESCRIPTION" .PP With the rich language more complex firewall rules can be created in an easy to understand way\&. The language uses keywords with values and is an abstract representation of ip*tables rules\&. .PP The rich language extends the current zone elements (service, port, icmp\-block, icmp\-type, masquerade, forward\-port and source\-port) with additional source and destination addresses, logging, actions and limits for logs and actions\&. .PP This page describes the rich language used in the command line client and D\-Bus interface\&. For information about the rich language representation used in the zone configuration files, please have a look at \fBfirewalld.zone\fR(5)\&. .PP A rule is part of a zone\&. One zone can contain several rules\&. If some rules interact/contradict, the first rule that matches "wins"\&. .PP \fBGeneral rule structure\fR .sp .if n \{\ .RS 4 .\} .nf rule [source] [destination] service|port|protocol|icmp\-block|icmp\-type|masquerade|forward\-port|source\-port [log] [audit] [accept|reject|drop|mark] .fi .if n \{\ .RE .\} .sp The complete rule is provided as a single line string\&. A destination is allowed here as long as it does not conflict with the destination of a service\&. .PP \fBRule structure for source black or white listing\fR .sp .if n \{\ .RS 4 .\} .nf rule source [log] [audit] accept|reject|drop|mark .fi .if n \{\ .RE .\} .sp This is used to grant or limit access from a source to this machine or machines that are reachable by this machine\&. A destination is not allowed here\&. .PP \fBImportant information about element options:\fR Options for elements in a rule need to be added exactly after the element\&. If the option is placed somewhere else it might be used for another element as far as it matches the options of the other element or will result in a rule error\&. .SS "Rule" .PP .if n \{\ .RS 4 .\} .nf rule [family="ipv4|ipv6"] [priority="priority"] .fi .if n \{\ .RE .\} .PP If the rule family is provided, it can be either "ipv4" or "ipv6", which limits the rule to IPv4 or IPv6\&. If the rule family is not provided, the rule will be added for IPv4 and IPv6\&. If source or destination addresses are used in a rule, then the rule family need to be provided\&. This is also the case for port/packet forwarding\&. .PP If the rule priority is provided, it can be in the range of \-32768 to 32767 where lower values have higher precendence\&. Rich rules are sorted by priority\&. Ordering for rules with the same priority value is undefined\&. A negative priority value will be executed before other firewalld primitives\&. A positive priority value will be executed after other firewalld primitives\&. A priority value of 0 will place the rule in a chain based on the action as per the "Information about logging and actions" below\&. .SS "Source" .PP .if n \{\ .RS 4 .\} .nf source [not] address="address[/mask]"|mac="mac\-address"|ipset="ipset" .fi .if n \{\ .RE .\} .sp With the source address the origin of a connection attempt can be limited to the source address\&. An address is either a single IP address, or a network IP address, a MAC address or an IPSet\&. The address has to match the rule family (IPv4/IPv6)\&. Subnet mask is expressed in either dot\-decimal (/x\&.x\&.x\&.x) or prefix (/x) notations for IPv4, and in prefix notation (/x) for IPv6 network addresses\&. It is possible to invert the sense of an address by adding \fBnot\fR before \fBaddress\fR\&. All but the specified address will match then\&. .SS "Destination" .PP .if n \{\ .RS 4 .\} .nf destination [not] address="address[/mask]" .fi .if n \{\ .RE .\} .sp With the destination address the target can be limited to the destination address\&. The destination address is using the same syntax as the source address\&. .PP The use of source and destination addresses is optional and the use of a destination addresses is not possible with all elements\&. This depends on the use of destination addresses for example in service entries\&. .SS "Service" .PP .if n \{\ .RS 4 .\} .nf service name="service name" .fi .if n \{\ .RE .\} .PP The service \fIservice name\fR will be added to the rule\&. The service name is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .PP If a service provides a destination address, it will conflict with a destination address in the rule and will result in an error\&. The services using destination addresses internally are mostly services using multicast\&. .SS "Port" .PP .if n \{\ .RS 4 .\} .nf port port="port value" protocol="tcp|udp" .fi .if n \{\ .RE .\} .PP The port \fIport value\fR can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. .SS "Protocol" .PP .if n \{\ .RS 4 .\} .nf protocol value="protocol value" .fi .if n \{\ .RE .\} .PP The protocol value can be either a protocol id number or a protocol name\&. For allowed protocol entries, please have a look at \fI/etc/protocols\fR\&. .SS "ICMP\-Block" .PP .if n \{\ .RS 4 .\} .nf icmp\-block name="icmptype name" .fi .if n \{\ .RE .\} .PP The icmptype is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .PP It is not allowed to specify an action here\&. icmp\-block uses the action reject internally\&. .SS "Masquerade" .PP .if n \{\ .RS 4 .\} .nf masquerade .fi .if n \{\ .RE .\} .PP Turn on masquerading in the rule\&. A source and also a destination address can be provided to limit masquerading to this area\&. .PP It is not allowed to specify an action here\&. .PP \fINote:\fR IP forwarding will be implicitly enabled\&. .SS "ICMP\-Type" .PP .if n \{\ .RS 4 .\} .nf icmp\-type name="icmptype name" .fi .if n \{\ .RE .\} .PP The icmptype is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .SS "Forward\-Port" .PP .if n \{\ .RS 4 .\} .nf forward\-port port="port value" protocol="tcp|udp" to\-port="port value" to\-addr="address" .fi .if n \{\ .RE .\} .PP Forward port/packets from local port value with protocol "tcp" or "udp" to either another port locally or to another machine or to another port on another machine\&. .PP The port value can either be a single port number or a port range \fIportid\-portid\fR\&. The \fBto\-addr\fR is an IP address\&. .PP It is not allowed to specify an action here\&. forward\-port uses the action accept internally\&. .PP \fINote:\fR IP forwarding will be implicitly enabled if \fBto\-addr\fR is specified\&. .SS "Source\-Port" .PP .if n \{\ .RS 4 .\} .nf source\-port port="port value" protocol="tcp|udp" .fi .if n \{\ .RE .\} .PP The source\-port \fIport value\fR can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. .SS "Log" .PP .if n \{\ .RS 4 .\} .nf log [prefix="prefix text"] [level="log level"] [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP Log new connection attempts to the rule with kernel logging for example in syslog\&. You can define a prefix text that will be added to the log message as a prefix\&. Log level can be one of "\fBemerg\fR", "\fBalert\fR", "\fBcrit\fR", "\fBerror\fR", "\fBwarning\fR", "\fBnotice\fR", "\fBinfo\fR" or "\fBdebug\fR", where default (i\&.e\&. if there\*(Aqs no one specified) is "\fBwarning\fR"\&. See \fBsyslog\fR(3) for description of levels\&. See Limit section for description of \fBlimit\fR tag\&. .SS "Audit" .PP .if n \{\ .RS 4 .\} .nf audit [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP Audit provides an alternative way for logging using audit records sent to the service auditd\&. Audit type will be discovered from the rule action automatically\&. Use of audit is optional\&. See Limit section for description of \fBlimit\fR tag\&. .SS "Action" .PP An action can be one of \fBaccept\fR, \fBreject\fR, \fBdrop\fR or \fBmark\fR\&. .PP The rule can either contain an element or also a source only\&. If the rule contains an element, then new connection matching the element will be handled with the action\&. If the rule does not contain an element, then everything from the source address will be handled with the action\&. .PP .if n \{\ .RS 4 .\} .nf accept [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP .if n \{\ .RS 4 .\} .nf reject [type="reject type"] [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP .if n \{\ .RS 4 .\} .nf drop [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP .if n \{\ .RS 4 .\} .nf mark set="mark[/mask]" [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP With \fBaccept\fR all new connection attempts will be granted\&. With \fBreject\fR they will not be accepted and their source will get a reject ICMP(v6) message\&. The reject type can be set to specify appropriate ICMP(v6) error message\&. For valid reject types see \fB\-\-reject\-with type\fR in \fBiptables-extensions\fR(8) man page\&. Because reject types are different for IPv4 and IPv6 you have to specify rule family when using reject type\&. With \fBdrop\fR all packets will be dropped immediately, there is no information sent to the source\&. With \fBmark\fR all packets will be marked in the \fBPREROUTING\fR chain in the \fBmangle\fR table with the mark and mask combination\&. See Limit section for description of \fBlimit\fR tag\&. .SS "Limit" .PP .if n \{\ .RS 4 .\} .nf limit value="rate/duration" .fi .if n \{\ .RE .\} .PP It is possible to limit Log, Audit and Action\&. A rule using this tag will match until this limit is reached\&. The rate is a natural positive number [1, \&.\&.] The duration is of "s", "m", "h", "d"\&. "s" means seconds, "m" minutes, "h" hours and "d" days\&. Maximum limit value is "2/d", which means at maximum two matches per day\&. .SS "Information about logging and actions" .PP Logging can be done with the log and audit actions\&. A new chain is added to all zones: zone_log\&. This will be jumped into before the deny chain to be able to have a proper ordering\&. .PP The rules or parts of them are placed in separate chains according to the priority and action of the rule: .PP .if n \{\ .RS 4 .\} .nf \fIzone\fR_pre \fIzone\fR_log \fIzone\fR_deny \fIzone\fR_allow \fIzone\fR_post .fi .if n \{\ .RE .\} .PP When \fIpriority < 0\fR, the rich rule will be placed in the \fIzone\fR_pre chain\&. .PP When \fIpriority == 0\fRThen all logging rules will be placed in the \fIzone\fR_log chain\&. All reject and drop rules will be placed in the \fIzone\fR_deny chain, which will be walked after the log chain\&. All accept rules will be placed in the \fIzone\fR_allow chain, which will be walked after the deny chain\&. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains\&. .PP When \fIpriority > 0\fR, the rich rule will be placed in the \fIzone\fR_post chain\&. .SH "EXAMPLES" .PP These are examples of how to specify rich language rules\&. This format (i\&.e\&. one string that specifies whole rule) uses for example \fBfirewall\-cmd \-\-add\-rich\-rule\fR (see \fBfirewall-cmd\fR(1)) as well as D\-Bus interface\&. .SS "Example 1" .PP Enable new IPv4 and IPv6 connections for protocol \*(Aqah\*(Aq .PP .if n \{\ .RS 4 .\} .nf rule protocol value="ah" accept .fi .if n \{\ .RE .\} .sp .SS "Example 2" .PP Allow new IPv4 and IPv6 connections for service ftp and log 1 per minute using audit .PP .if n \{\ .RS 4 .\} .nf rule service name="ftp" log limit value="1/m" audit accept .fi .if n \{\ .RE .\} .sp .SS "Example 3" .PP Allow new IPv4 connections from address 192\&.168\&.0\&.0/24 for service tftp and log 1 per minutes using syslog .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.0\&.0/24" service name="tftp" log prefix="tftp" level="info" limit value="1/m" accept .fi .if n \{\ .RE .\} .sp .SS "Example 4" .PP New IPv6 connections from 1:2:3:4:6:: to service radius are all rejected and logged at a rate of 3 per minute\&. New IPv6 connections from other sources are accepted\&. .PP .if n \{\ .RS 4 .\} .nf rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns" level="info" limit value="3/m" reject rule family="ipv6" service name="radius" accept .fi .if n \{\ .RE .\} .sp .SS "Example 5" .PP Forward IPv6 port/packets receiving from 1:2:3:4:6:: on port 4011 with protocol tcp to 1::2:3:4:7 on port 4012 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv6" source address="1:2:3:4:6::" forward\-port to\-addr="1::2:3:4:7" to\-port="4012" protocol="tcp" port="4011" .fi .if n \{\ .RE .\} .sp .SS "Example 6" .PP White\-list source address to allow all connections from 192\&.168\&.2\&.2 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.2\&.2" accept .fi .if n \{\ .RE .\} .sp .SS "Example 7" .PP Black\-list source address to reject all connections from 192\&.168\&.2\&.3 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.2\&.3" reject type="icmp\-admin\-prohibited" .fi .if n \{\ .RE .\} .sp .SS "Example 8" .PP Black\-list source address to drop all connections from 192\&.168\&.2\&.4 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.2\&.4" drop .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.zone.50000664007115300711530000003270413641123213022047 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.zone .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.zone .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.ZONE" "5" "" "firewalld 0.8.2" "firewalld.zone" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.zone \- firewalld zone configuration files .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/zones/zone\&.xml\fR \fI/usr/lib/firewalld/zones/zone\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld zone configuration file contains the information for a zone\&. These are the zone description, services, ports, protocols, icmp\-blocks, masquerade, forward\-ports and rich language rules in an XML file format\&. The file name has to be \fIzone_name\fR\&.xml where length of \fIzone_name\fR is currently limited to 17 chars\&. .PP This is the structure of a zone configuration file: .sp .if n \{\ .RS 4 .\} .nf [ \fIshort description\fR ] [ \fIdescription\fR ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ [ ] [ ] [ | | | | | | ] [ [] ] [ [] ] [ [] | [] | [] | [] ] ] .fi .if n \{\ .RE .\} .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "zone" .PP The mandatory zone start and end tag defines the zone\&. This tag can only be used once in a zone configuration file\&. There are optional attributes for zones: .PP version="\fIstring\fR" .RS 4 To give the zone a version\&. .RE .PP target="\fIACCEPT\fR|\fI%%REJECT%%\fR|\fIDROP\fR" .RS 4 Can be used to accept, reject or drop every packet that doesn\*(Aqt match any rule (port, service, etc\&.)\&. The \fIACCEPT\fR target is used in \fItrusted\fR zone to accept every packet not matching any rule\&. The \fI%%REJECT%%\fR target is used in \fIblock\fR zone to reject (with default firewalld reject type) every packet not matching any rule\&. The \fIDROP\fR target is used in \fIdrop\fR zone to drop every packet not matching any rule\&. If the target is not specified, every packet not matching any rule will be rejected\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give a zone a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a zone\&. .SS "interface" .PP Is an optional empty\-element tag and can be used several times\&. It can be used to bind an interface to a zone\&. You don\*(Aqt need this for NetworkManager\-managed interfaces, because NetworkManager binds interfaces to zones automatically\&. See also \*(AqHow to set or change a zone for a connection?\*(Aq in \fBfirewalld.zones\fR(5)\&. You can use it as a fallback mechanism for interfaces that can\*(Aqt be managed via NetworkManager\&. An interface entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The name of the interface to be bound to the zone\&. .RE .SS "source" .PP Is an optional empty\-element tag and can be used several times\&. It can be used to bind a source address, address range, a MAC address or an ipset to a zone\&. A source entry has exactly one of these attributes: .PP address="\fIaddress\fR[/\fImask\fR]" .RS 4 The source is either an IP address or a network IP address with a mask for IPv4 or IPv6\&. The network family (IPv4/IPv6) will be automatically discovered\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. The use of host names is not supported\&. .RE .PP mac="\fIMAC\fR" .RS 4 The source is a MAC address\&. It must be of the form XX:XX:XX:XX:XX:XX\&. .RE .PP ipset="\fIipset\fR" .RS 4 The source is an ipset\&. .RE .SS "service" .PP Is an optional empty\-element tag and can be used several times to have more than one service entry enabled\&. A service entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The name of the service to be enabled\&. To get a list of valid service names \fBfirewall\-cmd \-\-list=services\fR can be used\&. .RE .SS "port" .PP Is an optional empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "protocol" .PP Is an optional empty\-element tag and can be used several times to have more than one protocol entry\&. All protocol has exactly one attribute: .PP value="\fIstring\fR" .RS 4 The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .SS "icmp\-block" .PP Is an optional empty\-element tag and can be used several times to have more than one icmp\-block entry\&. Each icmp\-block tag has exactly one mandatory attribute: .PP name="\fIstring\fR" .RS 4 The name of the Internet Control Message Protocol (ICMP) type to be blocked\&. To get a list of valid ICMP types \fBfirewall\-cmd \-\-list=icmptypes\fR can be used\&. .RE .SS "icmp\-block\-inversion" .PP Is an optional empty\-element tag and can be used only once in a zone configuration\&. This flag inverts the icmp block handling\&. Only enabled ICMP types are accepted and all others are rejected in the zone\&. .SS "masquerade" .PP Is an optional empty\-element tag\&. It can be used only once in a zone configuration\&. If it\*(Aqs present masquerading is enabled for the zone\&. If you want to enable masquerading, you should enable it in the zone bound to the external interface\&. .SS "forward\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one port or packet forward entry\&. There are mandatory and also optional attributes for forward ports: .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMandatory attributes:\fR .RS 4 .PP The local port and protocol to be forwarded\&. .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBOptional attributes:\fR .RS 4 .PP The destination of the forward\&. For local forwarding add \fBto\-port\fR only\&. For remote forwarding add \fBto\-addr\fR and use \fBto\-port\fR optionally if the destination port on the destination machine should be different\&. .PP to\-port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The destination port or port range to forward to\&. If omitted, the value of the port= attribute will be used altogether with the to\-addr attribute\&. .RE .PP to\-addr="\fIaddress\fR" .RS 4 The destination IP address either for IPv4 or IPv6\&. .RE .RE .SS "source\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one source port entry\&. All attributes of a source port entry are mandatory: .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "rule" .PP Is an optional element tag and can be used several times to have more than one rich language rule entry\&. .PP The general rule structure: .PP .if n \{\ .RS 4 .\} .nf [ ] [ ] [ | | | | | | | | ] [ [] ] [ [] ] [ [] | [] | [] | [] ] .fi .if n \{\ .RE .\} .PP Rule structure for source black or white listing: .PP .if n \{\ .RS 4 .\} .nf [ [] ] [ [] ] [] | [] | [] .fi .if n \{\ .RE .\} .PP For a full description on rich language rules, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.conf.50000664007115300711530000001360113641123210022011 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.conf .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.conf .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.CONF" "5" "" "firewalld 0.8.2" "firewalld.conf" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.conf \- firewalld configuration file .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/firewalld\&.conf\fR .fi .sp .SH "DESCRIPTION" .PP firewalld\&.conf is loaded by firewalld during the initialization process\&. The file contains the basic configuration options for firewalld\&. .SH "OPTIONS" .PP These are the options that can be set in the config file: .PP \fBDefaultZone\fR .RS 4 This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool\&. The default zone is public\&. .RE .PP \fBMinimalMark\fR .RS 4 Deprecated\&. This option is ignored and no longer used\&. Marks are no longer used internally\&. .RE .PP \fBCleanupOnExit\fR .RS 4 If firewalld stops, it cleans up all firewall rules\&. Setting this option to no or false leaves the current firewall rules untouched\&. The default value is yes or true\&. .RE .PP \fBLockdown\fR .RS 4 If this option is enabled, firewall changes with the D\-Bus interface will be limited to applications that are listed in the lockdown whitelist (see \fBfirewalld.lockdown-whitelist\fR(5))\&. The default value is no or false\&. .RE .PP \fBIPv6_rpfilter\fR .RS 4 If this option is enabled (it is by default), reverse path filter test on a packet for IPv6 is performed\&. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped\&. For IPv4 the rp_filter is controlled using sysctl\&. .RE .PP \fBIndividualCalls\fR .RS 4 If this option is disabled (it is by default), combined \-restore calls are used and not individual calls to apply changes to the firewall\&. The use of individiual calls increases the time that is needed to apply changes and to start the daemon, but is good for debugging as error messages are more specific\&. .RE .PP \fBLogDenied\fR .RS 4 Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link\-layer packet type\&. The possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default setting is \fIoff\fR, which disables the logging\&. .RE .PP \fBAutomaticHelpers\fR .RS 4 Deprecated\&. This option is ignored and no longer used\&. .RE .PP \fBFirewallBackend\fR .RS 4 Selects the firewall backend implementation\&. Possible values are; \fInftables\fR (default), or \fIiptables\fR\&. This applies to all firewalld primitives\&. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends\&. .RE .PP \fBFlushAllOnReload\fR .RS 4 Flush all runtime rules on a reload\&. In previous releases some runtime configuration was retained during a reload, namely; interface to zone assignment, and direct rules\&. This was confusing to users\&. To get the old behavior set this to "no"\&. Defaults to "yes"\&. .RE .PP \fBRFC3964_IPv4\fR .RS 4 As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet\&. Defaults to "yes"\&. .RE .PP \fBAllowZoneDrifting\fR .RS 4 Older versions of firewalld had undocumented behavior known as "zone drifting"\&. This allowed packets to ingress multiple zones \- this is a violation of zone based firewalls\&. However, some users rely on this behavior to have a "catch\-all" zone, e\&.g\&. the default zone\&. You can enable this if you desire such behavior\&. It\*(Aqs disabled by default for security reasons\&. Note: If "yes" packets will only drift from source based zones to interface based zones (including the default zone)\&. Packets never drift from interface based zones to other interfaces based zones (including the default zone)\&. Valid values; "yes", "no"\&. Defaults to "no"\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/Makefile.in0000664007115300711530000003665613641123177021126 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/man/man5 DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man5dir = $(mandir)/man5 am__installdirs = "$(DESTDIR)$(man5dir)" NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @ENABLE_DOCS_TRUE@EXTRA_DIST = $(man_MANS) @ENABLE_DOCS_TRUE@man_MANS = firewall*.5 all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/man5/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/man/man5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man5: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man5dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man5 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man5 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man5 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/doc/man/man5/firewalld.zones.50000664007115300711530000001701313641123213022226 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.zones .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.zones .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.ZONES" "5" "" "firewalld 0.8.2" "firewalld.zones" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.zones \- firewalld zones .SH "DESCRIPTION" .SS "What is a zone?" .PP A network zone defines the level of trust for network connections\&. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections\&. .PP The zone defines the firewall features that are enabled in this zone: .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBPredefined services\fR .RS 4 .PP A service is a combination of port and/or protocol entries\&. Optionally netfilter helper modules can be added and also a IPv4 and IPv6 destination address\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBPorts and protocols\fR .RS 4 .PP Definition of \fItcp\fR or \fIudp\fR ports, where ports can be a single port or a port range\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBICMP blocks\fR .RS 4 .PP Blocks selected Internet Control Message Protocol (ICMP) messages\&. These messages are either information requests or created as a reply to information requests or in error conditions\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMasquerading\fR .RS 4 .PP The addresses of a private network are mapped to and hidden behind a public IP address\&. This is a form of address translation\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBForward ports\fR .RS 4 .PP A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another host\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBRich language rules\fR .RS 4 .PP The rich language extends the elements (service, port, icmp\-block, masquerade, forward\-port and source\-port) with additional source and destination addresses, logging, actions and limits for logs and actions\&. It can also be used for host or network white and black listing (for more information, please have a look at \fBfirewalld.richlanguage\fR(5))\&. .RE .PP For more information on the zone file format, please have a look at \fBfirewalld.zone\fR(5)\&. .SS "Which zones are available?" .PP Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted: .PP drop .RS 4 Any incoming network packets are dropped, there is no reply\&. Only outgoing network connections are possible\&. .RE .PP block .RS 4 Any incoming network connections are rejected with an \fIicmp\-host\-prohibited\fR message for IPv4 and \fIicmp6\-adm\-prohibited\fR for IPv6\&. Only network connections initiated within this system are possible\&. .RE .PP public .RS 4 For use in public areas\&. You do not trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP external .RS 4 For use on external networks with masquerading enabled especially for routers\&. You do not trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP dmz .RS 4 For computers in your demilitarized zone that are publicly\-accessible with limited access to your internal network\&. Only selected incoming connections are accepted\&. .RE .PP work .RS 4 For use in work areas\&. You mostly trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP home .RS 4 For use in home areas\&. You mostly trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP internal .RS 4 For use on internal networks\&. You mostly trust the other computers on the networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP trusted .RS 4 All network connections are accepted\&. .RE .SS "Which zone should be used?" .PP A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted\&. Select the zone that best matches the network you are using\&. .SS "How to configure or add zones?" .PP To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the graphical configuration tool firewall\-config, the command line tool \fBfirewall\-cmd\fR or the D\-Bus interface\&. Or you can create or copy a zone file in one of the configuration directories\&. \fI/usr/lib/firewalld/zones\fR is used for default and fallback configurations and \fI/usr/etc/firewalld/zones\fR is used for user created and customized configuration files\&. .SS "How to set or change a zone for a connection?" .PP The zone is stored into the ifcfg of the connection with \fBZONE=\fR option\&. If the option is missing or empty, the default zone set in firewalld is used\&. .PP If the connection is controlled by NetworkManager, you can also use \fBnm\-connection\-editor\fR to change the zone\&. .PP For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface\&. .PP Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file\&. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone\&. Only the zone binding is then removed in firewalld then\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.helper.50000664007115300711530000001044713641123211022351 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.helper .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.helper .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.HELPER" "5" "" "firewalld 0.8.2" "firewalld.helper" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.helper \- firewalld helper configuration files .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/helpers/helper\&.xml\fR \fI/usr/lib/firewalld/helpers/helper\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld helper configuration file provides the information of a helper entry for firewalld\&. The most important configuration options are ports, family and module\&. .PP This example configuration file shows the structure of a helper configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIshort\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "helper" .PP The mandatory helper start and end tag defines the helper\&. This tag can only be used once in a helper configuration file\&. There is one mandatory and also optional attributes for helper: .PP module="\fIstring\fR" .RS 4 The mandatory module of the helper\&. This is one of the netfilter conntrack helper modules\&. The name starts with \fInf_conntrack_\fR\&. .RE .PP family="\fIipv4\fR|\fIipv6\fR" .RS 4 The optional family of the helper\&. This can be one of these ipv types: \fIipv4\fR or \fIipv6\fR\&. If the family is not specified, then the helper is usable for \fIIPv4\fR and \fIIPv6\fR\&. .RE .PP version="\fIstring\fR" .RS 4 To give the helper a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give a helper a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a helper\&. .SS "port" .PP Is an mandatory empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR or also empty to match a protocol only\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fBtcp\fR, \fBudp\fR, \fBsctp\fR or \fBdccp\fR\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.dbus.50000664007115300711530000042256213641123211022034 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.dbus .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.dbus .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.DBUS" "5" "" "firewalld 0.8.2" "firewalld.dbus" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.dbus \- firewalld D\-Bus interface description .SH "OBJECT PATHS" .PP This is the basic firewalld object path structure\&. The used interfaces are explained below in the section called \(lqINTERFACES\(rq\&. .PP .if n \{\ .RS 4 .\} .nf /org/fedoraproject/FirewallD1 Interfaces org.fedoraproject.FirewallD1 org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.ipset org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.zone org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config Interfaces org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.direct org.fedoraproject.FirewallD1.config.policies org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/zone/i Interfaces org.fedoraproject.FirewallD1.config.zone org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/service/i Interfaces: org.fedoraproject.FirewallD1.config.service org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/ipset/i Interfaces org.fedoraproject.FirewallD1.config.ipset org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/icmptype/i Interfaces org.fedoraproject.FirewallD1.config.icmptype org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties .fi .if n \{\ .RE .\} .sp .SH "INTERFACES" .PP .SS "org\&.fedoraproject\&.FirewallD1" .PP This interface contains general runtime operations, like: reloading, panic mode, default zone handling, getting services and icmp types and their settings\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP authorizeAll() → Nothing .RS 4 Initiate authorization for the complete firewalld D\-Bus interface\&. This method it mostly useful for configuration applications\&. .RE .PP completeReload() → Nothing .RS 4 Reload firewall completely, even netfilter kernel modules\&. This will most likely terminate active connections, because state information is lost\&. This option should only be used in case of severe firewall problems\&. For example if there are state information problems that no connection can be established with correct firewall rules\&. .RE .PP disablePanicMode() → Nothing .RS 4 Disable panic mode\&. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time\&. .sp Possible errors: NOT_ENABLED, COMMAND_FAILED .RE .PP enablePanicMode() → Nothing .RS 4 Enable panic mode\&. All incoming and outgoing packets are dropped, active connections will expire\&. Enable this only if there are serious problems with your network environment\&. .sp Possible errors: ALREADY_ENABLED, COMMAND_FAILED .RE .PP getAutomaticHelpers() → s .RS 4 Deprecated\&. This always returns "no"\&. .RE .PP getDefaultZone() → s .RS 4 Return default zone\&. .RE .PP getHelperSettings(s: \fIhelper\fR) → (sssssa(ss)) .RS 4 Return runtime settings of given \fIhelper\fR\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.helper.Methods.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIfamily\fR, \fImodule\fR and array of \fIports\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIfamily (s)\fR: see \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fImodule (s)\fR: see \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_HELPER .RE .PP getHelpers() → as .RS 4 Return array of helper names (s) in runtime configuration\&. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listHelpers\&. .RE .PP getIcmpTypeSettings(s: \fIicmptype\fR) → (sssas) .RS 4 Return runtime settings of given \fIicmptype\fR\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq, see \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_ICMPTYPE .RE .PP getLogDenied() → s .RS 4 Retruns the LogDenied value\&. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones\&. Possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default value is \fIoff\fR .RE .PP getServiceSettings(s: \fIservice\fR) → (sssa(ss)asa{ss}asa(ss)) .RS 4 This function is deprecated, use org.fedoraproject.FirewallD1.Methods.getServiceSettings2 instead\&. .RE .PP getServiceSettings2(s: \fIservice\fR) → s{sv} .RS 4 Return runtime settings of given \fIservice\fR\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.service.Methods.getSettings2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If the value is empty it may be ommitted\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_SERVICE .RE .PP getZoneSettings(s: \fIzone\fR) → (sssbsasa(ss)asba(ssss)asasasasa(ss)) .RS 4 Return runtime settings of given \fIzone\fR\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIUNUSED\fR, \fItarget\fR, array of \fIservices\fR, array of \fIports\fR (port, protocol), array of \fIicmp\-blocks\fR, \fImasquerade\fR, array of \fIforward\-ports\fR (port, protocol, to\-port, to\-addr), array of \fIinterfaces\fR, array of \fIsources\fR, array of \fIrich rules\fR, array of \fIprotocols\fR and array of \fIsource\-ports\fR (port, protocol)\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIUNUSED (b)\fR: this boolean value is no longer used for anything\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource\-ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_ZONE .RE .PP listIcmpTypes() → as .RS 4 Return array of names (s) of icmp types in runtime configuration\&. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes\&. .RE .PP listServices() → as .RS 4 Return array of service names (s) in runtime configuration\&. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listServices\&. .RE .PP queryPanicMode() → b .RS 4 Return true if panic mode is enabled, false otherwise\&. In panic mode all incoming and outgoing packets are dropped\&. .RE .PP reload() → Nothing .RS 4 Reload firewall rules and keep state information\&. Current permanent configuration will become new runtime configuration, i\&.e\&. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration\&. .RE .PP runtimeToPermanent() → Nothing .RS 4 Make runtime settings permanent\&. Replaces permanent settings with runtime settings for zones, services, icmptypes, direct and policies (lockdown whitelist)\&. .sp Possible errors: RT_TO_PERM_FAILED .RE .PP checkPermanentConfig() → Nothing .RS 4 Run checks on the permanent configuration\&. This is most useful if changes were made manually to configuration files\&. .sp Possible errors: any .RE .PP setDefaultZone(s: \fIzone\fR) → Nothing .RS 4 Set default zone for connections and interfaces where no zone has been selected to \fIzone\fR\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. This is a runtime and permanent change\&. .sp Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED .RE .PP setLogDenied(s: \fIvalue\fR) → Nothing .RS 4 Set LogDenied value to \fIvalue\fR\&. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones\&. Possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default value is \fIoff\fR This is a runtime and permanent change\&. .sp Possible errors: ALREADY_SET, INVALID_VALUE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP DefaultZoneChanged(s: \fIzone\fR) .RS 4 Emitted when default zone has been changed to \fIzone\fR\&. .RE .PP LogDeniedChanged(s: \fIvalue\fR) .RS 4 Emitted when LogDenied value has been changed\&. .RE .PP PanicModeDisabled() .RS 4 Emitted when panic mode has been deactivated\&. .RE .PP PanicModeEnabled() .RS 4 Emitted when panic mode has been activated\&. .RE .PP Reloaded() .RS 4 Emitted when firewalld has been reloaded\&. Also emitted for a complete reload\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP \fIBRIDGE\fR \- b \- (ro) .RS 4 Indicates whether the firewall has ethernet bridge support\&. .RE .PP \fIIPSet\fR \- b \- (ro) .RS 4 Indicates whether the firewall has IPSet support\&. .RE .PP \fIIPSetTypes\fR \- as \- (ro) .RS 4 The supported IPSet types by ipset and firewalld\&. .RE .PP \fIIPv4\fR \- b \- (ro) .RS 4 Indicates whether the firewall has IPv4 support\&. .RE .PP \fIIPv4ICMPTypes\fR \- as \- (ro) .RS 4 The list of supported IPv4 ICMP types\&. .RE .PP \fIIPv6\fR \- b \- (ro) .RS 4 Indicates whether the firewall has IPv6 support\&. .RE .PP \fIIPv6_rpfilter\fR \- b \- (ro) .RS 4 Indicates whether the reverse path filter test on a packet for IPv6 is enabled\&. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped\&. .RE .PP \fIIPv6ICMPTypes\fR \- as \- (ro) .RS 4 The list of supported IPv6 ICMP types\&. .RE .PP \fInf_conntrach_helper_setting\fR \- b \- (ro) .RS 4 Deprecated\&. Always False\&. .RE .PP \fInf_conntrack_helpers\fR \- a{sas} \- (ro) .RS 4 Deprecated\&. Always returns an empty dictionary\&. .RE .PP \fInf_nat_helpers\fR \- a{sas} \- (ro) .RS 4 Deprecated\&. Always returns an empty dictionary\&. .RE .PP \fIinterface_version\fR \- s \- (ro) .RS 4 firewalld D\-Bus interface version string\&. .RE .PP \fIstate\fR \- s \- (ro) .RS 4 firewalld state\&. This can be either \fIINIT\fR, \fIFAILED\fR, or \fIRUNNING\fR\&. In \fIINIT\fR state, firewalld is starting up and initializing\&. In \fIFAILED\fR state, firewalld completely started but experienced a failure\&. .RE .PP \fIversion\fR \- s \- (ro) .RS 4 firewalld version string\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.ipset" .PP Operations in this interface allows to get, add, remove and query runtime ipset settings\&. For permanent configuration see org.fedoraproject.FirewallD1.config.ipset interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addEntry(s: ipset, s: entry) → as .RS 4 Add a new \fIentry\fR to \fIipset\fR\&. The entry must match the type of the ipset\&. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel\&. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry\&. .sp Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT .RE .PP getEntries(s: ipset) → Nothing .RS 4 Get all entries added to the \fIipset\fR\&. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel\&. Return value is a array of \fIentry\fR\&. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries\&. .sp Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT .RE .PP getSettings(s: ipset) → (ssssa{ss}as) .RS 4 Return runtime settings of given \fIipset\fR\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_IPSET .RE .PP getIPSets() → as .RS 4 Return array of ipset names (s) in runtime configuration\&. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listIPSets\&. .RE .PP queryService(s: ipset, s: entry) → b .RS 4 Return whether \fIentry\fR has been added to \fIipset\fR\&. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry\&. .sp Possible errors: INVALID_IPSET .RE .PP queryService(s: ipset) → b .RS 4 Return whether \fIipset\fR is defined in runtime configuration\&. .RE .PP removeEntry(s: ipset, s: entry) → as .RS 4 Removes an \fIentry\fR from \fIipset\fR\&. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry\&. .sp Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT .RE .PP setEntries(as: entries) → Nothing .RS 4 Permanently set list of entries to \fIentries\fR\&. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP EntryAdded(s: ipset, s: entry) .RS 4 Emitted when \fIentry\fR has been added to \fIipset\fR\&. .RE .PP EntryRemoved(s: ipset, s: entry) .RS 4 Emitted when \fIentry\fR has been removed from \fIipset\fR\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.direct" .PP This interface enables more direct access to the firewall\&. It enables runtime manipulation with chains and rules\&. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Add a new \fIchain\fR to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Make sure there\*(Aqs no other chain with this name already\&. There already exist basic chains to use with direct methods, for example \fIINPUT_direct\fR chain\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED .RE .PP addPassthrough(s: ipv, as: args) → Nothing .RS 4 Add a tracked passthrough rule with the arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Valid commands in args are only \fI\-A/\-\-append\fR, \fI\-I/\-\-insert\fR and \fI\-N/\-\-new\-chain\fR\&. This method is (unlike passthrough method) tracked, i\&.e\&. firewalld remembers it\&. It\*(Aqs useful with org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough\&. .sp Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED .RE .PP addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Add a rule with the arguments \fIargs\fR to \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED .RE .PP getAllChains() → a(sss) .RS 4 Get all chains added to all tables in format: ipv, table, chain\&. This concerns only chains previously added with addChain\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR)\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .sp .RE .PP getAllPassthroughs() → a(sas) .RS 4 Get all tracked passthrough rules added in all ipv types in format: ipv, rule\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (\fIipv\fR, array of \fIarguments\fR)\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getAllRules() → a(sssias) .RS 4 Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR)\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getChains(s: ipv, s: table) → as .RS 4 Return an array of chains (s) added to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getChains\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP getPassthroughs(s: ipv) → aas .RS 4 Get tracked passthrough rules added in either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (array of \fIarguments\fR)\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs\&. .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getRules(s: ipv, s: table, s: chain) → a(ias) .RS 4 Get all rules added to \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIpriority\fR, array of \fIarguments\fR)\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getRules\&. .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP passthrough(s: ipv, as: args) → s .RS 4 Pass a command through to the firewall\&. \fIipv\fR can be either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. \fIargs\fR can be all \fBiptables\fR, \fBip6tables\fR and \fBebtables\fR command line arguments\&. \fIargs\fR can be all iptables, ip6tables and ebtables command line arguments\&. This command is untracked, which means that firewalld is not able to provide information about this command later on\&. .sp Possible errors: COMMAND_FAILED .RE .PP queryChain(s: ipv, s: table, s: chain) → b .RS 4 Return whether a \fIchain\fR exists in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP queryPassthrough(s: ipv, as: args) → b .RS 4 Return whether a tracked passthrough rule with the arguments \fIargs\fR exists for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough\&. .sp Possible errors: INVALID_IPV .RE .PP queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP removeAllPassthroughs() → Nothing .RS 4 Remove all passthrough rules previously added with addPassthrough\&. .RE .PP removeChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove a \fIchain\fR from \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only chains previously added with addChain can be removed this way\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED .RE .PP removePassthrough(s: ipv, as: args) → Nothing .RS 4 Remove a tracked passthrough rule with arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addPassthrough can be removed this way\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough\&. .sp Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED .RE .PP removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Remove a rule with \fIpriority\fR and arguments \fIargs\fR from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addRule can be removed this way\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED .RE .PP removeRules(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove all rules from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeRules\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP ChainAdded(s: ipv, s: table, s: chain) .RS 4 Emitted when \fIchain\fR has been added into \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP ChainRemoved(s: ipv, s: table, s: chain) .RS 4 Emitted when \fIchain\fR has been removed from \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP PassthroughAdded(s: ipv, as: args) .RS 4 Emitted when a tracked passthruogh rule with \fIargs\fR has been added for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP PassthroughRemoved(s: ipv, as: args) .RS 4 Emitted when a tracked passthrough rule with \fIargs\fR has been removed for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args) .RS 4 Emitted when a rule with \fIargs\fR has been added to \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args) .RS 4 Emitted when a rule with \fIargs\fR has been removed from \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.policies" .PP Enables firewalld to be able to lock down configuration changes from local applications\&. Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt)\&. With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes\&. For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addLockdownWhitelistCommand(s: command) → Nothing .RS 4 Add \fIcommand\fR to whitelist\&. See \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP addLockdownWhitelistContext(s: context) → Nothing .RS 4 Add \fIcontext\fR to whitelist\&. See \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP addLockdownWhitelistUid(i: uid) → Nothing .RS 4 Add user id \fIuid\fR to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP addLockdownWhitelistUser(s: user) → Nothing .RS 4 Add \fIuser\fR name to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP disableLockdown() → Nothing .RS 4 Disable lockdown\&. This is a runtime and permanent change\&. .sp Possible errors: NOT_ENABLED .RE .PP enableLockdown() → Nothing .RS 4 Enable lockdown\&. Be careful \- if the calling application/user is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with the application, you would need to edit firewalld\&.conf\&. This is a runtime and permanent change\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getLockdownWhitelistCommands() → as .RS 4 List all command lines (s) that are on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands\&. .RE .PP getLockdownWhitelistContexts() → as .RS 4 List all contexts (s) that are on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts\&. .RE .PP getLockdownWhitelistUids() → ai .RS 4 List all user ids (i) that are on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids\&. .RE .PP getLockdownWhitelistUsers() → as .RS 4 List all users (s) that are on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers\&. .RE .PP queryLockdown() → b .RS 4 Query whether lockdown is enabled\&. .RE .PP queryLockdownWhitelistCommand(s: command) → b .RS 4 Query whether \fIcommand\fR is on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand\&. .RE .PP queryLockdownWhitelistContext(s: context) → b .RS 4 Query whether \fIcontext\fR is on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext\&. .RE .PP queryLockdownWhitelistUid(i: uid) → b .RS 4 Query whether user id \fIuid\fR is on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid\&. .RE .PP queryLockdownWhitelistUser(s: user) → b .RS 4 Query whether \fIuser\fR is on whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser\&. .RE .PP removeLockdownWhitelistCommand(s: command) → Nothing .RS 4 Remove \fIcommand\fR from whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistContext(s: context) → Nothing .RS 4 Remove \fIcontext\fR from whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUid(i: uid) → Nothing .RS 4 Remove user id \fIuid\fR from whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUser(s: user) → Nothing .RS 4 Remove \fIuser\fR from whitelist\&. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser\&. .sp Possible errors: NOT_ENABLED .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP LockdownDisabled() .RS 4 Emitted when lockdown has been disabled\&. .RE .PP LockdownEnabled() .RS 4 Emitted when lockdown has been enabled\&. .RE .PP LockdownWhitelistCommandAdded(s: command) .RS 4 Emitted when \fIcommand\fR has been added to whitelist\&. .RE .PP LockdownWhitelistCommandRemoved(s: command) .RS 4 Emitted when \fIcommand\fR has been removed from whitelist\&. .RE .PP LockdownWhitelistContextAdded(s: context) .RS 4 Emitted when \fIcontext\fR has been added to whitelist\&. .RE .PP LockdownWhitelistContextRemoved(s: context) .RS 4 Emitted when \fIcontext\fR has been removed from whitelist\&. .RE .PP LockdownWhitelistUidAdded(i: uid) .RS 4 Emitted when user id \fIuid\fR has been added to whitelist\&. .RE .PP LockdownWhitelistUidRemoved(i: uid) .RS 4 Emitted when user id \fIuid\fR has been removed from whitelist\&. .RE .PP LockdownWhitelistUserAdded(s: user) .RS 4 Emitted when \fIuser\fR has been added to whitelist\&. .RE .PP LockdownWhitelistUserRemoved(s: user) .RS 4 Emitted when \fIuser\fR has been removed from whitelist\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.zone" .PP Operations in this interface allows to get, add, remove and query runtime zone\*(Aqs settings\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s .RS 4 Add the IPv4 forward port into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. The destination address is a simple IP address\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort\&. .sp Returns name of zone to which the forward port was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addIcmpBlock(s: zone, s: icmp, i: timeout) → s .RS 4 Add an ICMP block \fIicmp\fR into \fIzone\fR\&. The \fIicmp\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types use org.fedoraproject.FirewallD1.Methods.listIcmpTypes If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock\&. .sp Returns name of zone to which the ICMP block was added\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addIcmpBlockInversion(s: zone) → s .RS 4 Add ICMP block inversion to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion\&. .sp Returns name of zone to which the ICMP block inversion was added\&. .sp Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addInterface(s: zone, s: interface) → s .RS 4 Bind \fIinterface\fR with \fIzone\fR\&. From now on all traffic going through the \fIinterface\fR will respect the \fIzone\fR\*(Aqs settings\&. If \fIzone\fR is empty, use default zone\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addInterface\&. .sp Returns name of zone to which the interface was bound\&. .sp Possible errors: INVALID_ZONE, INVALID_INTERFACE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addMasquerade(s: zone, i: timeout) → s .RS 4 Enable masquerade in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, masquerading will be active for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade\&. .sp Returns name of zone in which the masquerade was enabled\&. .sp Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addPort(s: zone, s: port, s: protocol, i: timeout) → s .RS 4 Add port into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addPort\&. .sp Returns name of zone to which the port was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addProtocol(s: zone, s: protocol, i: timeout) → s .RS 4 Add protocol into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol\&. .sp Returns name of zone to which the protocol was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addRichRule(s: zone, s: rule, i: timeout) → s .RS 4 Add rich language \fIrule\fR into \fIzone\fR\&. For the rich language rule syntax, please have a look at \fBfirewalld.direct\fR(5)\&. If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule\&. .sp Returns name of zone to which the rich language rule was added\&. .sp Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addService(s: zone, s: service, i: timeout) → s .RS 4 Add \fIservice\fR into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. To get a list of supported services, use org.fedoraproject.FirewallD1.Methods.listServices\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addService\&. .sp Returns name of zone to which the service was added\&. .sp Possible errors: INVALID_ZONE, INVALID_SERVICE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addSource(s: zone, s: source) → s .RS 4 Bind \fIsource\fR with \fIzone\fR\&. From now on all traffic going from this \fIsource\fR will respect the \fIzone\fR\*(Aqs settings\&. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. Use of host names is not supported\&. If \fIzone\fR is empty, use default zone\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addSource\&. .sp Returns name of zone to which the source was bound\&. .sp Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s .RS 4 Add source port into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort\&. .sp Returns name of zone to which the port was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND .RE .PP changeZone(s: zone, s: interface) → s .RS 4 This function is deprecated, use org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface instead\&. .RE .PP changeZoneOfInterface(s: zone, s: interface) → s .RS 4 Change a zone an \fIinterface\fR is bound to to \fIzone\fR\&. It\*(Aqs basically removeInterface(\fIinterface\fR) followed by addInterface(\fIzone\fR, \fIinterface\fR)\&. If \fIinterface\fR has not been bound to a zone before, it behaves like addInterface\&. If \fIzone\fR is empty, use default zone\&. .sp Returns name of zone to which the interface was bound\&. .sp Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT .RE .PP changeZoneOfSource(s: zone, s: source) → s .RS 4 Change a zone an \fIsource\fR is bound to to \fIzone\fR\&. It\*(Aqs basically removeSource(\fIsource\fR) followed by addSource(\fIzone\fR, \fIsource\fR)\&. If \fIsource\fR has not been bound to a zone before, it behaves like addSource\&. If \fIzone\fR is empty, use default zone\&. .sp Returns name of zone to which the source was bound\&. .sp Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT .RE .PP getActiveZones() → a{sa{sas}} .RS 4 Return dictionary of currently active zones altogether with interfaces and sources used in these zones\&. Active zones are zones, that have a binding to an interface or source\&. .sp Return value is a dictionary where keys are zone names (s) and values are again dictionaries where keys are either \*(Aqinterfaces\*(Aq or \*(Aqsources\*(Aq and values are arrays of interface names (s) or sources (s)\&. .RE .PP getForwardPorts(s: zone) → aas .RS 4 Return array of IPv4 forward ports previously added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts\&. .sp Return value is array of 4\-tuples, where each 4\-tuple consists of (port, protocol, to\-port, to\-addr)\&. to\-addr might be empty in case of local forwarding\&. .sp Possible errors: INVALID_ZONE .RE .PP getIcmpBlocks(s: zone) → as .RS 4 Return array of ICMP type (s) blocks previously added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks\&. .sp Possible errors: INVALID_ZONE .RE .PP getIcmpBlockInversion(s: zone) → b .RS 4 Return whether ICMP block inversion was previously added to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion\&. .sp Possible errors: INVALID_ZONE .RE .PP getInterfaces(s: zone) → as .RS 4 Return array of interfaces (s) previously bound with \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces\&. .sp Possible errors: INVALID_ZONE .RE .PP getPorts(s: zone) → aas .RS 4 Return array of ports (2\-tuple of port and protocol) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getPorts\&. .sp Possible errors: INVALID_ZONE .RE .PP getProtocols(s: zone) → as .RS 4 Return array of protocols (s) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols\&. .sp Possible errors: INVALID_ZONE .RE .PP getRichRules(s: zone) → as .RS 4 Return array of rich language rules (s) previously added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules\&. .sp Possible errors: INVALID_ZONE .RE .PP getServices(s: zone) → as .RS 4 Return array of services (s) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getServices\&. .sp Possible errors: INVALID_ZONE .RE .PP getSourcePorts(s: zone) → aas .RS 4 Return array of source ports (2\-tuple of port and protocol) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts\&. .sp Possible errors: INVALID_ZONE .RE .PP getSources(s: zone) → as .RS 4 Return array of sources (s) previously bound with \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSources\&. .sp Possible errors: INVALID_ZONE .RE .PP getZoneOfInterface(s: interface) → s .RS 4 Return name (s) of zone the \fIinterface\fR is bound to or empty string\&. .RE .PP getZoneOfSource(s: source) → s .RS 4 Return name (s) of zone the \fIsource\fR is bound to or empty string\&. .RE .PP getZones() → as .RS 4 Return array of names (s) of predefined zones known to current runtime environment\&. For list of zones known to permanent environment see org.fedoraproject.FirewallD1.config.Methods.listZones\&. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addZone has been called recently, but firewalld has not been reloaded since then\&. .RE .PP isImmutable(s: zone) → b .RS 4 Deprecated\&. .RE .PP queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b .RS 4 Return whether the IPv4 forward port (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) has been added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD .RE .PP queryIcmpBlock(s: zone, s: icmp) → b .RS 4 Return whether an ICMP block for \fIicmp\fR has been added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE .RE .PP queryIcmpBlockInversion(s: zone) → b .RS 4 Return whether ICMP block inversion has been added to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE .RE .PP queryInterface(s: zone, s: interface) → b .RS 4 Query whether \fIinterface\fR has been bound to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface\&. .sp Possible errors: INVALID_ZONE, INVALID_INTERFACE .RE .PP queryMasquerade(s: zone) → b .RS 4 Return whether masquerading has been enabled in \fIzone\fR If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade\&. .sp Possible errors: INVALID_ZONE .RE .PP queryPort(s: zone, s: port, s: protocol) → b .RS 4 Return whether \fIport\fR/\fIprotocol\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryPort\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL .RE .PP queryProtocol(s: zone, s: protocol) → b .RS 4 Return whether \fIprotocol\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol\&. .sp Possible errors: INVALID_ZONE, INVALID_PROTOCOL .RE .PP queryRichRule(s: zone, s: rule) → b .RS 4 Return whether rich rule \fIrule\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule\&. .sp Possible errors: INVALID_ZONE, INVALID_RULE .RE .PP queryService(s: zone, s: service) → b .RS 4 Return whether \fIservice\fR has been added for \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryService\&. .sp Possible errors: INVALID_ZONE, INVALID_SERVICE .RE .PP querySource(s: zone, s: source) → b .RS 4 Query whether \fIsource\fRhas been bound to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.querySource\&. .sp Possible errors: INVALID_ZONE, INVALID_ADDR .RE .PP querySourcePort(s: zone, s: port, s: protocol) → b .RS 4 Return whether \fIport\fR/\fIprotocol\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL .RE .PP removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s .RS 4 Remove IPv4 forward port ((\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR)) from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort\&. .sp Returns name of zone from which the forward port was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED, INVALID_COMMAND .RE .PP removeIcmpBlock(s: zone, s: icmp) → s .RS 4 Remove ICMP block \fIicmp\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock\&. .sp Returns name of zone from which the ICMP block was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeIcmpBlockInversion(s: zone) → s .RS 4 Remove ICMP block inversion from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion\&. .sp Returns name of zone from which the ICMP block inversion was removed\&. .sp Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeInterface(s: zone, s: interface) → s .RS 4 Remove binding of \fIinterface\fR from \fIzone\fR\&. If \fIzone\fR is empty, the interface will be removed from zone it belongs to\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface\&. .sp Returns name of zone from which the \fIinterface\fR was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeMasquerade(s: zone) → s .RS 4 Disable masquerade for \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade\&. .sp Returns name of zone for which the masquerade was disabled\&. .sp Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND .RE .PP removePort(s: zone, s: port, s: protocol) → s .RS 4 Remove \fIport\fR/\fIprotocol\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removePort\&. .sp Returns name of zone from which the port was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND .RE .PP removeProtocol(s: zone, s: protocol) → s .RS 4 Remove protocol from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol\&. .sp Returns name of zone from which the protocol was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND .RE .PP removeRichRule(s: zone, s: rule) → s .RS 4 Remove rich language \fIrule\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule\&. .sp Returns name of zone from which the rich language rule was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeService(s: zone, s: service) → s .RS 4 Remove \fIservice\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeService\&. .sp Returns name of zone from which the service was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeSource(s: zone, s: source) → s .RS 4 Remove binding of \fIsource\fR from \fIzone\fR\&. If \fIzone\fR is empty, the source will be removed from zone it belongs to\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeSource\&. .sp Returns name of zone from which the \fIsource\fR was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED, INVALID_COMMAND .RE .PP removeSourcePort(s: zone, s: port, s: protocol) → s .RS 4 Remove \fIport\fR/\fIprotocol\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort\&. .sp Returns name of zone from which the source port was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) .RS 4 Emitted when forward port has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr) .RS 4 Emitted when forward port has been removed from \fIzone\fR\&. .RE .PP IcmpBlockAdded(s: zone, s: icmp, i: timeout) .RS 4 Emitted when ICMP block for \fIicmp\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP IcmpBlockInversionAdded(s: zone) .RS 4 Emitted when ICMP block inversion has been added to \fIzone\fR\&. .RE .PP IcmpBlockInversionRemoved(s: zone) .RS 4 Emitted when ICMP block inversion has been removed from \fIzone\fR\&. .RE .PP IcmpBlockRemoved(s: zone, s: icmp) .RS 4 Emitted when ICMP block for \fIicmp\fR has been removed from \fIzone\fR\&. .RE .PP InterfaceAdded(s: zone, s: interface) .RS 4 Emitted when \fIinterface\fR has been added to \fIzone\fR\&. .RE .PP InterfaceRemoved(s: zone, s: interface) .RS 4 Emitted when \fIinterface\fR has been removed from \fIzone\fR\&. .RE .PP MasqueradeAdded(s: zone, i: timeout) .RS 4 Emitted when masquerade has been enabled for \fIzone\fR\&. .RE .PP MasqueradeRemoved(s: zone) .RS 4 Emitted when masquerade has been disabled for \fIzone\fR\&. .RE .PP PortAdded(s: zone, s: port, s: protocol, i: timeout) .RS 4 Emitted when \fIport\fR/\fIprotocol\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP PortRemoved(s: zone, s: port, s: protocol) .RS 4 Emitted when \fIport\fR/\fIprotocol\fR has been removed from \fIzone\fR\&. .RE .PP ProtocolAdded(s: zone, s: protocol, i: timeout) .RS 4 Emitted when \fIprotocol\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP ProtocolRemoved(s: zone, s: protocol) .RS 4 Emitted when \fIprotocol\fR has been removed from \fIzone\fR\&. .RE .PP RichRuleAdded(s: zone, s: rule, i: timeout) .RS 4 Emitted when rich language \fIrule\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP RichRuleRemoved(s: zone, s: rule) .RS 4 Emitted when rich language \fIrule\fR has been removed from \fIzone\fR\&. .RE .PP ServiceAdded(s: zone, s: service, i: timeout) .RS 4 Emitted when \fIservice\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP ServiceRemoved(s: zone, s: service) .RS 4 Emitted when \fIservice\fR has been removed from \fIzone\fR\&. .RE .PP SourceAdded(s: zone, s: source) .RS 4 Emitted when \fIsource\fR has been added to \fIzone\fR\&. .RE .PP SourcePortAdded(s: zone, s: port, s: protocol, i: timeout) .RS 4 Emitted when \fIsource\-port\fR/\fIprotocol\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP SourcePortRemoved(s: zone, s: port, s: protocol) .RS 4 Emitted when \fIsource\-port\fR/\fIprotocol\fR has been removed from \fIzone\fR\&. .RE .PP SourceRemoved(s: zone, s: source) .RS 4 Emitted when \fIsource\fR has been removed from \fIzone\fR\&. .RE .PP ZoneChanged(s: zone, s: interface) .RS 4 Deprecated .RE .PP ZoneOfInterfaceChanged(s: zone, s: interface) .RS 4 Emitted when a zone an \fIinterface\fR is part of has been changed to \fIzone\fR\&. .RE .PP ZoneOfSourceChanged(s: zone, s: source) .RS 4 Emitted when a zone an \fIsource\fR is part of has been changed to \fIzone\fR\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config" .PP Allows to permanently add, remove and query zones, services and icmp types\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addIPSet(s: ipset, (ssssa{ss}as): settings) → o .RS 4 Add \fIipset\fR with given \fIsettings\fR into permanent configuration\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addIcmpType(s: icmptype, (sssas): settings) → o .RS 4 Add \fIicmptype\fR with given \fIsettings\fR into permanent configuration\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. Returns object path of the new icmp type\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq, see \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o .RS 4 This function is deprecated, use org.fedoraproject.FirewallD1.config.Methods.addService2 instead\&. .RE .PP addService2s: service, a{sv}: settings) → o .RS 4 Add \fIservice\fR with given \fIsettings\fR into permanent configuration\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → o .RS 4 Add \fIzone\fR with given \fIsettings\fR into permanent configuration\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIUNUSED\fR, \fItarget\fR, array of \fIservices\fR, array of \fIports\fR (port, protocol), array of \fIicmp\-blocks\fR, \fImasquerade\fR, array of \fIforward\-ports\fR (port, protocol, to\-port, to\-addr), array of \fIinterfaces\fR, array of \fIsources\fR, array of \fIrich rules\fR, array of \fIprotocols\fR and array of \fIsource\-ports\fR (port, protocol)\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIUNUSED (b)\fR: this boolean value is no longer used for anything\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols\&. See \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource\-ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP getHelperByName(s: helper) → o .RS 4 Return object path (permanent configuration) of \fIhelper\fR with given name\&. .sp Possible errors: INVALID_HELPER .RE .PP getHelperNames() → as .RS 4 Return list of \fIhelper\fR names (permanent configuration)\&. .RE .PP getIPSetByName(s: ipset) → o .RS 4 Return object path (permanent configuration) of \fIipset\fR with given name\&. .sp Possible errors: INVALID_IPSET .RE .PP getIPSetNames() → as .RS 4 Return list of \fIipset\fR names (permanent configuration)\&. .RE .PP getIcmpTypeByName(s: icmptype) → o .RS 4 Return object path (permanent configuration) of \fIicmptype\fR with given name\&. .sp Possible errors: INVALID_ICMPTYPE .RE .PP getIcmpTypeNames() → as .RS 4 Return list of \fIicmptype\fR names (permanent configuration)\&. .RE .PP getServiceByName(s: service) → o .RS 4 Return object path (permanent configuration) of \fIservice\fR with given name\&. .sp Possible errors: INVALID_SERVICE .RE .PP getServiceNames() → as .RS 4 Return list of \fIservice\fR names (permanent configuration)\&. .RE .PP getZoneByName(s: zone) → o .RS 4 Return object path (permanent configuration) of \fIzone\fR with given name\&. .sp Possible errors: INVALID_ZONE .RE .PP getZoneNames() → as .RS 4 Return list of \fIzone\fR names (permanent configuration) of\&. .RE .PP getZoneOfInterface(s: iface) → s .RS 4 Return name of zone the \fIiface\fR is bound to or empty string\&. .RE .PP getZoneOfSource(s: source) → s .RS 4 Return name of zone the \fIsource\fR is bound to or empty string\&. .RE .PP listHelpers() → ao .RS 4 Return array of object paths (o) of helper in permanent configuration\&. For runtime configuration see org.fedoraproject.FirewallD1.Methods.getHelpers\&. .RE .PP listIPSets() → ao .RS 4 Return array of object paths (o) of ipset in permanent configuration\&. For runtime configuration see org.fedoraproject.FirewallD1.ipset.Methods.getIPSets\&. .RE .PP listIcmpTypes() → ao .RS 4 Return array of object paths (o) of icmp types in permanent configuration\&. For runtime configuration see org.fedoraproject.FirewallD1.Methods.listIcmpTypes\&. .RE .PP listServices() → ao .RS 4 Return array of objects paths (o) of services in permanent configuration\&. For runtime configuration see org.fedoraproject.FirewallD1.Methods.listServices\&. .RE .PP listZones() → ao .RS 4 List object paths of zones known to permanent environment\&. For list of zones known to runtime environment see org.fedoraproject.FirewallD1.zone.Methods.getZones\&. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addZone has been called recently, but firewalld has not been reloaded since then\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP HelperAdded(s: helper) .RS 4 Emitted when \fIhelper\fR has been added\&. .RE .PP IPSetAdded(s: ipset) .RS 4 Emitted when \fIipset\fR has been added\&. .RE .PP IcmpTypeAdded(s: icmptype) .RS 4 Emitted when \fIicmptype\fR has been added\&. .RE .PP ServiceAdded(s: service) .RS 4 Emitted when \fIservice\fR has been added\&. .RE .PP ZoneAdded(s: zone) .RS 4 Emitted when \fIzone\fR has been added\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP \fIAllowZoneDrifting\fR \- s \- (rw) .RS 4 Older versions of firewalld had undocumented behavior known as "zone drifting"\&. This allowed packets to ingress multiple zones \- this is a violation of zone based firewalls\&. However, some users rely on this behavior to have a "catch\-all" zone, e\&.g\&. the default zone\&. You can enable this if you desire such behavior\&. It\*(Aqs disabled by default for security reasons\&. Note: If "yes" packets will only drift from source based zones to interface based zones (including the default zone)\&. Packets never drift from interface based zones to other interfaces based zones (including the default zone)\&. Valid values; "yes", "no"\&. Defaults to "no"\&. .RE .PP AutomaticHelpers \- s \- (rw) .RS 4 Deprecated\&. Getting this value always returns "no"\&. Setting this value is ignored\&. .RE .PP CleanupOnExit \- s \- (rw) .RS 4 If firewalld stops, it cleans up all firewall rules\&. Setting this option to no or false leaves the current firewall rules untouched\&. .RE .PP DefaultZone \- s \- (ro) .RS 4 Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool\&. .RE .PP FirewallBackend \- s \- (rw) .RS 4 Selects the firewalld backend for all rules except the direct interface\&. Valid options are; nftables, iptables\&. Default in nftables\&. .RE .PP FirewallBackend \- s \- (rw) .RS 4 Flush all runtime rules on a reload\&. Valid options are; yes, no\&. .RE .PP \fIIPv6_rpfilter\fR \- s \- (rw) .RS 4 Indicates whether the reverse path filter test on a packet for IPv6 is enabled\&. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped\&. .RE .PP \fIIndividualCalls\fR \- s \- (ro) .RS 4 Indicates whether individual calls combined \-restore calls are used\&. If enabled, this increases the time that is needed to apply changes and to start the daemon, but is good for debugging\&. .RE .PP Lockdown \- s \- (rw) .RS 4 If this property is enabled, firewall changes with the D\-Bus interface will be limited to applications that are listed in the lockdown whitelist\&. .RE .PP LogDenied \- s \- (rw) .RS 4 If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones\&. Possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. .RE .PP MinimalMark \- i \- (rw) .RS 4 Deprecated\&. This option is ignored and no longer used\&. Marks are no longer used internally\&. .RE .PP FirewallBackend \- s \- (rw) .RS 4 As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet\&. Valid options are; yes, no\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.direct" .PP Interface for permanent direct configuration, see also \fBfirewalld.direct\fR(5)\&. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Add a new \fIchain\fR to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Make sure there\*(Aqs no other chain with this name already\&. There already exist basic chains to use with direct methods, for example \fIINPUT_direct\fR chain\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED .RE .PP addPassthrough(s: ipv, as: args) → Nothing .RS 4 Add a passthrough rule with the arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addPassthrough\&. .sp Possible errors: INVALID_IPV, ALREADY_ENABLED .RE .PP addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Add a rule with the arguments \fIargs\fR to \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED .RE .PP getAllChains() → a(sss) .RS 4 Get all chains added to all tables in format: ipv, table, chain\&. This concerns only chains previously added with addChain\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR)\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllChains\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .sp .RE .PP getAllPassthroughs() → a(sas) .RS 4 Get all passthrough rules added in all ipv types in format: ipv, rule\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (\fIipv\fR, array of \fIarguments\fR)\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getAllRules() → a(sssias) .RS 4 Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR)\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllRules\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getChains(s: ipv, s: table) → as .RS 4 Return an array of chains (s) added to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getChains\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP getPassthroughs(s: ipv) → aas .RS 4 Get tracked passthrough rules added in either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (array of \fIarguments\fR)\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs\&. .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getRules(s: ipv, s: table, s: chain) → a(ias) .RS 4 Get all rules added to \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIpriority\fR, array of \fIarguments\fR)\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getRules\&. .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP getSettings() → (a(sss)a(sssias)a(sas)) .RS 4 Get settings of permanent direct configuration in format: array of \fIchains\fR, array of \fIrules\fR, array of \fIpassthroughs\fR\&. .PP \fIchains (a(sss))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR), see \*(Aqchain\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIrules (a(sssias))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR), see \*(Aqrule\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIpassthroughs (a(sas))\fR: array of (\fIipv\fR, array of \fIarguments\fR), see passthrough in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .sp .RE .PP queryChain(s: ipv, s: table, s: chain) → b .RS 4 Return whether a \fIchain\fR exists in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP queryPassthrough(s: ipv, as: args) → b .RS 4 Return whether a tracked passthrough rule with the arguments \fIargs\fR exists for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough\&. .sp Possible errors: INVALID_IPV .RE .PP queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP removeChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove a \fIchain\fR from \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only chains previously added with addChain can be removed this way\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED .RE .PP removePassthrough(s: ipv, as: args) → Nothing .RS 4 Remove a passthrough rule with arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addPassthrough can be removed this way\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removePassthrough\&. .sp Possible errors: INVALID_IPV, NOT_ENABLED .RE .PP removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Remove a rule with \fIpriority\fR and arguments \fIargs\fR from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addRule can be removed this way\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED .RE .PP removeRules(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove all rules from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeRules\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP update((a(sss)a(sssias)a(sas)): settings) → Nothing .RS 4 Update permanent direct configuration with given \fIsettings\fR\&. Settings are in format: array of \fIchains\fR, array of \fIrules\fR, array of \fIpassthroughs\fR\&. .PP \fIchains (a(sss))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR), see \*(Aqchain\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIrules (a(sssias))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR), see \*(Aqrule\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIpassthroughs (a(sas))\fR: array of (\fIipv\fR, array of \fIarguments\fR), see passthrough in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Updated() .RS 4 Emitted when configuration has been updated\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.policies" .PP Interface for permanent lockdown\-whitelist configuration, see also \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime configuration see org.fedoraproject.FirewallD1.policies interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addLockdownWhitelistCommand(s: command) → Nothing .RS 4 Add \fIcommand\fR to whitelist\&. See \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP addLockdownWhitelistContext(s: context) → Nothing .RS 4 Add \fIcontext\fR to whitelist\&. See \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP addLockdownWhitelistUid(i: uid) → Nothing .RS 4 Add user id \fIuid\fR to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP addLockdownWhitelistUser(s: user) → Nothing .RS 4 Add \fIuser\fR name to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP getLockdownWhitelist() → (asasasai) .RS 4 Get settings of permanent lockdown\-whitelist configuration in format: \fIcommands\fR, \fIselinux contexts\fR, \fIusers\fR, \fIuids\fR .PP \fIcommands (as)\fR: see \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIselinux contexts (as)\fR: see \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIusers (as)\fR: see \fIname\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIuids (ai)\fR: see \fIid\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .sp .RE .PP getLockdownWhitelistCommands() → as .RS 4 List all command lines (s) that are on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands\&. .RE .PP getLockdownWhitelistContexts() → as .RS 4 List all contexts (s) that are on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts\&. .RE .PP getLockdownWhitelistUids() → ai .RS 4 List all user ids (i) that are on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids\&. .RE .PP getLockdownWhitelistUsers() → as .RS 4 List all users (s) that are on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers\&. .RE .PP queryLockdownWhitelistCommand(s: command) → b .RS 4 Query whether \fIcommand\fR is on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand\&. .RE .PP queryLockdownWhitelistContext(s: context) → b .RS 4 Query whether \fIcontext\fR is on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext\&. .RE .PP queryLockdownWhitelistUid(i: uid) → b .RS 4 Query whether user id \fIuid\fR is on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid\&. .RE .PP queryLockdownWhitelistUser(s: user) → b .RS 4 Query whether \fIuser\fR is on whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser\&. .RE .PP removeLockdownWhitelistCommand(s: command) → Nothing .RS 4 Remove \fIcommand\fR from whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistContext(s: context) → Nothing .RS 4 Remove \fIcontext\fR from whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUid(i: uid) → Nothing .RS 4 Remove user id \fIuid\fR from whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUser(s: user) → Nothing .RS 4 Remove \fIuser\fR from whitelist\&. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser\&. .sp Possible errors: NOT_ENABLED .RE .PP setLockdownWhitelist((asasasai): settings) → Nothing .RS 4 Set permanent lockdown\-whitelist configuration to \fIsettings\fR\&. Settings are in format: \fIcommands\fR, \fIselinux contexts\fR, \fIusers\fR, \fIuids\fR .PP \fIcommands (as)\fR: see \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIselinux contexts (as)\fR: see \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIusers (as)\fR: see \fIname\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIuids (ai)\fR: see \fIid\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP LockdownWhitelistUpdated() .RS 4 Emitted when permanent lockdown\-whitelist configuration has been updated\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.ipset" .PP Interface for permanent ipset configuration, see also \fBfirewalld.ipset\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addEntry(s: entry) → Nothing .RS 4 Permanently add \fIentry\fR to list of entries of ipset\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.addEntry\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addOption(s: key, s: value) → Nothing .RS 4 Permanently add (\fIkey\fR, \fIvalue\fR) to the ipset\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of ipset\&. See \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getEntries() → as .RS 4 Get list of entries added to ipset\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.getEntries\&. .sp Possible errors: IPSET_WITH_TIMEOUT .RE .PP getOptions() → a{ss} .RS 4 Get dictionary of \fIoptions\fR set for ipset\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getSettings() → (ssssa{ss}as) .RS 4 Return permament settings of the ipset\&. For getting runtime settings see org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of ipset\&. See \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getType() → s .RS 4 Get type of ipset\&. See \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of ipset\&. See \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in ipset\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryEntry(s: entry) → b .RS 4 Return whether \fIentry\fR has been added to \fIipset\fR\&. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.queryEntry\&. .RE .PP queryOption(s: key, s: value) → b .RS 4 Return whether (\fIkey\fR, \fIvalue\fR) has been added to options of the \fIipset\fR\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in ipset\&. .sp Possible errors: BUILTIN_IPSET .RE .PP removeEntry(s: entry) → Nothing .RS 4 Permanently remove \fIentry\fR from ipset\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.removeEntry\&. .sp Possible errors: NOT_ENABLED .RE .PP removeOption(s: key) → Nothing .RS 4 Permanently remove \fIkey\fR from the ipset\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in ipset to \fIname\fR\&. .sp Possible errors: BUILTIN_IPSET .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of ipset to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setEntries(as: entries) → Nothing .RS 4 Permanently set list of entries to \fIentries\fR\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setOptions(a{ss}: options) → Nothing .RS 4 Permanently set dict of options to \fIoptions\fR\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of ipset to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setType(s: ipset_type) → Nothing .RS 4 Permanently set type of ipset to \fIipset_type\fR\&. See \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of ipset to \fIversion\fR\&. See \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP update((ssssa{ss}as): settings) → Nothing .RS 4 Update settings of ipset to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when ipset with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when ipset has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when ipset with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if ipset is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in ipset has default settings\&. False if it has been modified\&. Always False for not build\-in ipsets\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of ipset\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the ipset configuration is stored\&. Should be either /usr/lib/firewalld/ipsets or /etc/firewalld/ipsets\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.zone" .PP Interface for permanent zone configuration, see also \fBfirewalld.zone\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) to list of forward ports of zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addForwardPort\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addIcmpBlock(s: icmptype) → Nothing .RS 4 Permanently add \fIicmptype\fR to list of icmp types blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addIcmpBlock(s: icmptype) → Nothing .RS 4 Permanently add icmp block inversion to zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addInterface(s: interface) → Nothing .RS 4 Permanently add \fIinterface\fR to list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addInterface\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addMasquerade() → Nothing .RS 4 Permanently enable masquerading in zone\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addMasquerade\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addPort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of ports of zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addPort\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addProtocol(s: protocol) → Nothing .RS 4 Permanently add protocol into \fIzone\fR\&. The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addProtocol\&. .sp Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED .RE .PP addRichRule(s: rule) → Nothing .RS 4 Permanently add \fIrule\fR to list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addRichRule\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addService(s: service) → Nothing .RS 4 Permanently add \fIservice\fR to list of services used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addService\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addSource(s: source) → Nothing .RS 4 Permanently add \fIsource\fR to list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addSource\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of source ports of zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addSourcePort\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of zone\&. See \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getForwardPorts() → a(ssss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) defined in zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts\&. .RE .PP getIcmpBlockInversion() → b .RS 4 Get icmp block inversion flag of zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getIcmpBlocks() → as .RS 4 Get list of icmp type names blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks\&. .RE .PP getInterfaces() → as .RS 4 Get list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getInterfaces\&. .RE .PP getMasquerade() → b .RS 4 Return whether \fImasquerade\fR is enabled in zone\&. This is the same as queryMasquerade() method\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getPorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getPorts\&. .RE .PP getProtocols() → as .RS 4 Return array of protocols (s) previously enabled in \fIzone\fR\&. For getting runtime settings see org.fedoraproject.FirewallD1.zone.Methods.getProtocols\&. .RE .PP getRichRules() → as .RS 4 Get list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getRichRules\&. .RE .PP getServices() → as .RS 4 Get list of service names used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getServices\&. .RE .PP getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)) .RS 4 Return permanent settings of given \fIzone\fR\&. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getZoneSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIUNUSED\fR, \fItarget\fR, array of \fIservices\fR, array of \fIports\fR (port, protocol), array of \fIicmp\-blocks\fR, \fImasquerade\fR, array of \fIforward\-ports\fR (port, protocol, to\-port, to\-addr), array of \fIinterfaces\fR, array of \fIsources\fR, array of \fIrich rules\fR, array of \fIprotocols\fR and array of \fIsource\-ports\fR (port, protocol)\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIUNUSED (b)\fR: this boolean value is no longer used for anything\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols\&. See \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource\-ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of zone\&. See \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getSourcePorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts\&. .RE .PP getSources() → as .RS 4 Get list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getSources\&. .RE .PP getTarget() → s .RS 4 Get target of zone\&. See \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of zone\&. See \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in zone\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) is in list of forward ports of zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort\&. .RE .PP queryIcmpBlock(s: icmptype) → b .RS 4 Return whether \fIicmptype\fR is in list of icmp types blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock\&. .RE .PP queryIcmpBlockInversion() → b .RS 4 Return whether \fIicmp block inversion\fR is in enabled in zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion\&. .RE .PP queryInterface(s: interface) → b .RS 4 Return whether \fIinterface\fR is in list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryInterface\&. .RE .PP queryMasquerade() → b .RS 4 Return whether \fImasquerade\fR is enabled in zone\&. This is the same as getMasquerade() method\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade\&. .RE .PP queryPort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of ports of zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryPort\&. .RE .PP queryProtocol(s: protocol) → b .RS 4 Return whether \fIprotocol\fR has been added in \fIzone\fR\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryProtocol\&. .sp Possible errors: INVALID_PROTOCOL .RE .PP queryRichRule(s: rule) → b .RS 4 Return whether \fIrule\fR is in list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryRichRule\&. .RE .PP queryService(s: service) → b .RS 4 Return whether \fIservice\fR is in list of services used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryService\&. .RE .PP querySource(s: source) → b .RS 4 Return whether \fIsource\fR is in list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.querySource\&. .RE .PP querySourcePort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of source ports of zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.querySourcePort\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in zone\&. .sp Possible errors: BUILTIN_ZONE .RE .PP removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) from list of forward ports of zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort\&. .sp Possible errors: NOT_ENABLED .RE .PP removeIcmpBlock(s: icmptype) → Nothing .RS 4 Permanently remove \fIicmptype\fR from list of icmp types blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock\&. .sp Possible errors: NOT_ENABLED .RE .PP removeIcmpBlockInversion() → Nothing .RS 4 Permanently remove \fIicmp block inversion\fR from the zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion\&. .sp Possible errors: NOT_ENABLED .RE .PP removeInterface(s: interface) → Nothing .RS 4 Permanently remove \fIinterface\fR from list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeInterface\&. .sp Possible errors: NOT_ENABLED .RE .PP removeMasquerade() → Nothing .RS 4 Permanently disable masquerading in zone\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade\&. .sp Possible errors: NOT_ENABLED .RE .PP removePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of ports of zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removePort\&. .sp Possible errors: NOT_ENABLED .RE .PP removeProtocol(s: protocol) → Nothing .RS 4 Permanently remove protocol from \fIzone\fR\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol\&. .sp Possible errors: INVALID_PROTOCOL, NOT_ENABLED .RE .PP removeRichRule(s: rule) → Nothing .RS 4 Permanently remove \fIrule\fR from list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule\&. .sp Possible errors: NOT_ENABLED .RE .PP removeService(s: service) → Nothing .RS 4 Permanently remove \fIservice\fR from list of services used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeService\&. .sp Possible errors: NOT_ENABLED .RE .PP removeSource(s: source) → Nothing .RS 4 Permanently remove \fIsource\fR from list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeSource\&. .sp Possible errors: NOT_ENABLED .RE .PP removeSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of source ports of zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in zone to \fIname\fR\&. .sp Possible errors: BUILTIN_ZONE .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of zone to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setForwardPorts(a(ssss): ports) → Nothing .RS 4 Permanently set forward ports of zone to list of (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setIcmpBlockInversion(b: flag) → Nothing .RS 4 Permanently set icmp block inversion flag of zone to \fIflag\fR\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setIcmpBlocks(as: icmptypes) → Nothing .RS 4 Permanently set list of icmp types blocked in zone to \fIicmptypes\fR\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setInterfaces(as: interfaces) → Nothing .RS 4 Permanently set list of interfaces bound to zone to \fIinterfaces\fR\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setMasquerade(b: masquerade) → Nothing .RS 4 Permanently set masquerading in zone to \fImasquerade\fR\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setPorts(a(ss): ports) → Nothing .RS 4 Permanently set ports of zone to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setProtocols(as: protocols) → Nothing .RS 4 Permanently set list of protocols used in zone to \fIprotocols\fR\&. See \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setRichRules(as: rules) → Nothing .RS 4 Permanently set list of rich\-language rules to \fIrules\fR\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setServices(as: services) → Nothing .RS 4 Permanently set list of services used in zone to \fIservices\fR\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of zone to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setSourcePorts(a(ss): ports) → Nothing .RS 4 Permanently set source\-ports of zone to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setSources(as: sources) → Nothing .RS 4 Permanently set list of source addresses bound to zone to \fIsources\fR\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setTarget(s: target) → Nothing .RS 4 Permanently set target of zone to \fItarget\fR\&. See \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of zone to \fIversion\fR\&. See \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing .RS 4 Update settings of zone to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIUNUSED\fR, \fItarget\fR, array of \fIservices\fR, array of \fIports\fR (port, protocol), array of \fIicmp\-blocks\fR, \fImasquerade\fR, array of \fIforward\-ports\fR (port, protocol, to\-port, to\-addr), array of \fIinterfaces\fR, array of \fIsources\fR, array of \fIrich rules\fR, array of \fIprotocols\fR and array of \fIsource\-ports\fR (port, protocol)\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIUNUSED (b)\fR: this boolean value is no longer used for anything\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp\-blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward\-ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource addresses (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrich rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols\&. See \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource\-ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when zone with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when zone has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when zone with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if zone is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in zone has default settings\&. False if it has been modified\&. Always False for not build\-in zones\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of zone\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the zone configuration is stored\&. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.service" .PP Interface for permanent service configuration, see also \fBfirewalld.service\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addModule(s: module) → Nothing .RS 4 This method is deprecated\&. Please use "helpers" in the update2() method\&. .RE .PP addPort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of ports in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addProtocol(s: protocol) → Nothing .RS 4 Permanently add protocol into \fIzone\fR\&. The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED .RE .PP addSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of source ports in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of service\&. See \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getDestination(s: family) → s .RS 4 Get destination for IP family being either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDestinations() → a{ss} .RS 4 Get list of destinations\&. Return value is a dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getModules() → as .RS 4 This method is deprecated\&. Please use "helpers" in the getSettings2() method\&. .RE .PP getPorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getProtocols() → as .RS 4 Return array of protocols (s) defined in \fIservice\fR\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getSettings() → (sssa(ss)asa{ss}asa(ss)) .RS 4 This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.getSettings2 instead\&. .RE .PP getSettings2(s: \fIservice\fR) → s{sv} .RS 4 Return runtime settings of given \fIservice\fR\&. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getServiceSettings2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If the value is empty it may be ommitted\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of service\&. See \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getSourcePorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of service\&. See \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in service\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryDestination(s: family, s: address) → b .RS 4 Return whether a \fIdestination\fR is in dictionary of destinations of this service\&. destination is in format: (\fIIP family\fR, \fIIP address\fR) where \fIIP family\fR can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP queryModule(s: module) → b .RS 4 This method is deprecated\&. Please use "helpers" in the getSettings2() method\&. .RE .PP queryPort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of ports in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP queryProtocol(s: protocol) → b .RS 4 Return whether \fIprotocol\fR is in list of protocols in service\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP querySourcePort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of source ports in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in service\&. .sp Possible errors: BUILTIN_SERVICE .RE .PP removeDestination(s: family) → Nothing .RS 4 Permanently remove a destination with \fIfamily\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) from service\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP removeModule(s: module) → Nothing .RS 4 This method is deprecated\&. Please use "helpers" in the update2() method\&. .RE .PP removePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of ports in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP removeProtocol(s: protocol) → Nothing .RS 4 Permanently remove \fIprotocol\fR from list of protocols in service\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP removeSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of source ports in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in service to \fIname\fR\&. .sp Possible errors: BUILTIN_SERVICE .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of service to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setDestination(s: family, s: address) → Nothing .RS 4 Permanently set a destination address\&. destination is in format: (\fIIP family\fR, \fIIP address\fR) where \fIIP family\fR can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP setDestinations(a{ss}: destinations) → Nothing .RS 4 Permanently set destinations of service to \fIdestinations\fR, which is a dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setModules(as: modules) → Nothing .RS 4 This method is deprecated\&. Please use "helpers" in the update2() method\&. .RE .PP setPorts(a(ss): ports) → Nothing .RS 4 Permanently set ports of service to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setProtocols(as: protocols) → Nothing .RS 4 Permanently set protocols of service to list of \fIprotocols\fR\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of service to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setSourcePorts(a(ss): ports) → Nothing .RS 4 Permanently set source\-ports of service to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of service to \fIversion\fR\&. See \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing .RS 4 This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.update2 instead\&. .RE .PP update2a{sv}: settings) → Nothing .RS 4 Update settings of service to \fIsettings\fR\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when service with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when service has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when service with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if service is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in service has default settings\&. False if it has been modified\&. Always False for not build\-in services\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of service\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the configuration is stored\&. Should be either /usr/lib/firewalld/services or /etc/firewalld/services\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.helper" .PP Interface for permanent helper configuration, see also \fBfirewalld.helper\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addPort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of ports in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of helper\&. See \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getFamily() → s .RS 4 Get family being \*(Aqipv4\*(Aq, \*(Aqipv6\*(Aq or empty for both\&. See \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getModule() → s .RS 4 Get modules (netfilter kernel helpers) used in helper\&. See \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getPorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getSettings() → (sssssa(ss)) .RS 4 Return permanent settings of a \fIhelper\fR\&. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getHelperSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIfamily\fR, \fImodule\fR, array of \fIports\fR (port, protocol)\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIfamily (s)\fR: see \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fImodule (s)\fR: see \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of helper\&. See \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of helper\&. See \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in helper\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryFamily(s: module) → b .RS 4 Return whether \fIfamily\fR is set for helper\&. See \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP queryModule(s: module) → b .RS 4 Return whether \fImodule\fR (netfilter kernel helpers) is used in helper\&. See \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP queryPort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of ports in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in helper\&. .sp Possible errors: BUILTIN_HELPER .RE .PP removePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of ports in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in helper to \fIname\fR\&. .sp Possible errors: BUILTIN_HELPER .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of helper to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setFamily(s: family) → Nothing .RS 4 Permanently set family of helper to \fIfamily\fR\&. See \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setModule(s: module) → Nothing .RS 4 Permanently set module of helper to \fIdescription\fR\&. See \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setPorts(a(ss): ports) → Nothing .RS 4 Permanently set ports of helper to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of helper to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of helper to \fIversion\fR\&. See \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP update((sssssa(ss)): settings) → Nothing .RS 4 Update settings of helper to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIfamily\fR, \fImodule\fR and array of \fIports\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIfamily (s)\fR: see \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fImodule (s)\fR: see \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_HELPER .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when helper with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when helper has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when helper with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if helper is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in helper has default settings\&. False if it has been modified\&. Always False for not build\-in helpers\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of helper\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the configuration is stored\&. Should be either /usr/lib/firewalld/helpers or /etc/firewalld/helpers\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.icmptype" .PP Interface for permanent icmp type configuration, see also \fBfirewalld.icmptype\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addDestination(s: destination) → Nothing .RS 4 Permanently add a \fIdestination\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) to list of destinations of this icmp type\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of icmp type\&. See \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP getDestinations() → as .RS 4 Get list of destinations\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP getSettings() → (sssas) .RS 4 Return permanent settings of \fIicmp type\fR\&. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq, see destination tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of icmp type\&. See \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of icmp type\&. See \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in icmp type\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryDestination(s: destination) → b .RS 4 Return whether a \fIdestination\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) is in list of destinations of this icmp type\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in icmp type\&. .sp Possible errors: BUILTIN_ICMPTYPE .RE .PP removeDestination(s: destination) → Nothing .RS 4 Permanently remove a \fIdestination\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) from list of destinations of this icmp type\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in icmp type to \fIname\fR\&. .sp Possible errors: BUILTIN_ICMPTYPE .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of icmp type to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP setDestinations(as: destinations) → Nothing .RS 4 Permanently set destinations of icmp type to \fIdestinations\fR, which is array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of icmp type to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of icmp type to \fIversion\fR\&. See \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP update((sssas): settings) → Nothing .RS 4 Update permanent settings of icmp type to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq, see destination tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when icmp type with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when icmp type has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when icmp type with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if icmptype is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in icmp type has default settings\&. False if it has been modified\&. Always False for not build\-in zones\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of icmp type\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the icmp type configuration is stored\&. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes\&. .RE .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.lockdown-whitelist.50000664007115300711530000001131313641123212024716 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.lockdown-whitelist .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.lockdown-whitelist .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.LOCKDOWN" "5" "" "firewalld 0.8.2" "firewalld.lockdown-whitelist" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.lockdown-whitelist \- firewalld lockdown whitelist configuration file .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/lockdown\-whitelists\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP The firewalld lockdown\-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white\-listed when firewalld lockdown feature is enabled (see \fBfirewalld.conf\fR(5) and \fBfirewall-cmd\fR(1))\&. .PP This example configuration file shows the structure of an lockdown\-whitelist file: .sp .if n \{\ .RS 4 .\} .nf .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "whitelist" .PP The mandatory whitelist start and end tag defines the lockdown\-whitelist\&. This tag can only be used once in a lockdown\-whitelist configuration file\&. There are no attributes for this\&. .SS "selinux" .PP Is an optional empty\-element tag and can be used several times to have more than one selinux contexts entries\&. A selinux entry has exactly one attribute: .PP context="\fIstring\fR" .RS 4 The context is the security (SELinux) context of a running application or service\&. .sp To get the context of a running application use \fBps \-e \-\-context\fR and search for the application that should be white\-listed\&. .sp Warning: If the context of an application is unconfined, then this will open access for more than the desired application\&. .RE .SS "command" .PP Is an optional empty\-element tag and can be used several times to have more than one command entry\&. A command entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The command \fIstring\fR is a complete command line including path and also attributes\&. .sp If a command entry ends with an asterisk \*(Aq*\*(Aq, then all command lines starting with the command will match\&. If the \*(Aq*\*(Aq is not there the absolute command inclusive arguments must match\&. .sp Commands for user root and others is not always the same, the used path depends on the use of the \fBPATH\fR environment variable\&. .RE .SS "user" .PP Is an optional empty\-element tag and can be used several times to white\-list more than one user\&. A user entry has exactly one attribute of these: .PP name="\fIstring\fR" .RS 4 The user with the name \fIstring\fR will be white\-listed\&. .RE .PP id="\fIinteger\fR" .RS 4 The user with the id \fIuserid\fR will be white\-listed\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/Makefile.am0000664007115300711530000000010613641106161021064 0ustar00egarveregarver00000000000000if ENABLE_DOCS EXTRA_DIST = $(man_MANS) man_MANS = firewall*.5 endif firewalld-0.8.2/doc/man/man5/firewalld.direct.50000664007115300711530000002460613641123211022346 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.direct .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.direct .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.DIRECT" "5" "" "firewalld 0.8.2" "firewalld.direct" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.direct \- firewalld direct configuration file .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/direct\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP Direct configuration gives a more direct access to the firewall\&. It requires user to know basic ip(6)tables/ebtables concepts, i\&.e\&. \fItable\fR (filter/mangle/nat/\&.\&.\&.), \fIchain\fR (INPUT/OUTPUT/FORWARD/\&.\&.\&.), \fIcommands\fR (\-A/\-D/\-I/\&.\&.\&.), \fIparameters\fR (\-p/\-s/\-d/\-j/\&.\&.\&.) and \fItargets\fR (ACCEPT/DROP/REJECT/\&.\&.\&.)\&. Direct configuration should be used only as a last resort when it\*(Aqs not possible to use \fBfirewalld.zone\fR(5)\&. See also \fIDirect Options\fR in \fBfirewall-cmd\fR(1)\&. .PP A firewalld direct configuration file contains informations about permanent direct chains, rules and passthrough \&.\&.\&. .PP This is the structure of a direct configuration file: .sp .if n \{\ .RS 4 .\} .nf [ ] [ args ] [ args ] .fi .if n \{\ .RE .\} .sp .SS "direct" .PP The mandatory direct start and end tag defines the direct\&. This tag can only be used once in a direct configuration file\&. There are no attributes for direct\&. .SS "chain" .PP Is an optional empty\-element tag and can be used several times\&. It can be used to define names for additional chains\&. A chain entry has exactly three attributes: .PP ipv="\fIipv4\fR|\fIipv6\fR|\fIeb\fR" .RS 4 The IP family where the chain will be created\&. This can be either \fIipv4\fR, \fIipv6\fR or \fIeb\fR\&. .RE .PP table="\fItable\fR" .RS 4 The table name where the chain will be created\&. This can be one of the tables that can be used for iptables, ip6tables or ebtables\&. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages\&. .RE .PP chain="\fIchain\fR" .RS 4 The name of the chain, that will be created\&. Please make sure that there is no other chain with this name already\&. .RE .PP Please remember to add a rule or passthrough rule with an \fB\-\-jump\fR or \fB\-\-goto\fR option to connect the chain to another one\&. .SS "rule" .PP Is an optional element tag and can be used several times\&. It can be used to add rules to a built\-in or added chain\&. A rule entry has exactly four attributes: .PP ipv="\fIipv4\fR|\fIipv6\fR|\fIeb\fR" .RS 4 The IP family where the rule will be added\&. This can be either \fIipv4\fR, \fIipv6\fR or \fIeb\fR\&. .RE .PP table="\fItable\fR" .RS 4 The table name where the rule will be added\&. This can be one of the tables that can be used for iptables, ip6tables or ebtables\&. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages\&. .RE .PP chain="\fIchain\fR" .RS 4 The name of the chain where the rule will be added\&. This can be either a built\-in chain or a chain that has been created with the chain tag\&. If the chain name is a built\-in chain, then the rule will be added to \fIchain\fR_direct, else the supplied chain name is used\&. \fIchain\fR_direct is created internally for all built\-in chains to make sure that the added rules do not conflict with the rules created by firewalld\&. .RE .PP priority="\fIpriority\fR" .RS 4 The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. .RE .PP The \fIargs\fR can be any arguments of iptables or ip6tables, that do not conflict with the table or chain attributes\&. .SS "passthrough" .PP Is an optional element tag and can be used several times\&. It can be used to add rules to a built\-in or added chain\&. A rule entry has exactly one attribute: .PP ipv="\fIipv4\fR|\fIipv6\fR|\fIeb\fR" .RS 4 The IP family where the passthrough rule will be added\&. This can be either \fIipv4\fR, \fIipv6\fR or \fIeb\fR\&. .RE .PP The \fIargs\fR can be any arguments of iptables or ip6tables\&. .PP The passthrough rule will be added to the chain directly\&. There is no mechanism like for the direct \fBrule\fR above\&. The user of the passthrough rule has to make sure that there will be no conflict with the rules created by firewalld\&. .SH "CAVEATS" .PP Depending on the value of \fIFirewallBackend\fR (see \fBfirewalld.conf\fR(5)) direct rules behave differently in some scenarios\&. .SS "Packet accept/drop precedence" .PP Due to implementation details of netfilter inside the kernel, if \fIFirewallBackend=nftables\fR is used direct rules that \fIACCEPT\fR packets don\*(Aqt actually cause the packets to be immediately accepted by the system\&. Those packets are still be subject to firewalld\*(Aqs nftables ruleset\&. This basically means there are two independent firewalls and packets must be accepted by both (iptables and nftables)\&. As an aside, this scenario also occurs inside of nftables (again due to netfilter) if there are multiple chains attached to the same hook \- it\*(Aqs not as simple as iptables vs nftables\&. .PP There are a handful of options to workaround the \fIACCEPT\fR issue: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} Rich Rules .sp If a rich rule can be used, then they should always be preferred over direct rules\&. Rich Rules will be converted to the enabled \fIFirewallBackend\fR\&. See \fBfirewalld.richlanguage\fR(5)\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} Blanket Accept .sp Users can add an explicit accept to the nftables ruleset\&. This can be done by adding the interface or source to the \fItrusted\fR zone\&. .sp This strategy is often employed by things that perform their own filtering such as: libvirt, podman, docker\&. .sp \fBWarning\fR: This means firewalld will do no filtering on these packets\&. It must all be done via direct rules or out\-of\-band iptables rules\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 3.\h'+01'\c .\} .el \{\ .sp -1 .IP " 3." 4.2 .\} Selective Accept .sp Alternatively, enable only the relevant service, port, address, or otherwise in the appropriate zone\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 4.\h'+01'\c .\} .el \{\ .sp -1 .IP " 4." 4.2 .\} Revert to the iptables backend .sp A last resort is to revert to the iptables backend by setting \fIFirewallBackend=iptables\fR\&. Users should be aware that firewalld development focuses on the nftables backend\&. .RE .PP For direct rules that \fIDROP\fR packets the packets are immediately dropped regardless of the value of \fIFirewallBackend\fR\&. As such, there is no special consideration needed\&. .PP Firewalld guarantees the above ACCEPT/DROP behavior by registering nftables hooks with a lower precedence than iptables hooks\&. .SS "Direct interface precedence" .PP With \fIFirewallBackend=iptables\fR firewalld\*(Aqs top\-level internal rules apply before direct rules are executed\&. This includes rules to accept existing connections\&. In the past this has surprised users\&. As an example, if a user adds a direct rule to drop traffic on destination port 22 existing SSH sessions would continue to function, but new connections would be denied\&. .PP With \fIFirewallBackend=nftables\fR direct rules were deliberately given a higher precedence than all other firewalld rules\&. This includes rules to accept existing connections\&. .SH "EXAMPLE" .PP Blacklisting of the networks 192\&.168\&.1\&.0/24 and 192\&.168\&.5\&.0/24 with logging and dropping early in the raw table: .sp .if n \{\ .RS 4 .\} .nf \-s 192\&.168\&.1\&.0/24 \-j blacklist \-s 192\&.168\&.5\&.0/24 \-j blacklist \-m limit \-\-limit 1/min \-j LOG \-\-log\-prefix "blacklisted: " \-j DROP .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.service.50000664007115300711530000001501713641123212022531 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.service .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.service .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.SERVICE" "5" "" "firewalld 0.8.2" "firewalld.service" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.service \- firewalld service configuration files .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/services/service\&.xml\fR \fI/usr/lib/firewalld/services/service\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld service configuration file provides the information of a service entry for firewalld\&. The most important configuration options are ports, modules and destination addresses\&. .PP This example configuration file shows the structure of a service configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Service\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "service" .PP The mandatory service start and end tag defines the service\&. This tag can only be used once in a service configuration file\&. There are optional attributes for services: .PP version="\fIstring\fR" .RS 4 To give the service a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an service a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a service\&. .SS "port" .PP Is an optional empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR or also empty to match a protocol only\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP For compatibility with older firewalld versions, it is possible to add protocols with the port option where the port is empty\&. With the addition of native protocol support in the service, this it not needed anymore\&. These entries will automatically be converted to protocols\&. With the next modification of the service file, the enries will be listed as protocols\&. .SS "protocol" .PP Is an optional empty\-element tag and can be used several times to have more than one protocol entry\&. A protocol entry has exactly one attribute: .PP value="\fIstring\fR" .RS 4 The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .SS "source\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one source port entry\&. All attributes of a source port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "module" .PP This element is deprecated\&. Please use helper described below in the section called \(lqhelper\(rq\&. .SS "destination" .PP Is an optional empty\-element tag and can be used only once\&. The destination specifies the destination network as a network IP address (optional with /mask), or a plain IP address\&. The use of hostnames is not recommended, because these will only be resolved at service activation and transmitted to the kernel\&. For more information in this element, please have a look at \fB\-\-destination\fR in \fBiptables\fR(8) and \fBip6tables\fR(8)\&. .PP ipv4="\fIaddress\fR[/\fImask\fR]" .RS 4 The IPv4 destination address with optional mask\&. .RE .PP ipv6="\fIaddress\fR[/\fImask\fR]" .RS 4 The IPv6 destination address with optional mask\&. .RE .SS "include" .PP Is an optional empty\-element tag and can be used several times to have more than one include entry\&. An include entry has exactly one attribute: .PP service="\fIstring\fR" .RS 4 The include can be any service supported by firewalld\&. .sp \fBWarning:\fRFirewalld will only check that the included \fIservice\fR is a valid service if it\*(Aqs applied to a zone\&. .RE .SS "helper" .PP Is an optional empty\-element tag and can be used several times to have more than one helper entry\&. An helper entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The helper can be any helper supported by firewalld\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/man5/firewalld.icmptype.50000664007115300711530000000733213641123211022723 0ustar00egarveregarver00000000000000'\" t .\" Title: firewalld.icmptype .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: .\" Manual: firewalld.icmptype .\" Source: firewalld 0.8.2 .\" Language: English .\" .TH "FIREWALLD\&.ICMPTYPE" "5" "" "firewalld 0.8.2" "firewalld.icmptype" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.icmptype \- firewalld icmptype configuration files .SH "SYNOPSIS" .PP .nf \fI/usr/etc/firewalld/icmptypes/icmptype\&.xml\fR \fI/usr/lib/firewalld/icmptypes/icmptype\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld icmptype configuration file provides the information for an Internet Control Message Protocol (ICMP) type for firewalld\&. .PP This example configuration file shows the structure of an icmptype configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Icmptype\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "icmptype" .PP The mandatory icmptype start and end tag defines the icmptype\&. This tag can only be used once in an icmptype configuration file\&. This tag has optional attributes: .PP version="\fIstring\fR" .RS 4 To give the icmptype a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an icmptype a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a icmptype\&. .SS "destination" .PP Is an optional empty\-element tag and can be used only once\&. The destination tag specifies if an icmptype entry is available for IPv4 and/or IPv6\&. The default is IPv4 and IPv6, where this tag can be missing\&. .PP ipv4="\fIbool\fR" .RS 4 Describes if the icmptype is available for IPv4\&. .RE .PP ipv6="\fIbool\fR" .RS 4 Describes if the icmptype is available for IPv6\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-0.8.2/doc/man/Makefile.am0000664007115300711530000000002413341016621020221 0ustar00egarveregarver00000000000000SUBDIRS = man1 man5 firewalld-0.8.2/doc/xml/0000775007115300711530000000000013641123257016225 5ustar00egarveregarver00000000000000firewalld-0.8.2/doc/xml/firewalld.lockdown-whitelist.xml0000664007115300711530000001324513341016621024547 0ustar00egarveregarver00000000000000 ]> firewalld.lockdown-whitelist firewalld &authors; firewalld.lockdown-whitelist 5 firewalld.lockdown-whitelist firewalld lockdown whitelist configuration file /firewalld/lockdown-whitelists.xml Description The firewalld lockdown-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white-listed when firewalld lockdown feature is enabled (see firewalld.conf5 and firewall-cmd1). This example configuration file shows the structure of an lockdown-whitelist file: <?xml version="1.0" encoding="utf-8"?> <whitelist> <selinux context="selinuxcontext"/> <command name="commandline[*]"/> <user {name="username|id="userid"}/> </whitelist> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. whitelist The mandatory whitelist start and end tag defines the lockdown-whitelist. This tag can only be used once in a lockdown-whitelist configuration file. There are no attributes for this. selinux Is an optional empty-element tag and can be used several times to have more than one selinux contexts entries. A selinux entry has exactly one attribute: context="string" The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context and search for the application that should be white-listed. Warning: If the context of an application is unconfined, then this will open access for more than the desired application. command Is an optional empty-element tag and can be used several times to have more than one command entry. A command entry has exactly one attribute: name="string" The command string is a complete command line including path and also attributes. If a command entry ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Commands for user root and others is not always the same, the used path depends on the use of the PATH environment variable. user Is an optional empty-element tag and can be used several times to white-list more than one user. A user entry has exactly one attribute of these: name="string" The user with the name string will be white-listed. id="integer" The user with the id userid will be white-listed. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.zone.xml0000664007115300711530000005215113341016621021667 0ustar00egarveregarver00000000000000 ]> firewalld.zone firewalld &authors; firewalld.zone 5 firewalld.zone firewalld zone configuration files /firewalld/zones/zone.xml /lib/firewalld/zones/zone.xml Description A firewalld zone configuration file contains the information for a zone. These are the zone description, services, ports, protocols, icmp-blocks, masquerade, forward-ports and rich language rules in an XML file format. The file name has to be zone_name.xml where length of zone_name is currently limited to 17 chars. This is the structure of a zone configuration file: <?xml version="1.0" encoding="utf-8"?> <zone [version="versionstring"] [target="ACCEPT|%%REJECT%%|DROP"]> [ <short>short description</short> ] [ <description>description</description> ] [ <interface name="string"/> ] [ <source address="address[/mask]"|mac="MAC"|ipset="ipset"/> ] [ <service name="string"/> ] [ <port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> ] [ <protocol value="protocol"/> ] [ <icmp-block name="string"/> ] [ <icmp-block-inversion/> ] [ <masquerade/> ] [ <forward-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp" [to-port="portid[-portid]"] [to-addr="IP address"]/> ] [ <source-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> ] [ <rule [family="ipv4|ipv6"]> [ <source address="address[/mask]"|mac="MAC"|ipset="ipset" [invert="True"]/> ] [ <destination address="address[/mask]" [invert="True"]/> ] [ <service name="string"/> | <port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> | <protocol value="protocol"/> | <icmp-block name="icmptype"/> | <icmp-type name="icmptype"/> | <masquerade/> | <forward-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp" [to-port="portid[-portid]"] [to-addr="address"]/> ] [ <log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]> [<limit value="rate/duration"/>] </log> ] [ <audit> [<limit value="rate/duration"/>] </audit> ] [ <accept> [<limit value="rate/duration"/>] </accept> | <reject [type="rejecttype"]> [<limit value="rate/duration"/>] </reject> | <drop> [<limit value="rate/duration"/>] </drop> | <mark set="mark[/mask]"> [<limit value="rate/duration"/>] </mark> ] </rule> ] </zone> The config can contain these tags and attributes. Some of them are mandatory, others optional. zone The mandatory zone start and end tag defines the zone. This tag can only be used once in a zone configuration file. There are optional attributes for zones: version="string" To give the zone a version. target="ACCEPT|%%REJECT%%|DROP" Can be used to accept, reject or drop every packet that doesn't match any rule (port, service, etc.). The ACCEPT target is used in trusted zone to accept every packet not matching any rule. The %%REJECT%% target is used in block zone to reject (with default firewalld reject type) every packet not matching any rule. The DROP target is used in drop zone to drop every packet not matching any rule. If the target is not specified, every packet not matching any rule will be rejected. short Is an optional start and end tag and is used to give a zone a more readable name. description Is an optional start and end tag to have a description for a zone. interface Is an optional empty-element tag and can be used several times. It can be used to bind an interface to a zone. You don't need this for NetworkManager-managed interfaces, because NetworkManager binds interfaces to zones automatically. See also 'How to set or change a zone for a connection?' in firewalld.zones5. You can use it as a fallback mechanism for interfaces that can't be managed via NetworkManager. An interface entry has exactly one attribute: name="string" The name of the interface to be bound to the zone. source Is an optional empty-element tag and can be used several times. It can be used to bind a source address, address range, a MAC address or an ipset to a zone. A source entry has exactly one of these attributes: address="address/mask" The source is either an IP address or a network IP address with a mask for IPv4 or IPv6. The network family (IPv4/IPv6) will be automatically discovered. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. mac="MAC" The source is a MAC address. It must be of the form XX:XX:XX:XX:XX:XX. ipset="ipset" The source is an ipset. service Is an optional empty-element tag and can be used several times to have more than one service entry enabled. A service entry has exactly one attribute: name="string" The name of the service to be enabled. To get a list of valid service names firewall-cmd --list=services can be used. port Is an optional empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory: port="portid-portid" The port can either be a single port number portid or a port range portid-portid. protocol="tcp|udp|sctp|dccp" The protocol can either be tcp, udp, sctp or dccp. protocol Is an optional empty-element tag and can be used several times to have more than one protocol entry. All protocol has exactly one attribute: value="string" The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. icmp-block Is an optional empty-element tag and can be used several times to have more than one icmp-block entry. Each icmp-block tag has exactly one mandatory attribute: name="string" The name of the Internet Control Message Protocol (ICMP) type to be blocked. To get a list of valid ICMP types firewall-cmd --list=icmptypes can be used. icmp-block-inversion Is an optional empty-element tag and can be used only once in a zone configuration. This flag inverts the icmp block handling. Only enabled ICMP types are accepted and all others are rejected in the zone. masquerade Is an optional empty-element tag. It can be used only once in a zone configuration. If it's present masquerading is enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external interface. forward-port Is an optional empty-element tag and can be used several times to have more than one port or packet forward entry. There are mandatory and also optional attributes for forward ports: Mandatory attributes: The local port and protocol to be forwarded. port="portid-portid" The port can either be a single port number portid or a port range portid-portid. protocol="tcp|udp|sctp|dccp" The protocol can either be tcp, udp, sctp or dccp. Optional attributes: The destination of the forward. For local forwarding add only. For remote forwarding add and use optionally if the destination port on the destination machine should be different. to-port="portid-portid" The destination port or port range to forward to. If omitted, the value of the port= attribute will be used altogether with the to-addr attribute. to-addr="address" The destination IP address either for IPv4 or IPv6. source-port Is an optional empty-element tag and can be used several times to have more than one source port entry. All attributes of a source port entry are mandatory: port="portid-portid" The port can either be a single port number portid or a port range portid-portid. protocol="tcp|udp|sctp|dccp" The protocol can either be tcp, udp, sctp or dccp. rule Is an optional element tag and can be used several times to have more than one rich language rule entry. The general rule structure: <rule [family="ipv4|ipv6"]> [ <source address="address[/mask]" [invert="True"]/> ] [ <destination address="address[/mask]" [invert="True"]/> ] [ <service name="string"/> | <port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> | <protocol value="protocol"/> | <icmp-block name="icmptype"/> | <icmp-type name="icmptype"/> | <masquerade/> | <forward-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp" [to-port="portid[-portid]"] [to-addr="address"]/> | <source-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> | ] [ <log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> ] [ <audit> [<limit value="rate/duration"/>] </audit> ] [ <accept> [<limit value="rate/duration"/>] </accept> | <reject [type="rejecttype"]> [<limit value="rate/duration"/>] </reject> | <drop> [<limit value="rate/duration"/>] </drop> | <mark set="mark[/mask]"> [<limit value="rate/duration"/>] </mark> ] </rule> Rule structure for source black or white listing: <rule [family="ipv4|ipv6"]> <source address="address[/mask]" [invert="True"]/> [ <log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> ] [ <audit> [<limit value="rate/duration"/>] </audit> ] <accept> [<limit value="rate/duration"/>] </accept> | <reject [type="rejecttype"]> [<limit value="rate/duration"/>] </reject> | <drop> [<limit value="rate/duration"/>] </drop> </rule> For a full description on rich language rules, please have a look at firewalld.richlanguage5. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewall-cmd.xml.in0000664007115300711530000033205713641106203021724 0ustar00egarveregarver00000000000000 ]> firewall-cmd firewalld &authors; firewall-cmd 1 firewall-cmd firewalld command line client firewall-cmd OPTIONS Description firewall-cmd is the command line client of the firewalld daemon. It provides interface to manage runtime and permanent configuration. The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration. Options Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16) errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used. The following options are supported: General Options Prints a short help text and exits. Print the version string of firewalld. This option is not combinable with other options. Do not print status messages. Status Options Check whether the firewalld daemon is active (i.e. running). Returns an exit code 0 if it is active, RUNNING_BUT_FAILED if failure occurred on startup, NOT_RUNNING otherwise. See . This will also print the state to STDOUT. Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. Reload firewall completely, even netfilter kernel modules. This will most likely terminate active connections, because state information is lost. This option should only be used in case of severe firewall problems. For example if there are state information problems that no connection can be established with correct firewall rules. Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk. Run checks on the permanent configuration. This includes XML validity and semantics. Log Denied Options Print the log denied setting. =value Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules. Permanent Options The permanent option can be used to set options permanently. These changes are not effective immediately, only after service restart/reload or system reboot. Without the option, a change will only be part of the runtime configuration. If you want to make a change in runtime and permanent configuration, use the same call with and without the option. The option can be optionally added to all options further down where it is supported. Zone Options Print default zone for connections and interfaces. =zone Set default zone for connections and interfaces where no zone has been selected. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. This is a runtime and permanent change. Print currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. The output format is: zone1 interfaces: interface1 interface2 .. sources: source1 .. zone2 interfaces: interface3 .. zone3 sources: source2 .. If there are no interfaces or sources bound to the zone, the corresponding line will be omitted. Print predefined zones as a space separated list. Print predefined services as a space separated list. Print predefined icmptypes as a space separated list. =interface Print the name of the zone the interface is bound to or no zone. =source/mask|MAC|ipset:ipset Print the name of the zone the source is bound to or no zone. Print information about the zone zone. The output format is: zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. List everything added for or enabled in all zones. The output format is: zone1 interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. .. =zone Add a new permanent and empty zone. Zone names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =zone Add a new permanent zone from a prepared zone file with an optional name override. =zone Delete an existing permanent zone. =zone Load zone default settings or report NO_DEFAULTS error. Print path of the zone configuration file. =zone =description Set new description to zone =zone Print description for zone =zone =description Set short description to zone =zone Print short description for zone =zone Get the target of a permanent zone. =zone =target Set the target of a permanent zone. target is one of: default, ACCEPT, DROP, REJECT default is similar to REJECT, but has special meaning in the following scenarios: ICMP explicitly allowed At the end of the zone's ruleset ICMP packets are explicitly allowed. forwarded packets follow the target of the egress zone In the case of forwarded packets, if the ingress zone uses default then whether or not the packet will be allowed is determined by the egress zone. For a forwarded packet that ingresses zoneA and egresses zoneB: if zoneA's target is ACCEPT, DROP, or REJECT then the packet is accepted, dropped, or rejected respectively. if zoneA's target is default, then the packet is accepted, dropped, or rejected based on zoneB's target. If zoneB's target is also default, then the packet will be rejected by firewalld's catchall reject. Zone drifting from source-based zone to interface-based zone This only applies if is enabled. See firewalld.conf5. If a packet ingresses a source-based zone with a target of default, it may still enter an interface-based zone (including the default zone). Options to Adapt and Query Zones Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). =zone List everything added for or enabled in zone. If zone is omitted, default zone will be used. =zone List services added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =service =timeval Add a service for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. The option is not combinable with the option. =zone =service Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. =zone =service Return whether service has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List ports added for zone as a space separated list. A port is of the form portid-portid/protocol, it can be either a port and protocol pair or a port range with a protocol. If zone is omitted, default zone will be used. =zone =portid-portid/protocol =timeval Add the port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =portid-portid/protocol Remove the port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =portid-portid/protocol Return whether the port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List protocols added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =protocol =timeval Add the protocol for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. The option is not combinable with the option. =zone =protocol Remove the protocol from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =protocol Return whether the protocol has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List source ports added for zone as a space separated list. A port is of the form portid-portid/protocol. If zone is omitted, default zone will be used. =zone =portid-portid/protocol =timeval Add the source port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =portid-portid/protocol Remove the source port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =portid-portid/protocol Return whether the source port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List Internet Control Message Protocol (ICMP) type blocks added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =icmptype =timeval Add an ICMP block for icmptype for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes The option is not combinable with the option. =zone =icmptype Remove the ICMP block for icmptype from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =icmptype Return whether an ICMP block for icmptype has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List IPv4 forward ports added for zone as a space separated list. If zone is omitted, default zone will be used. For IPv6 forward ports, please use the rich language. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask =timeval Add the IPv4 forward port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address. The option is not combinable with the option. For IPv6 forward ports, please use the rich language. Note: IP forwarding will be implicitly enabled if is specified. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Remove the IPv4 forward port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. For IPv6 forward ports, please use the rich language. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Return whether the IPv4 forward port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For IPv6 forward ports, please use the rich language. =zone =timeval Enable IPv4 masquerade for zone. If zone is omitted, default zone will be used. If a timeout is supplied, masquerading will be active for the specified amount of time. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection. The option is not combinable with the option. For IPv6 masquerading, please use the rich language. Note: IP forwarding will be implicitly enabled. =zone Disable IPv4 masquerade for zone. If zone is omitted, default zone will be used. If the masquerading was enabled with a timeout, it will be disabled also. For IPv6 masquerading, please use the rich language. =zone Return whether IPv4 masquerading has been enabled for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For IPv6 masquerading, please use the rich language. =zone List rich language rules added for zone as a newline separated list. If zone is omitted, default zone will be used. =zone ='rule' =timeval Add rich language rule 'rule' for zone. This option can be specified multiple times. If zone is omitted, default zone will be used. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. For the rich language rule syntax, please have a look at firewalld.richlanguage5. The option is not combinable with the option. =zone ='rule' Remove rich language rule 'rule' from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone ='rule' Return whether a rich language rule 'rule' has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For the rich language rule syntax, please have a look at firewalld.richlanguage5. Options to Handle Bindings of Interfaces Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. An interface name is a string up to 16 characters long, that may not contain , , and . =zone List interfaces that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =interface Bind interface interface to zone zone. If zone is omitted, default zone will be used. If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set. You should do it only if there's no @IFCFGDIR@/ifcfg-interface file. If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined. Please also have a look at the firewalld1 man page in the Concepts section. For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5. =zone =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. Change zone the interface interface is bound to to zone zone. It's basically followed by . If the interface has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =interface Query whether interface interface is bound to zone zone. Returns 0 if true, 1 otherwise. =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone. Only the zone binding is then removed in firewalld then. Remove binding of interface interface from zone it was previously added to. Options to Handle Bindings of Sources Binding a source to a zone means that this zone settings will be used to restrict traffic from this source. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. =zone List sources that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Bind the source to zone zone. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Change zone the source is bound to to zone zone. It's basically followed by . If the source has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Query whether the source is bound to the zone zone. Returns 0 if true, 1 otherwise. =source/mask|MAC|ipset:ipset Remove binding of the source from zone it was previously added to. IPSet Options Print the supported ipset types. =ipset =type =inet|inet6 =key=value Add a new permanent and empty ipset with specifying the type and optional the family and options like timeout, hashsize and maxelem. For more information please have a look at ipset8 man page. ipset names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =ipset Add a new permanent ipset from a prepared ipset file with an optional name override. =ipset Delete an existing permanent ipset. =ipset Load ipset default settings or report NO_DEFAULTS error. Print information about the ipset ipset. The output format is: ipset type: type options: option1[=value1] .. entries: entry1 .. Print predefined ipsets as a space separated list. =ipset =description Set new description to ipset =ipset Print description for ipset =ipset =description Set short description to ipset =ipset Print short description for ipset =ipset =entry Add a new entry to the ipset. Adding an entry to an ipset with option timeout is permitted, but these entries are not tracked by firewalld. =ipset =entry Remove an entry from the ipset. =ipset =entry Return whether the entry has been added to an ipset. Returns 0 if true, 1 otherwise. Querying an ipset with a timeout will yield an error. Entries are not tracked for ipsets with a timeout. =ipset List all entries of the ipset. =ipset =filename Add a new entries to the ipset from the file. For all entries that are listed in the file but already in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =filename Remove existing entries from the ipset from the file. For all entries that are listed in the file but not in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. Print path of the ipset configuration file. Service Options Options in this section affect only one particular service. Print information about the service service. The output format is: service ports: port1 .. protocols: protocol1 .. source-ports: source-port1 .. helpers: helper1 .. destination: ipv1:address1 .. The following options are only usable in the permanent configuration. =service Add a new permanent and empty service. Service names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =service Add a new permanent service from a prepared service file with an optional name override. =service Delete an existing permanent service. =service Load service default settings or report NO_DEFAULTS error. Print path of the service configuration file. =service =description Set new description to service =service Print description for service =service =description Set short description to service =service Print short description for service =service =portid-portid/protocol Add a new port to the permanent service. =service =portid-portid/protocol Remove a port from the permanent service. =service =portid-portid/protocol Return wether the port has been added to the permanent service. =service List ports added to the permanent service. =service =protocol Add a new protocol to the permanent service. =service =protocol Remove a protocol from the permanent service. =service =protocol Return wether the protocol has been added to the permanent service. =service List protocols added to the permanent service. =service =portid-portid/protocol Add a new source port to the permanent service. =service =portid-portid/protocol Remove a source port from the permanent service. =service =portid-portid/protocol Return wether the source port has been added to the permanent service. =service List source ports added to the permanent service. =service =helper Add a new helper to the permanent service. =service =helper Remove a helper from the permanent service. =service =helper Return wether the helper has been added to the permanent service. =service List helpers added to the permanent service. =service =ipv:address/mask Set destination for ipv to address[/mask] in the permanent service. =service =ipv Remove the destination for ipv from the permanent service. =service =ipv:address/mask Return wether the destination ipv to address[/mask] has been set in the permanent service. =service List destinations added to the permanent service. =service =service Add a new include to the permanent service. =service =service Remove a include from the permanent service. =service =service Return wether the include has been added to the permanent service. =service List includes added to the permanent service. Helper Options Options in this section affect only one particular helper. Print information about the helper helper. The output format is: helper family: family module: module ports: port1 .. The following options are only usable in the permanent configuration. =helper =nf_conntrack_module =ipv4|ipv6 Add a new permanent helper with module and optionally family defined. Helper names must be alphanumeric and may additionally include characters: '-'. =filename =helper Add a new permanent helper from a prepared helper file with an optional name override. =helper Delete an existing permanent helper. =helper Load helper default settings or report NO_DEFAULTS error. Print path of the helper configuration file. Print predefined helpers as a space separated list. =helper =description Set new description to helper =helper Print description for helper =helper =description Set short description to helper =helper Print short description for helper =helper =portid-portid/protocol Add a new port to the permanent helper. =helper =portid-portid/protocol Remove a port from the permanent helper. =helper =portid-portid/protocol Return wether the port has been added to the permanent helper. =helper List ports added to the permanent helper. =helper =description Set module description for helper =helper Print module description for helper =helper =description Set family description for helper =helper Print family description of helper Internet Control Message Protocol (ICMP) type Options Options in this section affect only one particular icmptype. Print information about the icmptype icmptype. The output format is: icmptype destination: ipv1 .. The following options are only usable in the permanent configuration. =icmptype Add a new permanent and empty icmptype. ICMP type names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =icmptype Add a new permanent icmptype from a prepared icmptype file with an optional name override. =icmptype Delete an existing permanent icmptype. =icmptype Load icmptype default settings or report NO_DEFAULTS error. =icmptype =description Set new description to icmptype =icmptype Print description for icmptype =icmptype =description Set short description to icmptype =icmptype Print short description for icmptype =icmptype =ipv Enable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Disable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Return whether destination for ipv is enabled in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype List destinations in permanent icmptype. Print path of the icmptype configuration file. Direct Options The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct options should be used only as a last resort when it's not possible to use for example =service or ='rule'. Warning: Direct rules behavior is different depending on the value of FirewallBackend. See CAVEATS in firewalld.direct5. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables8), with ipv6 for IPv6 (ip6tables8) and with eb for ethernet bridges (ebtables8). Get all chains added to all tables. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table Get all chains added to table table as a space separated list. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table chain Add a new chain with name chain to table table. Make sure there's no other chain with this name already. There already exist basic chains to use with direct options, for example INPUT_direct chain (see iptables-save | grep direct output for all of them). These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. { ipv4 | ipv6 | eb } table chain Remove chain with name chain from table table. Only chains previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Return whether a chain with name chain exists in table table. Returns 0 if true, 1 otherwise. This option concerns only chains previously added with . Get all rules added to all chains in all tables as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain Get all rules added to chain chain in table table as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain priority args Add a rule with the arguments args to chain chain in table table with priority priority. The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. { ipv4 | ipv6 | eb } table chain priority args Remove a rule with priority and the arguments args from chain chain in table table. Only rules previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Remove all rules in the chain with name chain exists in table table. This option concerns only rules previously added with in this chain. { ipv4 | ipv6 | eb } table chain priority args Return whether a rule with priority and the arguments args exists in chain chain in table table. Returns 0 if true, 1 otherwise. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } args Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs. Get all passthrough rules as a newline separated list of the ipv value and arguments. { ipv4 | ipv6 | eb } Get all passthrough rules for the ipv value as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } args Add a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Remove a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Return whether a passthrough rule with the arguments args exists for the ipv value. Returns 0 if true, 1 otherwise. Lockdown Options Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Be careful - if firewall-cmd is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with firewall-cmd, you would need to edit firewalld.conf. This is a runtime and permanent change. Disable lockdown. This is a runtime and permanent change. Query whether lockdown is enabled. Returns 0 if lockdown is enabled, 1 otherwise. Lockdown Whitelist Options The lockdown whitelist can contain commands, contexts, users and user ids. If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Commands for user root and others is not always the same. Example: As root /bin/firewall-cmd is used, as a normal user /usr/bin/firewall-cmd is be used on Fedora. The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context. Warning: If the context is unconfined, then this will open access for more than the desired application. The lockdown whitelist entries are checked in the following order: 1. context 2. uid 3. user 4. command List all command lines that are on the whitelist. =command Add the command to the whitelist. =command Remove the command from the whitelist. =command Query whether the command is on the whitelist. Returns 0 if true, 1 otherwise. List all contexts that are on the whitelist. =context Add the context context to the whitelist. =context Remove the context from the whitelist. =context Query whether the context is on the whitelist. Returns 0 if true, 1 otherwise. List all user ids that are on the whitelist. =uid Add the user id uid to the whitelist. =uid Remove the user id uid from the whitelist. =uid Query whether the user id uid is on the whitelist. Returns 0 if true, 1 otherwise. List all user names that are on the whitelist. =user Add the user name user to the whitelist. =user Remove the user name user from the whitelist. =user Query whether the user name user is on the whitelist. Returns 0 if true, 1 otherwise. Panic Options Enable panic mode. All incoming and outgoing packets are dropped, active connections will expire. Enable this only if there are serious problems with your network environment. For example if the machine is getting hacked in. This is a runtime only change. Disable panic mode. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time. This is a runtime only change. Returns 0 if panic mode is enabled, 1 otherwise. Examples For more examples see Example 1 Enable http service in default zone. This is runtime only change, i.e. effective until restart. firewall-cmd --add-service=http Example 2 Enable port 443/tcp immediately and permanently in default zone. To make the change effective immediately and also after restart we need two commands. The first command makes the change in runtime configuration, i.e. makes it effective immediately, until restart. The second command makes the change in permanent configuration, i.e. makes it effective after restart. firewall-cmd --add-port=443/tcp firewall-cmd --permanent --add-port=443/tcp Exit Codes On success 0 is returned. On failure the output is red colored and exit code is either 2 in case of wrong command-line option usage or one of the following error codes in other cases: String Code &errorcodes; Note that return codes of --query-* options are special: Successful queries return 0, unsuccessful ones return 1 unless an error occurred in which case the table above applies. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.service.xml0000664007115300711530000002262713641106075022367 0ustar00egarveregarver00000000000000 ]> firewalld.service firewalld &authors; firewalld.service 5 firewalld.service firewalld service configuration files /firewalld/services/service.xml /lib/firewalld/services/service.xml Description A firewalld service configuration file provides the information of a service entry for firewalld. The most important configuration options are ports, modules and destination addresses. This example configuration file shows the structure of a service configuration file: <?xml version="1.0" encoding="utf-8"?> <service> <short>My Service</short> <description>description</description> <port port="137" protocol="tcp"/> <protocol value="igmp"/> <module name="nf_conntrack_netbios_ns"/> <destination ipv4="224.0.0.251" ipv6="ff02::fb"/> <include service="ssdp"/> <helper name="ftp"/> </service> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. service The mandatory service start and end tag defines the service. This tag can only be used once in a service configuration file. There are optional attributes for services: version="string" To give the service a version. short Is an optional start and end tag and is used to give an service a more readable name. description Is an optional start and end tag to have a description for a service. port Is an optional empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory: port="string" The port string can be a single port number or a port range portid-portid or also empty to match a protocol only. protocol="string" The protocol value can either be tcp, udp, sctp or dccp. For compatibility with older firewalld versions, it is possible to add protocols with the port option where the port is empty. With the addition of native protocol support in the service, this it not needed anymore. These entries will automatically be converted to protocols. With the next modification of the service file, the enries will be listed as protocols. protocol Is an optional empty-element tag and can be used several times to have more than one protocol entry. A protocol entry has exactly one attribute: value="string" The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. source-port Is an optional empty-element tag and can be used several times to have more than one source port entry. All attributes of a source port entry are mandatory: port="string" The port string can be a single port number or a port range portid-portid. protocol="string" The protocol value can either be tcp, udp, sctp or dccp. module This element is deprecated. Please use helper described below in . destination Is an optional empty-element tag and can be used only once. The destination specifies the destination network as a network IP address (optional with /mask), or a plain IP address. The use of hostnames is not recommended, because these will only be resolved at service activation and transmitted to the kernel. For more information in this element, please have a look at in iptables8 and ip6tables8. ipv4="address[/mask]" The IPv4 destination address with optional mask. ipv6="address[/mask]" The IPv6 destination address with optional mask. include Is an optional empty-element tag and can be used several times to have more than one include entry. An include entry has exactly one attribute: service="string" The include can be any service supported by firewalld. Warning:Firewalld will only check that the included service is a valid service if it's applied to a zone. helper Is an optional empty-element tag and can be used several times to have more than one helper entry. An helper entry has exactly one attribute: name="string" The helper can be any helper supported by firewalld. &seealso; ¬es; firewalld-0.8.2/doc/xml/transform-man.xsl.in0000664007115300711530000000250613341016621022142 0ustar00egarveregarver00000000000000 @PACKAGE_STRING@ @SYSCONFDIR@ @PREFIX@ \fI\fR \fI\fR \fI\fR firewalld-0.8.2/doc/xml/notes.xml0000664007115300711530000000237413614563155020112 0ustar00egarveregarver00000000000000 Notes firewalld home page: More documentation with examples: firewalld-0.8.2/doc/xml/firewalld.ipset.xml0000664007115300711530000001231213341016621022033 0ustar00egarveregarver00000000000000 ]> firewalld.ipset firewalld &authors; firewalld.ipset 5 firewalld.ipset firewalld ipset configuration files /firewalld/ipsets/ipset.xml /lib/firewalld/ipsets/ipset.xml Description A firewalld ipset configuration file provides the information of an ip set for firewalld. The most important configuration options are type, option and entry. This example configuration file shows the structure of an ipset configuration file: <?xml version="1.0" encoding="utf-8"?> <ipset type="hash:ip"> <short>My Ipset</short> <description>description</description> <entry>1.2.3.4</entry> <entry>1.2.3.5</entry> <entry>1.2.3.6</entry> </ipset> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. ipset The mandatory ipset start and end tag defines the ipset. This tag can only be used once in a ipset configuration file. There is one mandatory and also optional attributes for ipsets: type="string" The mandatory type of the ipset. To get the list of supported types, use firewall-cmd --get-ipset-types. version="string" To give the ipset a version. short Is an optional start and end tag and is used to give an ipset a more readable name. description Is an optional start and end tag to have a description for a ipset. option Is an optional empty-element tag and can be used several times to have more than one option. Mostly all attributes of an option entry are mandatory: name="string" The mandatory option name string. value="string" The optional value of the option. The supported options are: family: "inet"|"inet6", timeout: integer, hashsize: integer, maxelem: integer. For more information on these options, please have a look at the ipset documentation. entry Is an optional start and end tag and can be used several times to have more than one entry entry. An entry entry does not have attributes. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewall-offline-cmd.xml0000664007115300711530000027430213641106203022735 0ustar00egarveregarver00000000000000 ]> firewall-offline-cmd firewalld &authors; firewall-offline-cmd 1 firewall-offline-cmd firewalld offline command line client firewall-offline-cmd OPTIONS Description firewall-offline-cmd is an offline command line client of the firewalld daemon. It should be used only if the firewalld service is not running. For example to migrate from system-config-firewall/lokkit or in the install environment to configure firewall settings with kickstart. Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message. This tool tries to convert as much as possible, but there are limitations for example with custom rules, modules and masquerading. Check the firewall configuration after using this tool. Options If no options are given, configuration from /etc/sysconfig/system-config-firewall will be migrated. Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16) errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used. The following options are supported: General Options Prints a short help text and exists. Prints the version string of firewalld and exits. Do not print status messages. Path to firewalld default configuration. This usually defaults to /usr/lib/firewalld. Path to firewalld system (user) configuration. This usually defaults to /etc/firewalld. Status Options Enable the firewall. This option is a default option and will activate the firewall if not already enabled as long as the option is not given. Disable the firewall by disabling the firewalld service. Run checks on the permanent (default and system) configuration. This includes XML validity and semantics. This is may be used with to check the validity of handwritten configuration files before copying them to the standard location. Lokkit Compatibility Options These options are nearly identical to the options of lokkit. Migrate system-config-firewall configuration from the given file. No further =module This option will result in a warning message and will be ignored. Handling of netfilter helpers has been merged into services completely. Adding or removing netfilter helpers outside of services is therefore not needed anymore. For more information on handling netfilter helpers in services, please have a look at firewalld.zone5. This option will result in a warning message and will be ignored. Handling of netfilter helpers has been merged into services completely. Adding or removing netfilter helpers outside of services is therefore not needed anymore. For more information on handling netfilter helpers in services, please have a look at firewalld.zone5. =service Remove a service from the default zone. This option can be specified multiple times. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. service =service Add a service to the default zone. This option can be specified multiple times. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. portid-portid:protocol =portid-portid:protocol Add the port to the default zone. This option can be specified multiple times. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. interface =interface This option will result in a warning message. Mark an interface as trusted. This option can be specified multiple times. The interface will be bound to the trusted zone. If the interface is used in a NetworkManager managed connection or if there is an ifcfg file for this interface, the zone will be changed to the zone defined in the configuration as soon as it gets activated. To change the zone of a connection use nm-connection-editor and set the zone to trusted, for an ifcfg file, use an editor and add "ZONE=trusted". If the zone is not defined in the ifcfg file, the firewalld default zone will be used. interface =interface This option will result in a warning message. Masquerading will be enabled in the default zone. The interface argument will be ignored. This is for IPv4 only. =type:table:filename This option will result in a warning message and will be ignored. Custom rule files are not supported by firewalld. =if=interface:port=port:proto=protocol:toport=destination port::toaddr=destination address This option will result in a warning message. Add the IPv4 forward port in the default zone. This option can be specified multiple times. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is an IP address. =icmptype This option will result in a warning message. Add an ICMP block for icmptype in the default zone. This option can be specified multiple times. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes Log Denied Options Print the log denied setting. =value Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules. Zone Options Print default zone for connections and interfaces. =zone Set default zone for connections and interfaces where no zone has been selected. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. Print predefined zones as a space separated list. Print predefined services as a space separated list. Print predefined icmptypes as a space separated list. =interface Print the name of the zone the interface is bound to or no zone. =source/mask|MAC|ipset:ipset Print the name of the zone the source is bound to or no zone. Print information about the zone zone. The output format is: zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. List everything added for or enabled in all zones. The output format is: zone1 interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. .. =zone Add a new permanent zone. Zone names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =zone Add a new permanent zone from a prepared zone file with an optional name override. Print path of the zone configuration file. =zone Delete an existing permanent zone. =zone =description Set new description to zone =zone Print description for zone =zone =description Set short description to zone =zone Print short description for zone =zone Get the target of a permanent zone. =zone =zone Set the target of a permanent zone. target is one of: default, ACCEPT, DROP, REJECT default is similar to REJECT, but has special meaning in the following scenarios: ICMP explicitly allowed At the end of the zone's ruleset ICMP packets are explicitly allowed. forwarded packets follow the target of the egress zone In the case of forwarded packets, if the ingress zone uses default then whether or not the packet will be allowed is determined by the egress zone. For a forwarded packet that ingresses zoneA and egresses zoneB: if zoneA's target is ACCEPT, DROP, or REJECT then the packet is accepted, dropped, or rejected respectively. if zoneA's target is default, then the packet is accepted, dropped, or rejected based on zoneB's target. If zoneB's target is also default, then the packet will be rejected by firewalld's catchall reject. Zone drifting from source-based zone to interface-based zone This only applies if is enabled. See firewalld.conf5. If a packet ingresses a source-based zone with a target of default, it may still enter an interface-based zone (including the default zone). Options to Adapt and Query Zones Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). =zone List everything added for or enabled in zone. If zone is omitted, default zone will be used. =zone List services added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =service Add a service for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. =zone =service Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. =zone =service Return whether service has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List ports added for zone as a space separated list. A port is of the form portid-portid/protocol, it can be either a port and protocol pair or a port range with a protocol. If zone is omitted, default zone will be used. =zone =portid-portid/protocol Add the port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. =zone =portid-portid/protocol Remove the port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =portid-portid/protocol Return whether the port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List protocols added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =protocol Add the protocol for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. =zone =protocol Remove the protocol from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =protocol Return whether the protocol has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List Internet Control Message Protocol (ICMP) type blocks added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =icmptype Add an ICMP block for icmptype for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes =zone =icmptype Remove the ICMP block for icmptype from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =icmptype Return whether an ICMP block for icmptype has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List IPv4 forward ports added for zone as a space separated list. If zone is omitted, default zone will be used. For IPv6 forward ports, please use the rich language. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Add the IPv4 forward port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address. For IPv6 forward ports, please use the rich language. Note: IP forwarding will be implicitly enabled if is specified. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Remove the IPv4 forward port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. For IPv6 forward ports, please use the rich language. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Return whether the IPv4 forward port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For IPv6 forward ports, please use the rich language. =zone List source ports added for zone as a space separated list. A port is of the form portid-portid/protocol. If zone is omitted, default zone will be used. =zone =portid-portid/protocol Add the source port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. =zone =portid-portid/protocol Remove the source port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =portid-portid/protocol Return whether the source port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone Enable IPv4 masquerade for zone. If zone is omitted, default zone will be used. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection. For IPv6 masquerading, please use the rich language. Note: IP forwarding will be implicitly enabled. =zone Disable IPv4 masquerade for zone. If zone is omitted, default zone will be used. For IPv6 masquerading, please use the rich language. =zone Return whether IPv4 masquerading has been enabled for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For IPv6 masquerading, please use the rich language. =zone List rich language rules added for zone as a newline separated list. If zone is omitted, default zone will be used. =zone ='rule' Add rich language rule 'rule' for zone. This option can be specified multiple times. If zone is omitted, default zone will be used. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone ='rule' Remove rich language rule 'rule' from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone ='rule' Return whether a rich language rule 'rule' has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For the rich language rule syntax, please have a look at firewalld.richlanguage5. Options to Handle Bindings of Interfaces Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. An interface name is a string up to 16 characters long, that may not contain , , and . =zone List interfaces that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =interface Bind interface interface to zone zone. If zone is omitted, default zone will be used. =zone =interface Change zone the interface interface is bound to to zone zone. If zone is omitted, default zone will be used. If old and new zone are the same, the call will be ignored without an error. If the interface has not been bound to a zone before, it will behave like . =zone =interface Query whether interface interface is bound to zone zone. Returns 0 if true, 1 otherwise. =zone =interface Remove binding of interface interface from zone zone. If zone is omitted, default zone will be used. Options to Handle Bindings of Sources Binding a source to a zone means that this zone settings will be used to restrict traffic from this source. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. =zone List sources that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Bind the source to zone zone. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Change zone the source is bound to to zone zone. If zone is omitted, default zone will be used. If old and new zone are the same, the call will be ignored without an error. If the source has not been bound to a zone before, it will behave like . =zone =source/mask|MAC|ipset:ipset Query whether the source is bound to the zone zone. Returns 0 if true, 1 otherwise. =zone =source/mask|MAC|ipset:ipset Remove binding of the source from zone zone. If zone is omitted, default zone will be used. IPSet Options =ipset =ipset type =ipset option=value Add a new permanent ipset with specifying the type and optional options. ipset names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =ipset Add a new permanent ipset from a prepared ipset file with an optional name override. =ipset Delete an existing permanent ipset. Print information about the ipset ipset. The output format is: ipset type: type options: option1[=value1] .. entries: entry1 .. Print predefined ipsets as a space separated list. =ipset =entry Add a new entry to the ipset. =ipset =entry Remove an entry from the ipset. =ipset =entry Return whether the entry has been added to an ipset. Returns 0 if true, 1 otherwise. =ipset List all entries of the ipset. =ipset =filename Add a new entries to the ipset from the file. For all entries that are listed in the file but already in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =filename Remove existing entries from the ipset from the file. For all entries that are listed in the file but not in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =description Set new description to ipset =ipset Print description for ipset =ipset =description Set new short description to ipset =ipset Print short description for ipset Print path of the ipset configuration file. Service Options Print information about the service service. The output format is: service ports: port1 .. protocols: protocol1 .. source-ports: source-port1 .. helpers: helper1 .. destination: ipv1:address1 .. =service Add a new permanent service. Service names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =service Add a new permanent service from a prepared service file with an optional name override. =service Delete an existing permanent service. Print path of the service configuration file. =service =description Set new description to service =service Print description for service =service =description Set short description to service =service Print short description for service =service =portid-portid/protocol Add a new port to the permanent service. =service =portid-portid/protocol Remove a port from the permanent service. =service =portid-portid/protocol Return wether the port has been added to the permanent service. =service List ports added to the permanent service. =service =protocol Add a new protocol to the permanent service. =service =protocol Remove a protocol from the permanent service. =service =protocol Return wether the protocol has been added to the permanent service. =service List protocols added to the permanent service. =service =portid-portid/protocol Add a new source port to the permanent service. =service =portid-portid/protocol Remove a source port from the permanent service. =service =portid-portid/protocol Return wether the source port has been added to the permanent service. =service List source ports added to the permanent service. =service =helper Add a new helper to the permanent service. =service =helper Remove a helper from the permanent service. =service =helper Return wether the helper has been added to the permanent service. =service List helpers added to the permanent service. =service =ipv:address/mask Set destination for ipv to address[/mask] in the permanent service. =service =ipv Remove the destination for ipv from the permanent service. =service =ipv:address/mask Return wether the destination ipv to address[/mask] has been set in the permanent service. =service List destinations added to the permanent service. =service =service Add a new include to the permanent service. =service =service Remove a include from the permanent service. =service =service Return wether the include has been added to the permanent service. =service List includes added to the permanent service. Helper Options Options in this section affect only one particular helper. Print information about the helper helper. The output format is: helper family: family module: module ports: port1 .. The following options are only usable in the permanent configuration. =helper =nf_conntrack_module =ipv4|ipv6 Add a new permanent helper with module and optionally family defined. Helper names must be alphanumeric and may additionally include characters: '-'. =filename =helper Add a new permanent helper from a prepared helper file with an optional name override. =helper Delete an existing permanent helper. =helper Load helper default settings or report NO_DEFAULTS error. Print path of the helper configuration file. Print predefined helpers as a space separated list. =helper =description Set new description to helper =helper Print description for helper =helper =description Set short description to helper =helper Print short description for helper =helper =portid-portid/protocol Add a new port to the permanent helper. =helper =portid-portid/protocol Remove a port from the permanent helper. =helper =portid-portid/protocol Return wether the port has been added to the permanent helper. =helper List ports added to the permanent helper. =helper =description Set module description for helper =helper Print module description for helper =helper =description Set family description for helper =helper Print family description of helper Internet Control Message Protocol (ICMP) type Options Print information about the icmptype icmptype. The output format is: icmptype destination: ipv1 .. =icmptype Add a new permanent icmptype. ICMP type names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =icmptype Add a new permanent icmptype from a prepared icmptype file with an optional name override. =icmptype Delete an existing permanent icmptype. =icmptype =description Set new description to icmptype =icmptype Print description for icmptype =icmptype =description Set short description to icmptype =icmptype Print short description for icmptype =icmptype =ipv Enable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Disable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Return whether destination for ipv is enabled in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype List destinations in permanent icmptype. Print path of the icmptype configuration file. Direct Options The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct options should be used only as a last resort when it's not possible to use for example =service or ='rule'. Warning: Direct rules behavior is different depending on the value of FirewallBackend. See CAVEATS in firewalld.direct5. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables8), with ipv6 for IPv6 (ip6tables8) and with eb for ethernet bridges (ebtables8). Get all chains added to all tables. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table Get all chains added to table table as a space separated list. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table chain Add a new chain with name chain to table table. There already exist basic chains to use with direct options, for example INPUT_direct chain (see iptables-save | grep direct output for all of them). These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. { ipv4 | ipv6 | eb } table chain Remove the chain with name chain from table table. { ipv4 | ipv6 | eb } table chain Return whether a chain with name chain exists in table table. Returns 0 if true, 1 otherwise. This option concerns only chains previously added with . Get all rules added to all chains in all tables as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } table chain Get all rules added to chain chain in table table as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } table chain priority args Add a rule with the arguments args to chain chain in table table with priority priority. The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. { ipv4 | ipv6 | eb } table chain priority args Remove a rule with priority and the arguments args from chain chain in table table. { ipv4 | ipv6 | eb } table chain Remove all rules in the chain with name chain exists in table table. This option concerns only rules previously added with in this chain. { ipv4 | ipv6 | eb } table chain priority args Return whether a rule with priority and the arguments args exists in chain chain in table table. Returns 0 if true, 1 otherwise. Get all permanent passthrough as a newline separated list of the ipv value and arguments. { ipv4 | ipv6 | eb } Get all permanent passthrough rules for the ipv value as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } args Add a permanent passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Remove a permanent passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Return whether a permanent passthrough rule with the arguments args exists for the ipv value. Returns 0 if true, 1 otherwise. Lockdown Options Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Be careful - if firewall-cmd is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with firewall-cmd, you would need to edit firewalld.conf. Disable lockdown. Query whether lockdown is enabled. Returns 0 if lockdown is enabled, 1 otherwise. Lockdown Whitelist Options The lockdown whitelist can contain commands, contexts, users and user ids. If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Commands for user root and others is not always the same. Example: As root /bin/firewall-cmd is used, as a normal user /usr/bin/firewall-cmd is be used on Fedora. The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context. Warning: If the context is unconfined, then this will open access for more than the desired application. The lockdown whitelist entries are checked in the following order: 1. context 2. uid 3. user 4. command List all command lines that are on the whitelist. =command Add the command to the whitelist. =command Remove the command from the whitelist. =command Query whether the command is on the whitelist. Returns 0 if true, 1 otherwise. List all contexts that are on the whitelist. =context Add the context context to the whitelist. =context Remove the context from the whitelist. =context Query whether the context is on the whitelist. Returns 0 if true, 1 otherwise. List all user ids that are on the whitelist. =uid Add the user id uid to the whitelist. =uid Remove the user id uid from the whitelist. =uid Query whether the user id uid is on the whitelist. Returns 0 if true, 1 otherwise. List all user names that are on the whitelist. =user Add the user name user to the whitelist. =user Remove the user name user from the whitelist. =user Query whether the user name user is on the whitelist. Returns 0 if true, 1 otherwise. Policy Options Change Polkit actions to 'server' (more restricted) Change Polkit actions to 'desktop' (less restricted) &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.xml.in0000664007115300711530000002625713620317435021341 0ustar00egarveregarver00000000000000 ]> firewalld firewalld &authors; firewalld 1 firewalld Dynamic Firewall Manager firewalld OPTIONS Description firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. Options These are the command line options of firewalld: Prints a short help text and exists. Path to firewalld default configuration. This usually defaults to /usr/lib/firewalld. =level Set the debug level for firewalld to level. The range of the debug level is 1 (lowest level) to 10 (highest level). The debug output will be written to the firewalld log file /var/log/firewalld. Print garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks. Turn off daemon forking. Force firewalld to run as a foreground process instead of as a daemon in the background. Disable writing pid file. By default the program will write a pid file. If the program is invoked with this option it will not check for an existing server process. Path to firewalld system (user) configuration. This usually defaults to /etc/firewalld. Concepts firewalld has a D-Bus interface for firewall configuration of services and applications. It also has a command line client for the user. Services or applications already using D-Bus can request changes to the firewall with the D-Bus interface directly. For more information on the firewalld D-Bus interface, please have a look at firewalld.dbus5. firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in /usr/lib/firewalld () or /etc/firewalld () (see ). If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file. The interfaces will automatically be handled by the default zone. firewalld will also not get notified about network device renames. All this also applies to interfaces that are not controlled by NetworkManager if NM_CONTROLLED=no is set. You can add these interfaces to a zone with firewall-cmd [--permanent] --zone=zone --add-interface=interface. If there is a @IFCFGDIR@/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file. If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces. This mechanism is not possible in the case of a firewalld service restart. It is essential to keep the ZONE= setting in the ifcfg file consistent to the binding in firewalld in the case of NetworkManager uncontrolled interfaces. Zones A network or firewall zone defines the trust level of the interface used for a connection. There are several pre-defined zones provided by firewalld. Zone configuration options and generic information about zones are described in firewalld.zone5 Services A service can be a list of local ports, protocols and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled. Service configuration options and generic information about services are described in firewalld.service5. The use of predefined services makes it easier for the user to enable and disable access to a service. ICMP types The Internet Control Message Protocol (ICMP) is used to exchange information and also error messages in the Internet Protocol (IP). ICMP types can be used in firewalld to limit the exchange of these messages. For more information, please have a look at firewalld.icmptype5. Runtime configuration Runtime configuration is the actual active configuration and is not permanent. After reload/restart of the service or a system reboot, runtime settings will be gone if they haven't been also in permanent configuration. Permanent configuration The permanent configuration is stored in config files and will be loaded and become new runtime configuration with every machine boot or service reload/restart. Direct interface The direct interface is mainly used by services or applications to add specific firewall rules. It requires basic knowledge of ip(6)tables concepts (tables, chains, commands, parameters, targets). Directories firewalld supports two configuration directories: Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>) This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package. Additional , and can be provided with packages or by creating files. System configuration settings in <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>) The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand. The files will overload the default configuration files. To manually change settings of pre-defined icmptypes, zones or services, copy the file from the default configuration directory to the corresponding directory in the system configuration directory and change it accordingly. For more information on icmptypes, please have a look at the firewalld.icmptype5 man page, for services at firewalld.service5 and for zones at firewalld.zone5. SIGNALS Currently only SIGHUP is supported. SIGHUP Reloads the complete firewall configuration. You can also use firewall-cmd --reload. All runtime configuration settings will be restored. Permanent configuration will change according to options defined in the configuration files. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.direct.xml0000664007115300711530000003241213626005166022174 0ustar00egarveregarver00000000000000 ]> firewalld.direct firewalld &authors; firewalld.direct 5 firewalld.direct firewalld direct configuration file /firewalld/direct.xml Description Direct configuration gives a more direct access to the firewall. It requires user to know basic ip(6)tables/ebtables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct configuration should be used only as a last resort when it's not possible to use firewalld.zone5. See also Direct Options in firewall-cmd1. A firewalld direct configuration file contains informations about permanent direct chains, rules and passthrough ... This is the structure of a direct configuration file: <?xml version="1.0" encoding="utf-8"?> <direct> [ <chain ipv="ipv4|ipv6|eb" table="table" chain="chain"/> ] [ <rule ipv="ipv4|ipv6|eb" table="table" chain="chain" priority="priority"> args </rule> ] [ <passthrough ipv="ipv4|ipv6|eb"> args </passthrough> ] </direct> direct The mandatory direct start and end tag defines the direct. This tag can only be used once in a direct configuration file. There are no attributes for direct. chain Is an optional empty-element tag and can be used several times. It can be used to define names for additional chains. A chain entry has exactly three attributes: ipv="ipv4|ipv6|eb" The IP family where the chain will be created. This can be either ipv4, ipv6 or eb. table="table" The table name where the chain will be created. This can be one of the tables that can be used for iptables, ip6tables or ebtables. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages. chain="chain" The name of the chain, that will be created. Please make sure that there is no other chain with this name already. Please remember to add a rule or passthrough rule with an or option to connect the chain to another one. rule Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has exactly four attributes: ipv="ipv4|ipv6|eb" The IP family where the rule will be added. This can be either ipv4, ipv6 or eb. table="table" The table name where the rule will be added. This can be one of the tables that can be used for iptables, ip6tables or ebtables. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages. chain="chain" The name of the chain where the rule will be added. This can be either a built-in chain or a chain that has been created with the chain tag. If the chain name is a built-in chain, then the rule will be added to chain_direct, else the supplied chain name is used. chain_direct is created internally for all built-in chains to make sure that the added rules do not conflict with the rules created by firewalld. priority="priority" The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. The args can be any arguments of iptables or ip6tables, that do not conflict with the table or chain attributes. passthrough Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has exactly one attribute: ipv="ipv4|ipv6|eb" The IP family where the passthrough rule will be added. This can be either ipv4, ipv6 or eb. The args can be any arguments of iptables or ip6tables. The passthrough rule will be added to the chain directly. There is no mechanism like for the direct above. The user of the passthrough rule has to make sure that there will be no conflict with the rules created by firewalld. Caveats Depending on the value of FirewallBackend (see firewalld.conf5) direct rules behave differently in some scenarios. Packet accept/drop precedence Due to implementation details of netfilter inside the kernel, if FirewallBackend=nftables is used direct rules that ACCEPT packets don't actually cause the packets to be immediately accepted by the system. Those packets are still be subject to firewalld's nftables ruleset. This basically means there are two independent firewalls and packets must be accepted by both (iptables and nftables). As an aside, this scenario also occurs inside of nftables (again due to netfilter) if there are multiple chains attached to the same hook - it's not as simple as iptables vs nftables. There are a handful of options to workaround the ACCEPT issue: Rich Rules If a rich rule can be used, then they should always be preferred over direct rules. Rich Rules will be converted to the enabled FirewallBackend. See firewalld.richlanguage5. Blanket Accept Users can add an explicit accept to the nftables ruleset. This can be done by adding the interface or source to the trusted zone. This strategy is often employed by things that perform their own filtering such as: libvirt, podman, docker. Warning: This means firewalld will do no filtering on these packets. It must all be done via direct rules or out-of-band iptables rules. Selective Accept Alternatively, enable only the relevant service, port, address, or otherwise in the appropriate zone. Revert to the iptables backend A last resort is to revert to the iptables backend by setting FirewallBackend=iptables. Users should be aware that firewalld development focuses on the nftables backend. For direct rules that DROP packets the packets are immediately dropped regardless of the value of FirewallBackend. As such, there is no special consideration needed. Firewalld guarantees the above ACCEPT/DROP behavior by registering nftables hooks with a lower precedence than iptables hooks. Direct interface precedence With FirewallBackend=iptables firewalld's top-level internal rules apply before direct rules are executed. This includes rules to accept existing connections. In the past this has surprised users. As an example, if a user adds a direct rule to drop traffic on destination port 22 existing SSH sessions would continue to function, but new connections would be denied. With FirewallBackend=nftables direct rules were deliberately given a higher precedence than all other firewalld rules. This includes rules to accept existing connections. Example Blacklisting of the networks 192.168.1.0/24 and 192.168.5.0/24 with logging and dropping early in the raw table: <?xml version="1.0" encoding="utf-8"?> <direct> <chain ipv="ipv4" table="raw" chain="blacklist"/> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-s 192.168.1.0/24 -j blacklist</rule> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="1">-s 192.168.5.0/24 -j blacklist</rule> <rule ipv="ipv4" table="raw" chain="blacklist" priority="0">-m limit --limit 1/min -j LOG --log-prefix "blacklisted: "</rule> <rule ipv="ipv4" table="raw" chain="blacklist" priority="1">-j DROP</rule> </direct> &seealso; ¬es; firewalld-0.8.2/doc/xml/firewall-cmd.xml0000664007115300711530000033205613641123206021320 0ustar00egarveregarver00000000000000 ]> firewall-cmd firewalld &authors; firewall-cmd 1 firewall-cmd firewalld command line client firewall-cmd OPTIONS Description firewall-cmd is the command line client of the firewalld daemon. It provides interface to manage runtime and permanent configuration. The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration. Options Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16) errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used. The following options are supported: General Options Prints a short help text and exits. Print the version string of firewalld. This option is not combinable with other options. Do not print status messages. Status Options Check whether the firewalld daemon is active (i.e. running). Returns an exit code 0 if it is active, RUNNING_BUT_FAILED if failure occurred on startup, NOT_RUNNING otherwise. See . This will also print the state to STDOUT. Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. Reload firewall completely, even netfilter kernel modules. This will most likely terminate active connections, because state information is lost. This option should only be used in case of severe firewall problems. For example if there are state information problems that no connection can be established with correct firewall rules. Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk. Run checks on the permanent configuration. This includes XML validity and semantics. Log Denied Options Print the log denied setting. =value Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules. Permanent Options The permanent option can be used to set options permanently. These changes are not effective immediately, only after service restart/reload or system reboot. Without the option, a change will only be part of the runtime configuration. If you want to make a change in runtime and permanent configuration, use the same call with and without the option. The option can be optionally added to all options further down where it is supported. Zone Options Print default zone for connections and interfaces. =zone Set default zone for connections and interfaces where no zone has been selected. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. This is a runtime and permanent change. Print currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. The output format is: zone1 interfaces: interface1 interface2 .. sources: source1 .. zone2 interfaces: interface3 .. zone3 sources: source2 .. If there are no interfaces or sources bound to the zone, the corresponding line will be omitted. Print predefined zones as a space separated list. Print predefined services as a space separated list. Print predefined icmptypes as a space separated list. =interface Print the name of the zone the interface is bound to or no zone. =source/mask|MAC|ipset:ipset Print the name of the zone the source is bound to or no zone. Print information about the zone zone. The output format is: zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. List everything added for or enabled in all zones. The output format is: zone1 interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. .. =zone Add a new permanent and empty zone. Zone names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =zone Add a new permanent zone from a prepared zone file with an optional name override. =zone Delete an existing permanent zone. =zone Load zone default settings or report NO_DEFAULTS error. Print path of the zone configuration file. =zone =description Set new description to zone =zone Print description for zone =zone =description Set short description to zone =zone Print short description for zone =zone Get the target of a permanent zone. =zone =target Set the target of a permanent zone. target is one of: default, ACCEPT, DROP, REJECT default is similar to REJECT, but has special meaning in the following scenarios: ICMP explicitly allowed At the end of the zone's ruleset ICMP packets are explicitly allowed. forwarded packets follow the target of the egress zone In the case of forwarded packets, if the ingress zone uses default then whether or not the packet will be allowed is determined by the egress zone. For a forwarded packet that ingresses zoneA and egresses zoneB: if zoneA's target is ACCEPT, DROP, or REJECT then the packet is accepted, dropped, or rejected respectively. if zoneA's target is default, then the packet is accepted, dropped, or rejected based on zoneB's target. If zoneB's target is also default, then the packet will be rejected by firewalld's catchall reject. Zone drifting from source-based zone to interface-based zone This only applies if is enabled. See firewalld.conf5. If a packet ingresses a source-based zone with a target of default, it may still enter an interface-based zone (including the default zone). Options to Adapt and Query Zones Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). =zone List everything added for or enabled in zone. If zone is omitted, default zone will be used. =zone List services added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =service =timeval Add a service for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. The option is not combinable with the option. =zone =service Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. =zone =service Return whether service has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List ports added for zone as a space separated list. A port is of the form portid-portid/protocol, it can be either a port and protocol pair or a port range with a protocol. If zone is omitted, default zone will be used. =zone =portid-portid/protocol =timeval Add the port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =portid-portid/protocol Remove the port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =portid-portid/protocol Return whether the port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List protocols added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =protocol =timeval Add the protocol for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. The option is not combinable with the option. =zone =protocol Remove the protocol from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =protocol Return whether the protocol has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List source ports added for zone as a space separated list. A port is of the form portid-portid/protocol. If zone is omitted, default zone will be used. =zone =portid-portid/protocol =timeval Add the source port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =portid-portid/protocol Remove the source port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =portid-portid/protocol Return whether the source port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List Internet Control Message Protocol (ICMP) type blocks added for zone as a space separated list. If zone is omitted, default zone will be used. =zone =icmptype =timeval Add an ICMP block for icmptype for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes The option is not combinable with the option. =zone =icmptype Remove the ICMP block for icmptype from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. =zone =icmptype Return whether an ICMP block for icmptype has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. =zone List IPv4 forward ports added for zone as a space separated list. If zone is omitted, default zone will be used. For IPv6 forward ports, please use the rich language. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask =timeval Add the IPv4 forward port for zone. If zone is omitted, default zone will be used. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address. The option is not combinable with the option. For IPv6 forward ports, please use the rich language. Note: IP forwarding will be implicitly enabled if is specified. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Remove the IPv4 forward port from zone. If zone is omitted, default zone will be used. This option can be specified multiple times. For IPv6 forward ports, please use the rich language. =zone =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Return whether the IPv4 forward port has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For IPv6 forward ports, please use the rich language. =zone =timeval Enable IPv4 masquerade for zone. If zone is omitted, default zone will be used. If a timeout is supplied, masquerading will be active for the specified amount of time. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection. The option is not combinable with the option. For IPv6 masquerading, please use the rich language. Note: IP forwarding will be implicitly enabled. =zone Disable IPv4 masquerade for zone. If zone is omitted, default zone will be used. If the masquerading was enabled with a timeout, it will be disabled also. For IPv6 masquerading, please use the rich language. =zone Return whether IPv4 masquerading has been enabled for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For IPv6 masquerading, please use the rich language. =zone List rich language rules added for zone as a newline separated list. If zone is omitted, default zone will be used. =zone ='rule' =timeval Add rich language rule 'rule' for zone. This option can be specified multiple times. If zone is omitted, default zone will be used. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. For the rich language rule syntax, please have a look at firewalld.richlanguage5. The option is not combinable with the option. =zone ='rule' Remove rich language rule 'rule' from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone ='rule' Return whether a rich language rule 'rule' has been added for zone. If zone is omitted, default zone will be used. Returns 0 if true, 1 otherwise. For the rich language rule syntax, please have a look at firewalld.richlanguage5. Options to Handle Bindings of Interfaces Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. An interface name is a string up to 16 characters long, that may not contain , , and . =zone List interfaces that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =interface Bind interface interface to zone zone. If zone is omitted, default zone will be used. If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set. You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-interface file. If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined. Please also have a look at the firewalld1 man page in the Concepts section. For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5. =zone =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. Change zone the interface interface is bound to to zone zone. It's basically followed by . If the interface has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =interface Query whether interface interface is bound to zone zone. Returns 0 if true, 1 otherwise. =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone. Only the zone binding is then removed in firewalld then. Remove binding of interface interface from zone it was previously added to. Options to Handle Bindings of Sources Binding a source to a zone means that this zone settings will be used to restrict traffic from this source. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. =zone List sources that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Bind the source to zone zone. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Change zone the source is bound to to zone zone. It's basically followed by . If the source has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Query whether the source is bound to the zone zone. Returns 0 if true, 1 otherwise. =source/mask|MAC|ipset:ipset Remove binding of the source from zone it was previously added to. IPSet Options Print the supported ipset types. =ipset =type =inet|inet6 =key=value Add a new permanent and empty ipset with specifying the type and optional the family and options like timeout, hashsize and maxelem. For more information please have a look at ipset8 man page. ipset names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =ipset Add a new permanent ipset from a prepared ipset file with an optional name override. =ipset Delete an existing permanent ipset. =ipset Load ipset default settings or report NO_DEFAULTS error. Print information about the ipset ipset. The output format is: ipset type: type options: option1[=value1] .. entries: entry1 .. Print predefined ipsets as a space separated list. =ipset =description Set new description to ipset =ipset Print description for ipset =ipset =description Set short description to ipset =ipset Print short description for ipset =ipset =entry Add a new entry to the ipset. Adding an entry to an ipset with option timeout is permitted, but these entries are not tracked by firewalld. =ipset =entry Remove an entry from the ipset. =ipset =entry Return whether the entry has been added to an ipset. Returns 0 if true, 1 otherwise. Querying an ipset with a timeout will yield an error. Entries are not tracked for ipsets with a timeout. =ipset List all entries of the ipset. =ipset =filename Add a new entries to the ipset from the file. For all entries that are listed in the file but already in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =filename Remove existing entries from the ipset from the file. For all entries that are listed in the file but not in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. Print path of the ipset configuration file. Service Options Options in this section affect only one particular service. Print information about the service service. The output format is: service ports: port1 .. protocols: protocol1 .. source-ports: source-port1 .. helpers: helper1 .. destination: ipv1:address1 .. The following options are only usable in the permanent configuration. =service Add a new permanent and empty service. Service names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =service Add a new permanent service from a prepared service file with an optional name override. =service Delete an existing permanent service. =service Load service default settings or report NO_DEFAULTS error. Print path of the service configuration file. =service =description Set new description to service =service Print description for service =service =description Set short description to service =service Print short description for service =service =portid-portid/protocol Add a new port to the permanent service. =service =portid-portid/protocol Remove a port from the permanent service. =service =portid-portid/protocol Return wether the port has been added to the permanent service. =service List ports added to the permanent service. =service =protocol Add a new protocol to the permanent service. =service =protocol Remove a protocol from the permanent service. =service =protocol Return wether the protocol has been added to the permanent service. =service List protocols added to the permanent service. =service =portid-portid/protocol Add a new source port to the permanent service. =service =portid-portid/protocol Remove a source port from the permanent service. =service =portid-portid/protocol Return wether the source port has been added to the permanent service. =service List source ports added to the permanent service. =service =helper Add a new helper to the permanent service. =service =helper Remove a helper from the permanent service. =service =helper Return wether the helper has been added to the permanent service. =service List helpers added to the permanent service. =service =ipv:address/mask Set destination for ipv to address[/mask] in the permanent service. =service =ipv Remove the destination for ipv from the permanent service. =service =ipv:address/mask Return wether the destination ipv to address[/mask] has been set in the permanent service. =service List destinations added to the permanent service. =service =service Add a new include to the permanent service. =service =service Remove a include from the permanent service. =service =service Return wether the include has been added to the permanent service. =service List includes added to the permanent service. Helper Options Options in this section affect only one particular helper. Print information about the helper helper. The output format is: helper family: family module: module ports: port1 .. The following options are only usable in the permanent configuration. =helper =nf_conntrack_module =ipv4|ipv6 Add a new permanent helper with module and optionally family defined. Helper names must be alphanumeric and may additionally include characters: '-'. =filename =helper Add a new permanent helper from a prepared helper file with an optional name override. =helper Delete an existing permanent helper. =helper Load helper default settings or report NO_DEFAULTS error. Print path of the helper configuration file. Print predefined helpers as a space separated list. =helper =description Set new description to helper =helper Print description for helper =helper =description Set short description to helper =helper Print short description for helper =helper =portid-portid/protocol Add a new port to the permanent helper. =helper =portid-portid/protocol Remove a port from the permanent helper. =helper =portid-portid/protocol Return wether the port has been added to the permanent helper. =helper List ports added to the permanent helper. =helper =description Set module description for helper =helper Print module description for helper =helper =description Set family description for helper =helper Print family description of helper Internet Control Message Protocol (ICMP) type Options Options in this section affect only one particular icmptype. Print information about the icmptype icmptype. The output format is: icmptype destination: ipv1 .. The following options are only usable in the permanent configuration. =icmptype Add a new permanent and empty icmptype. ICMP type names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =icmptype Add a new permanent icmptype from a prepared icmptype file with an optional name override. =icmptype Delete an existing permanent icmptype. =icmptype Load icmptype default settings or report NO_DEFAULTS error. =icmptype =description Set new description to icmptype =icmptype Print description for icmptype =icmptype =description Set short description to icmptype =icmptype Print short description for icmptype =icmptype =ipv Enable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Disable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Return whether destination for ipv is enabled in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype List destinations in permanent icmptype. Print path of the icmptype configuration file. Direct Options The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct options should be used only as a last resort when it's not possible to use for example =service or ='rule'. Warning: Direct rules behavior is different depending on the value of FirewallBackend. See CAVEATS in firewalld.direct5. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables8), with ipv6 for IPv6 (ip6tables8) and with eb for ethernet bridges (ebtables8). Get all chains added to all tables. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table Get all chains added to table table as a space separated list. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table chain Add a new chain with name chain to table table. Make sure there's no other chain with this name already. There already exist basic chains to use with direct options, for example INPUT_direct chain (see iptables-save | grep direct output for all of them). These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. { ipv4 | ipv6 | eb } table chain Remove chain with name chain from table table. Only chains previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Return whether a chain with name chain exists in table table. Returns 0 if true, 1 otherwise. This option concerns only chains previously added with . Get all rules added to all chains in all tables as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain Get all rules added to chain chain in table table as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain priority args Add a rule with the arguments args to chain chain in table table with priority priority. The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. { ipv4 | ipv6 | eb } table chain priority args Remove a rule with priority and the arguments args from chain chain in table table. Only rules previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Remove all rules in the chain with name chain exists in table table. This option concerns only rules previously added with in this chain. { ipv4 | ipv6 | eb } table chain priority args Return whether a rule with priority and the arguments args exists in chain chain in table table. Returns 0 if true, 1 otherwise. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } args Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs. Get all passthrough rules as a newline separated list of the ipv value and arguments. { ipv4 | ipv6 | eb } Get all passthrough rules for the ipv value as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } args Add a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Remove a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Return whether a passthrough rule with the arguments args exists for the ipv value. Returns 0 if true, 1 otherwise. Lockdown Options Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Be careful - if firewall-cmd is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with firewall-cmd, you would need to edit firewalld.conf. This is a runtime and permanent change. Disable lockdown. This is a runtime and permanent change. Query whether lockdown is enabled. Returns 0 if lockdown is enabled, 1 otherwise. Lockdown Whitelist Options The lockdown whitelist can contain commands, contexts, users and user ids. If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Commands for user root and others is not always the same. Example: As root /bin/firewall-cmd is used, as a normal user /usr/bin/firewall-cmd is be used on Fedora. The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context. Warning: If the context is unconfined, then this will open access for more than the desired application. The lockdown whitelist entries are checked in the following order: 1. context 2. uid 3. user 4. command List all command lines that are on the whitelist. =command Add the command to the whitelist. =command Remove the command from the whitelist. =command Query whether the command is on the whitelist. Returns 0 if true, 1 otherwise. List all contexts that are on the whitelist. =context Add the context context to the whitelist. =context Remove the context from the whitelist. =context Query whether the context is on the whitelist. Returns 0 if true, 1 otherwise. List all user ids that are on the whitelist. =uid Add the user id uid to the whitelist. =uid Remove the user id uid from the whitelist. =uid Query whether the user id uid is on the whitelist. Returns 0 if true, 1 otherwise. List all user names that are on the whitelist. =user Add the user name user to the whitelist. =user Remove the user name user from the whitelist. =user Query whether the user name user is on the whitelist. Returns 0 if true, 1 otherwise. Panic Options Enable panic mode. All incoming and outgoing packets are dropped, active connections will expire. Enable this only if there are serious problems with your network environment. For example if the machine is getting hacked in. This is a runtime only change. Disable panic mode. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time. This is a runtime only change. Returns 0 if panic mode is enabled, 1 otherwise. Examples For more examples see Example 1 Enable http service in default zone. This is runtime only change, i.e. effective until restart. firewall-cmd --add-service=http Example 2 Enable port 443/tcp immediately and permanently in default zone. To make the change effective immediately and also after restart we need two commands. The first command makes the change in runtime configuration, i.e. makes it effective immediately, until restart. The second command makes the change in permanent configuration, i.e. makes it effective after restart. firewall-cmd --add-port=443/tcp firewall-cmd --permanent --add-port=443/tcp Exit Codes On success 0 is returned. On failure the output is red colored and exit code is either 2 in case of wrong command-line option usage or one of the following error codes in other cases: String Code &errorcodes; Note that return codes of --query-* options are special: Successful queries return 0, unsuccessful ones return 1 unless an error occurred in which case the table above applies. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.helper.xml0000664007115300711530000001273313641106075022203 0ustar00egarveregarver00000000000000 ]> firewalld.helper firewalld &authors; firewalld.helper 5 firewalld.helper firewalld helper configuration files /firewalld/helpers/helper.xml /lib/firewalld/helpers/helper.xml Description A firewalld helper configuration file provides the information of a helper entry for firewalld. The most important configuration options are ports, family and module. This example configuration file shows the structure of a helper configuration file: <?xml version="1.0" encoding="utf-8"?> <helper module="nf_conntrack_module" [family="ipv4|ipv6"]> <short>short</short> <description>description</description> <port portid[-portid]" protocol="tcp|udp|sctp|dccp"/> </helper> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. helper The mandatory helper start and end tag defines the helper. This tag can only be used once in a helper configuration file. There is one mandatory and also optional attributes for helper: module="string" The mandatory module of the helper. This is one of the netfilter conntrack helper modules. The name starts with nf_conntrack_. family="ipv4|ipv6" The optional family of the helper. This can be one of these ipv types: ipv4 or ipv6. If the family is not specified, then the helper is usable for IPv4 and IPv6. version="string" To give the helper a version. short Is an optional start and end tag and is used to give a helper a more readable name. description Is an optional start and end tag to have a description for a helper. port Is an mandatory empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory: port="string" The port string can be a single port number or a port range portid-portid or also empty to match a protocol only. protocol="string" The protocol value can either be , , or . &seealso; ¬es; firewalld-0.8.2/doc/xml/Makefile.in0000664007115300711530000004777413641123177020316 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/xml DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" man5dir = $(mandir)/man5 NROFF = nroff MANS = $(man1_MANS) $(man5_MANS) $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = xsltproc ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @ENABLE_DOCS_TRUE@EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \ @ENABLE_DOCS_TRUE@ authors.xml notes.xml seealso.xml errorcodes.xml \ @ENABLE_DOCS_TRUE@ transform-man.xsl.in transform-html.xsl.in \ @ENABLE_DOCS_TRUE@ firewalld.xml.in firewall-cmd.xml.in @ENABLE_DOCS_TRUE@man_MANS = $(man1_MANS) $(man5_MANS) @ENABLE_DOCS_TRUE@HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html) @ENABLE_DOCS_TRUE@man1_MANS = \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-applet.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-cmd.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-config.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewalld.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-offline-cmd.1 @ENABLE_DOCS_TRUE@man5_MANS = \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.conf.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.dbus.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.direct.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.helper.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.icmptype.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.ipset.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.lockdown-whitelist.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.richlanguage.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.service.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.zone.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.zones.5 CLEAN_FILES = *~ errorcodes.xml DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \ firewalld.xml firewall-cmd.xml #SGML_CATALOG_FILES #XSLTPROC_FLAGS = --catalogs --nonet --xinclude XSLTPROC_FLAGS = --nonet --xinclude XSLTPROC_MAN_FLAGS = $(XSLTPROC_FLAGS) transform-man.xsl XSLTPROC_HTML_FLAGS = $(XSLTPROC_FLAGS) transform-html.xsl edit = sed \ -e 's|\@PREFIX\@|$(prefix)|' \ -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \ -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \ -e 's|@SRCDIR@|$(srcdir)|' all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/xml/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/xml/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man1: $(man1_MANS) $(man_MANS) @$(NORMAL_INSTALL) @list1='$(man1_MANS)'; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) install-man5: $(man5_MANS) $(man_MANS) @$(NORMAL_INSTALL) @list1='$(man5_MANS)'; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man1 install-man5 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 uninstall-man5 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man1 install-man5 \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 uninstall-man5 install: all: $(man_MANS) $(HTMLS) clean: -test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES) ../man/man1/firewall-cmd.1: errorcodes.xml ../html/firewall-cmd.html: errorcodes.xml ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../man/man5/%.5: %.xml authors.xml notes.xml seealso.xml transform-man.xsl $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../html/%.html: %.xml authors.xml notes.xml seealso.xml transform-html.xsl mkdir -p $(dir $@) # avoid xsltproc directory create race $(XSLTPROC) -o $@ $(XSLTPROC_HTML_FLAGS) $< errorcodes.xml: ../../src/firewall/errors.py @echo Creating $@ @grep '=\s*[0-9]\+$$' ../../src/firewall/errors.py | \ sed -e 's/^/\\/g' \ -e 's/ *= */\<\/entry\>\/g' \ -e 's/$$/\<\/entry\>\<\/row\>/g' > $@ transform-man.xsl: transform-man.xsl.in $(edit) $< >$@ transform-html.xsl: transform-html.xsl.in $(edit) $< >$@ firewall-cmd.xml: firewall-cmd.xml.in $(edit) $< >$@ firewalld.xml: firewalld.xml.in $(edit) $< >$@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/doc/xml/authors.xml0000664007115300711530000000243713617024233020437 0ustar00egarveregarver00000000000000 Developer Thomas Woerner twoerner@redhat.com Developer Jiri Popelka jpopelka@redhat.com Developer Eric Garver eric@garver.life firewalld-0.8.2/doc/xml/firewalld.zones.xml0000664007115300711530000002121113341016621022043 0ustar00egarveregarver00000000000000 ]> firewalld.zones firewalld &authors; firewalld.zones 5 firewalld.zones firewalld zones Description What is a zone? A network zone defines the level of trust for network connections. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections. The zone defines the firewall features that are enabled in this zone: Predefined services A service is a combination of port and/or protocol entries. Optionally netfilter helper modules can be added and also a IPv4 and IPv6 destination address. Ports and protocols Definition of tcp or udp ports, where ports can be a single port or a port range. ICMP blocks Blocks selected Internet Control Message Protocol (ICMP) messages. These messages are either information requests or created as a reply to information requests or in error conditions. Masquerading The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation. Forward ports A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another host. Rich language rules The rich language extends the elements (service, port, icmp-block, masquerade, forward-port and source-port) with additional source and destination addresses, logging, actions and limits for logs and actions. It can also be used for host or network white and black listing (for more information, please have a look at firewalld.richlanguage5). For more information on the zone file format, please have a look at firewalld.zone5. Which zones are available? Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted: drop Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible. block Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible. public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. external For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. dmz For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted. work For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. home For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. internal For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted. trusted All network connections are accepted. Which zone should be used? A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted. Select the zone that best matches the network you are using. How to configure or add zones? To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the graphical configuration tool firewall-config, the command line tool firewall-cmd or the D-Bus interface. Or you can create or copy a zone file in one of the configuration directories. /lib/firewalld/zones is used for default and fallback configurations and /firewalld/zones is used for user created and customized configuration files. How to set or change a zone for a connection? The zone is stored into the ifcfg of the connection with option. If the option is missing or empty, the default zone set in firewalld is used. If the connection is controlled by NetworkManager, you can also use nm-connection-editor to change the zone. For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone. Only the zone binding is then removed in firewalld then. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.icmptype.xml0000664007115300711530000001043213341016621022542 0ustar00egarveregarver00000000000000 ]> firewalld.icmptype firewalld &authors; firewalld.icmptype 5 firewalld.icmptype firewalld icmptype configuration files /firewalld/icmptypes/icmptype.xml /lib/firewalld/icmptypes/icmptype.xml Description A firewalld icmptype configuration file provides the information for an Internet Control Message Protocol (ICMP) type for firewalld. This example configuration file shows the structure of an icmptype configuration file: <?xml version="1.0" encoding="utf-8"?> <icmptype> <short>My Icmptype</short> <description>description</description> <destination ipv4="yes" ipv6="yes"/> </icmptype> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. icmptype The mandatory icmptype start and end tag defines the icmptype. This tag can only be used once in an icmptype configuration file. This tag has optional attributes: version="string" To give the icmptype a version. short Is an optional start and end tag and is used to give an icmptype a more readable name. description Is an optional start and end tag to have a description for a icmptype. destination Is an optional empty-element tag and can be used only once. The destination tag specifies if an icmptype entry is available for IPv4 and/or IPv6. The default is IPv4 and IPv6, where this tag can be missing. ipv4="bool" Describes if the icmptype is available for IPv4. ipv6="bool" Describes if the icmptype is available for IPv6. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.xml0000664007115300711530000002625613641123207020726 0ustar00egarveregarver00000000000000 ]> firewalld firewalld &authors; firewalld 1 firewalld Dynamic Firewall Manager firewalld OPTIONS Description firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. Options These are the command line options of firewalld: Prints a short help text and exists. Path to firewalld default configuration. This usually defaults to /usr/lib/firewalld. =level Set the debug level for firewalld to level. The range of the debug level is 1 (lowest level) to 10 (highest level). The debug output will be written to the firewalld log file /var/log/firewalld. Print garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks. Turn off daemon forking. Force firewalld to run as a foreground process instead of as a daemon in the background. Disable writing pid file. By default the program will write a pid file. If the program is invoked with this option it will not check for an existing server process. Path to firewalld system (user) configuration. This usually defaults to /etc/firewalld. Concepts firewalld has a D-Bus interface for firewall configuration of services and applications. It also has a command line client for the user. Services or applications already using D-Bus can request changes to the firewall with the D-Bus interface directly. For more information on the firewalld D-Bus interface, please have a look at firewalld.dbus5. firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in /usr/lib/firewalld () or /etc/firewalld () (see ). If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file. The interfaces will automatically be handled by the default zone. firewalld will also not get notified about network device renames. All this also applies to interfaces that are not controlled by NetworkManager if NM_CONTROLLED=no is set. You can add these interfaces to a zone with firewall-cmd [--permanent] --zone=zone --add-interface=interface. If there is a /etc/sysconfig/network-scripts/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file. If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces. This mechanism is not possible in the case of a firewalld service restart. It is essential to keep the ZONE= setting in the ifcfg file consistent to the binding in firewalld in the case of NetworkManager uncontrolled interfaces. Zones A network or firewall zone defines the trust level of the interface used for a connection. There are several pre-defined zones provided by firewalld. Zone configuration options and generic information about zones are described in firewalld.zone5 Services A service can be a list of local ports, protocols and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled. Service configuration options and generic information about services are described in firewalld.service5. The use of predefined services makes it easier for the user to enable and disable access to a service. ICMP types The Internet Control Message Protocol (ICMP) is used to exchange information and also error messages in the Internet Protocol (IP). ICMP types can be used in firewalld to limit the exchange of these messages. For more information, please have a look at firewalld.icmptype5. Runtime configuration Runtime configuration is the actual active configuration and is not permanent. After reload/restart of the service or a system reboot, runtime settings will be gone if they haven't been also in permanent configuration. Permanent configuration The permanent configuration is stored in config files and will be loaded and become new runtime configuration with every machine boot or service reload/restart. Direct interface The direct interface is mainly used by services or applications to add specific firewall rules. It requires basic knowledge of ip(6)tables concepts (tables, chains, commands, parameters, targets). Directories firewalld supports two configuration directories: Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>) This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package. Additional , and can be provided with packages or by creating files. System configuration settings in <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>) The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand. The files will overload the default configuration files. To manually change settings of pre-defined icmptypes, zones or services, copy the file from the default configuration directory to the corresponding directory in the system configuration directory and change it accordingly. For more information on icmptypes, please have a look at the firewalld.icmptype5 man page, for services at firewalld.service5 and for zones at firewalld.zone5. SIGNALS Currently only SIGHUP is supported. SIGHUP Reloads the complete firewall configuration. You can also use firewall-cmd --reload. All runtime configuration settings will be restored. Permanent configuration will change according to options defined in the configuration files. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewalld.conf.xml0000664007115300711530000001715413630022170021642 0ustar00egarveregarver00000000000000 ]> firewalld.conf firewalld &authors; firewalld.conf 5 firewalld.conf firewalld configuration file /firewalld/firewalld.conf Description firewalld.conf is loaded by firewalld during the initialization process. The file contains the basic configuration options for firewalld. Options These are the options that can be set in the config file: This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. The default zone is public. Deprecated. This option is ignored and no longer used. Marks are no longer used internally. If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. The default value is yes or true. If this option is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist (see firewalld.lockdown-whitelist5). The default value is no or false. If this option is enabled (it is by default), reverse path filter test on a packet for IPv6 is performed. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. For IPv4 the rp_filter is controlled using sysctl. If this option is disabled (it is by default), combined -restore calls are used and not individual calls to apply changes to the firewall. The use of individiual calls increases the time that is needed to apply changes and to start the daemon, but is good for debugging as error messages are more specific. Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. Deprecated. This option is ignored and no longer used. Selects the firewall backend implementation. Possible values are; nftables (default), or iptables. This applies to all firewalld primitives. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends. Flush all runtime rules on a reload. In previous releases some runtime configuration was retained during a reload, namely; interface to zone assignment, and direct rules. This was confusing to users. To get the old behavior set this to "no". Defaults to "yes". As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet. Defaults to "yes". Older versions of firewalld had undocumented behavior known as "zone drifting". This allowed packets to ingress multiple zones - this is a violation of zone based firewalls. However, some users rely on this behavior to have a "catch-all" zone, e.g. the default zone. You can enable this if you desire such behavior. It's disabled by default for security reasons. Note: If "yes" packets will only drift from source based zones to interface based zones (including the default zone). Packets never drift from interface based zones to other interfaces based zones (including the default zone). Valid values; "yes", "no". Defaults to "no". &seealso; ¬es; firewalld-0.8.2/doc/xml/firewall-applet.xml0000664007115300711530000001433113614563155022046 0ustar00egarveregarver00000000000000 ]> firewall-applet firewalld &authors; firewall-applet 1 firewall-applet firewalld applet firewall-applet OPTIONS Description firewall-applet is a tray applet for firewalld. Options firewall-applet does not support any special options. The following options are supported: Prints a short help text and exists. QSettings firewall-applet has additional settings to adapt the look and feel. QSettings is used and stores them in ~/.config/firewall/applet.conf. The file is automatically reloaded if it has been changed and the new settings will immediately be effective. There is also the global config file /etc/firewall/applet.conf, which contains the default values. The settings in this file will be overloaded by settings in the user settings file. Here is an example applet.conf file: [General] notifications=true show-inactive=true The following settings are supported: The applet shows notifications if enabled. This setting can be enabled also in the applet with the "Enable Notifications" checkbox in the right mouse menu. This setting defaults to . If notifications are shown for these actions if enabled: Connection to firewalld established Connection to firewalld lost Firewall has been reloaded Default zone has been changed Panic mode has been enabled or disabled Activation, deactivation or change of zones bound to interfaces Activation, deactivation or change of zones bound to sources addresses Show applet also if firewalld is not running. If firewalld has been stopped or is not running the applet will be hidden and not visible in the applet tray. Enable this setting to see the applet all the time for example to be sure that the firewall is active. This setting defaults to . The shields-up zone name to be used if shields-up is enabled. This setting defaults to ''. The shields-down zone name to be used if shields-up has been deactivated again. This setting defaults to ''. If enabled, the applet icon blinks in these cases: Connection to firewalld lost Panic mode has been enabled or disabled This setting defaults to . The number of blinks if is enabled. This setting defaults to . &seealso; ¬es; firewalld-0.8.2/doc/xml/errorcodes.xml0000664007115300711530000001111213641123256021111 0ustar00egarveregarver00000000000000ALREADY_ENABLED11 NOT_ENABLED12 COMMAND_FAILED13 NO_IPV6_NAT14 PANIC_MODE15 ZONE_ALREADY_SET16 UNKNOWN_INTERFACE17 ZONE_CONFLICT18 BUILTIN_CHAIN19 EBTABLES_NO_REJECT20 NOT_OVERLOADABLE21 NO_DEFAULTS22 BUILTIN_ZONE23 BUILTIN_SERVICE24 BUILTIN_ICMPTYPE25 NAME_CONFLICT26 NAME_MISMATCH27 PARSE_ERROR28 ACCESS_DENIED29 UNKNOWN_SOURCE30 RT_TO_PERM_FAILED31 IPSET_WITH_TIMEOUT32 BUILTIN_IPSET33 ALREADY_SET34 MISSING_IMPORT35 DBUS_ERROR36 BUILTIN_HELPER37 NOT_APPLIED38 INVALID_ACTION100 INVALID_SERVICE101 INVALID_PORT102 INVALID_PROTOCOL103 INVALID_INTERFACE104 INVALID_ADDR105 INVALID_FORWARD106 INVALID_ICMPTYPE107 INVALID_TABLE108 INVALID_CHAIN109 INVALID_TARGET110 INVALID_IPV111 INVALID_ZONE112 INVALID_PROPERTY113 INVALID_VALUE114 INVALID_OBJECT115 INVALID_NAME116 INVALID_FILENAME117 INVALID_DIRECTORY118 INVALID_TYPE119 INVALID_SETTING120 INVALID_DESTINATION121 INVALID_RULE122 INVALID_LIMIT123 INVALID_FAMILY124 INVALID_LOG_LEVEL125 INVALID_AUDIT_TYPE126 INVALID_MARK127 INVALID_CONTEXT128 INVALID_COMMAND129 INVALID_USER130 INVALID_UID131 INVALID_MODULE132 INVALID_PASSTHROUGH133 INVALID_MAC134 INVALID_IPSET135 INVALID_ENTRY136 INVALID_OPTION137 INVALID_HELPER138 INVALID_PRIORITY139 MISSING_TABLE200 MISSING_CHAIN201 MISSING_PORT202 MISSING_PROTOCOL203 MISSING_ADDR204 MISSING_NAME205 MISSING_SETTING206 MISSING_FAMILY207 RUNNING_BUT_FAILED251 NOT_RUNNING252 NOT_AUTHORIZED253 UNKNOWN_ERROR254 firewalld-0.8.2/doc/xml/Makefile.am0000664007115300711530000000476213641106161020265 0ustar00egarveregarver00000000000000XSLTPROC = xsltproc if ENABLE_DOCS EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \ authors.xml notes.xml seealso.xml errorcodes.xml \ transform-man.xsl.in transform-html.xsl.in \ firewalld.xml.in firewall-cmd.xml.in man_MANS = $(man1_MANS) $(man5_MANS) HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html) man1_MANS = \ ../man/man1/firewall-applet.1 \ ../man/man1/firewall-cmd.1 \ ../man/man1/firewall-config.1 \ ../man/man1/firewalld.1 \ ../man/man1/firewall-offline-cmd.1 man5_MANS = \ ../man/man5/firewalld.conf.5 \ ../man/man5/firewalld.dbus.5 \ ../man/man5/firewalld.direct.5 \ ../man/man5/firewalld.helper.5 \ ../man/man5/firewalld.icmptype.5 \ ../man/man5/firewalld.ipset.5 \ ../man/man5/firewalld.lockdown-whitelist.5 \ ../man/man5/firewalld.richlanguage.5 \ ../man/man5/firewalld.service.5 \ ../man/man5/firewalld.zone.5 \ ../man/man5/firewalld.zones.5 endif CLEAN_FILES = *~ errorcodes.xml DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \ firewalld.xml firewall-cmd.xml #SGML_CATALOG_FILES #XSLTPROC_FLAGS = --catalogs --nonet --xinclude XSLTPROC_FLAGS = --nonet --xinclude XSLTPROC_MAN_FLAGS = $(XSLTPROC_FLAGS) transform-man.xsl XSLTPROC_HTML_FLAGS = $(XSLTPROC_FLAGS) transform-html.xsl install: all: $(man_MANS) $(HTMLS) clean: -test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES) ../man/man1/firewall-cmd.1: errorcodes.xml ../html/firewall-cmd.html: errorcodes.xml ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../man/man5/%.5: %.xml authors.xml notes.xml seealso.xml transform-man.xsl $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../html/%.html: %.xml authors.xml notes.xml seealso.xml transform-html.xsl mkdir -p $(dir $@) # avoid xsltproc directory create race $(XSLTPROC) -o $@ $(XSLTPROC_HTML_FLAGS) $< errorcodes.xml: ../../src/firewall/errors.py @echo Creating $@ @grep '=\s*[0-9]\+$$' ../../src/firewall/errors.py | \ sed -e 's/^/\\/g' \ -e 's/ *= */\<\/entry\>\/g' \ -e 's/$$/\<\/entry\>\<\/row\>/g' > $@ edit = sed \ -e 's|\@PREFIX\@|$(prefix)|' \ -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \ -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \ -e 's|@SRCDIR@|$(srcdir)|' transform-man.xsl: transform-man.xsl.in $(edit) $< >$@ transform-html.xsl: transform-html.xsl.in $(edit) $< >$@ firewall-cmd.xml: firewall-cmd.xml.in $(edit) $< >$@ firewalld.xml: firewalld.xml.in $(edit) $< >$@ firewalld-0.8.2/doc/xml/transform-html.xsl.in0000664007115300711530000000746713341016621022346 0ustar00egarveregarver00000000000000 @SYSCONFDIR@ @PREFIX@ .html

, firewalld-0.8.2/doc/xml/firewalld.dbus.xml0000664007115300711530000117464413630022170021663 0ustar00egarveregarver00000000000000 ]> firewalld.dbus firewalld &authors; firewalld.dbus 5 firewalld.dbus firewalld D-Bus interface description Object Paths This is the basic firewalld object path structure. The used interfaces are explained below in . /org/fedoraproject/FirewallD1 Interfaces org.fedoraproject.FirewallD1 org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.ipset org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.zone org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config Interfaces org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.direct org.fedoraproject.FirewallD1.config.policies org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/zone/i Interfaces org.fedoraproject.FirewallD1.config.zone org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/service/i Interfaces: org.fedoraproject.FirewallD1.config.service org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/ipset/i Interfaces org.fedoraproject.FirewallD1.config.ipset org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/icmptype/i Interfaces org.fedoraproject.FirewallD1.config.icmptype org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties Interfaces org.fedoraproject.FirewallD1 This interface contains general runtime operations, like: reloading, panic mode, default zone handling, getting services and icmp types and their settings. Methods authorizeAll() → Nothing Initiate authorization for the complete firewalld D-Bus interface. This method it mostly useful for configuration applications. completeReload() → Nothing Reload firewall completely, even netfilter kernel modules. This will most likely terminate active connections, because state information is lost. This option should only be used in case of severe firewall problems. For example if there are state information problems that no connection can be established with correct firewall rules. disablePanicMode() → Nothing Disable panic mode. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time. Possible errors: NOT_ENABLED, COMMAND_FAILED enablePanicMode() → Nothing Enable panic mode. All incoming and outgoing packets are dropped, active connections will expire. Enable this only if there are serious problems with your network environment. Possible errors: ALREADY_ENABLED, COMMAND_FAILED getAutomaticHelpers() → s Deprecated. This always returns "no". getDefaultZone() → s Return default zone. getHelperSettings(s: helper) → (sssssa(ss)) Return runtime settings of given helper. For getting permanent settings see org.fedoraproject.FirewallD1.config.helper.Methods.getSettings. Settings are in format: version, name, description, family, module and array of ports. version (s): see version attribute of helper tag in firewalld.helper5. name (s): see short tag in firewalld.helper5. description (s): see description tag in firewalld.helper5. family (s): see family tag in firewalld.helper5. module (s): see module tag in firewalld.helper5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper5. Possible errors: INVALID_HELPER getHelpers() → as Return array of helper names (s) in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listHelpers. getIcmpTypeSettings(s: icmptype) → (sssas) Return runtime settings of given icmptype. For getting permanent settings see org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings. Settings are in format: version, name, description, array of destinations. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype5. Possible errors: INVALID_ICMPTYPE getLogDenied() → s Retruns the LogDenied value. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off. The default value is off getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss)) This function is deprecated, use org.fedoraproject.FirewallD1.Methods.getServiceSettings2 instead. getServiceSettings2(s: service) → s{sv} Return runtime settings of given service. For getting permanent settings see org.fedoraproject.FirewallD1.config.service.Methods.getSettings2. Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be ommitted. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. Possible errors: INVALID_SERVICE getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)) Return runtime settings of given zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSettings. Settings are in format: version, name, description, UNUSED, target, array of services, array of ports (port, protocol), array of icmp-blocks, masquerade, array of forward-ports (port, protocol, to-port, to-addr), array of interfaces, array of sources, array of rich rules, array of protocols and array of source-ports (port, protocol). version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. UNUSED (b): this boolean value is no longer used for anything. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp-blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward-ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. source addresses (as): array of source addresses. See source tag in firewalld.zone5. rich rules (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols, see protocol tag in firewalld.zone5. source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. Possible errors: INVALID_ZONE listIcmpTypes() → as Return array of names (s) of icmp types in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes. listServices() → as Return array of service names (s) in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listServices. queryPanicMode() → b Return true if panic mode is enabled, false otherwise. In panic mode all incoming and outgoing packets are dropped. reload() → Nothing Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. runtimeToPermanent() → Nothing Make runtime settings permanent. Replaces permanent settings with runtime settings for zones, services, icmptypes, direct and policies (lockdown whitelist). Possible errors: RT_TO_PERM_FAILED checkPermanentConfig() → Nothing Run checks on the permanent configuration. This is most useful if changes were made manually to configuration files. Possible errors: any setDefaultZone(s: zone) → Nothing Set default zone for connections and interfaces where no zone has been selected to zone. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. This is a runtime and permanent change. Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED setLogDenied(s: value) → Nothing Set LogDenied value to value. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off. The default value is off This is a runtime and permanent change. Possible errors: ALREADY_SET, INVALID_VALUE Signals DefaultZoneChanged(s: zone) Emitted when default zone has been changed to zone. LogDeniedChanged(s: value) Emitted when LogDenied value has been changed. PanicModeDisabled() Emitted when panic mode has been deactivated. PanicModeEnabled() Emitted when panic mode has been activated. Reloaded() Emitted when firewalld has been reloaded. Also emitted for a complete reload. Properties BRIDGE - b - (ro) Indicates whether the firewall has ethernet bridge support. IPSet - b - (ro) Indicates whether the firewall has IPSet support. IPSetTypes - as - (ro) The supported IPSet types by ipset and firewalld. IPv4 - b - (ro) Indicates whether the firewall has IPv4 support. IPv4ICMPTypes - as - (ro) The list of supported IPv4 ICMP types. IPv6 - b - (ro) Indicates whether the firewall has IPv6 support. IPv6_rpfilter - b - (ro) Indicates whether the reverse path filter test on a packet for IPv6 is enabled. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. IPv6ICMPTypes - as - (ro) The list of supported IPv6 ICMP types. nf_conntrach_helper_setting - b - (ro) Deprecated. Always False. nf_conntrack_helpers - a{sas} - (ro) Deprecated. Always returns an empty dictionary. nf_nat_helpers - a{sas} - (ro) Deprecated. Always returns an empty dictionary. interface_version - s - (ro) firewalld D-Bus interface version string. state - s - (ro) firewalld state. This can be either INIT, FAILED, or RUNNING. In INIT state, firewalld is starting up and initializing. In FAILED state, firewalld completely started but experienced a failure. version - s - (ro) firewalld version string. org.fedoraproject.FirewallD1.ipset Operations in this interface allows to get, add, remove and query runtime ipset settings. For permanent configuration see org.fedoraproject.FirewallD1.config.ipset interface. Methods addEntry(s: ipset, s: entry) → as Add a new entry to ipset. The entry must match the type of the ipset. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry. Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT getEntries(s: ipset) → Nothing Get all entries added to the ipset. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel. Return value is a array of entry. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries. Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT getSettings(s: ipset) → (ssssa{ss}as) Return runtime settings of given ipset. For getting permanent settings see org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. Possible errors: INVALID_IPSET getIPSets() → as Return array of ipset names (s) in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listIPSets. queryService(s: ipset, s: entry) → b Return whether entry has been added to ipset. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry. Possible errors: INVALID_IPSET queryService(s: ipset) → b Return whether ipset is defined in runtime configuration. removeEntry(s: ipset, s: entry) → as Removes an entry from ipset. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry. Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT setEntries(as: entries) → Nothing Permanently set list of entries to entries. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries. See entry tag in firewalld.ipset5. Signals EntryAdded(s: ipset, s: entry) Emitted when entry has been added to ipset. EntryRemoved(s: ipset, s: entry) Emitted when entry has been removed from ipset. org.fedoraproject.FirewallD1.direct This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface. Methods addChain(s: ipv, s: table, s: chain) → Nothing Add a new chain to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Make sure there's no other chain with this name already. There already exist basic chains to use with direct methods, for example INPUT_direct chain. These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addChain. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED addPassthrough(s: ipv, as: args) → Nothing Add a tracked passthrough rule with the arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Valid commands in args are only -A/--append, -I/--insert and -N/--new-chain. This method is (unlike passthrough method) tracked, i.e. firewalld remembers it. It's useful with org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough. Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Add a rule with the arguments args to chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addRule. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED getAllChains() → a(sss) Get all chains added to all tables in format: ipv, table, chain. This concerns only chains previously added with addChain. Return value is a array of (ipv, table, chain). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. getAllPassthroughs() → a(sas) Get all tracked passthrough rules added in all ipv types in format: ipv, rule. This concerns only rules previously added with addPassthrough. Return value is a array of (ipv, array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getAllRules() → a(sssias) Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule. This concerns only rules previously added with addRule. Return value is a array of (ipv, table, chain, priority, array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getChains(s: ipv, s: table) → as Return an array of chains (s) added to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getChains. Possible errors: INVALID_IPV, INVALID_TABLE getPassthroughs(s: ipv) → aas Get tracked passthrough rules added in either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. Return value is a array of (array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getRules(s: ipv, s: table, s: chain) → a(ias) Get all rules added to chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. Return value is a array of (priority, array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getRules. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. Possible errors: INVALID_IPV, INVALID_TABLE passthrough(s: ipv, as: args) → s Pass a command through to the firewall. ipv can be either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be all iptables, ip6tables and ebtables command line arguments. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on. Possible errors: COMMAND_FAILED queryChain(s: ipv, s: table, s: chain) → b Return whether a chain exists in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryChain. Possible errors: INVALID_IPV, INVALID_TABLE queryPassthrough(s: ipv, as: args) → b Return whether a tracked passthrough rule with the arguments args exists for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough. Possible errors: INVALID_IPV queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b Return whether a rule with priority and the arguments args exists in chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryRule. Possible errors: INVALID_IPV, INVALID_TABLE removeAllPassthroughs() → Nothing Remove all passthrough rules previously added with addPassthrough. removeChain(s: ipv, s: table, s: chain) → Nothing Remove a chain from table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only chains previously added with addChain can be removed this way. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeChain. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED removePassthrough(s: ipv, as: args) → Nothing Remove a tracked passthrough rule with arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addPassthrough can be removed this way. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough. Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Remove a rule with priority and arguments args from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addRule can be removed this way. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeRule. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED removeRules(s: ipv, s: table, s: chain) → Nothing Remove all rules from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeRules. Possible errors: INVALID_IPV, INVALID_TABLE Signals ChainAdded(s: ipv, s: table, s: chain) Emitted when chain has been added into table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). ChainRemoved(s: ipv, s: table, s: chain) Emitted when chain has been removed from table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). PassthroughAdded(s: ipv, as: args) Emitted when a tracked passthruogh rule with args has been added for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). PassthroughRemoved(s: ipv, as: args) Emitted when a tracked passthrough rule with args has been removed for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args) Emitted when a rule with args has been added to chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args) Emitted when a rule with args has been removed from chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). org.fedoraproject.FirewallD1.policies Enables firewalld to be able to lock down configuration changes from local applications. Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt). With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes. For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface. Methods addLockdownWhitelistCommand(s: command) → Nothing Add command to whitelist. See command option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand. Possible errors: ALREADY_ENABLED, INVALID_COMMAND addLockdownWhitelistContext(s: context) → Nothing Add context to whitelist. See selinux option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext. Possible errors: ALREADY_ENABLED, INVALID_COMMAND addLockdownWhitelistUid(i: uid) → Nothing Add user id uid to whitelist. See user option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid. Possible errors: ALREADY_ENABLED, INVALID_COMMAND addLockdownWhitelistUser(s: user) → Nothing Add user name to whitelist. See user option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser. Possible errors: ALREADY_ENABLED, INVALID_COMMAND disableLockdown() → Nothing Disable lockdown. This is a runtime and permanent change. Possible errors: NOT_ENABLED enableLockdown() → Nothing Enable lockdown. Be careful - if the calling application/user is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with the application, you would need to edit firewalld.conf. This is a runtime and permanent change. Possible errors: ALREADY_ENABLED getLockdownWhitelistCommands() → as List all command lines (s) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands. getLockdownWhitelistContexts() → as List all contexts (s) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts. getLockdownWhitelistUids() → ai List all user ids (i) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids. getLockdownWhitelistUsers() → as List all users (s) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers. queryLockdown() → b Query whether lockdown is enabled. queryLockdownWhitelistCommand(s: command) → b Query whether command is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand. queryLockdownWhitelistContext(s: context) → b Query whether context is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext. queryLockdownWhitelistUid(i: uid) → b Query whether user id uid is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid. queryLockdownWhitelistUser(s: user) → b Query whether user is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser. removeLockdownWhitelistCommand(s: command) → Nothing Remove command from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand. Possible errors: NOT_ENABLED removeLockdownWhitelistContext(s: context) → Nothing Remove context from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext. Possible errors: NOT_ENABLED removeLockdownWhitelistUid(i: uid) → Nothing Remove user id uid from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid. Possible errors: NOT_ENABLED removeLockdownWhitelistUser(s: user) → Nothing Remove user from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser. Possible errors: NOT_ENABLED Signals LockdownDisabled() Emitted when lockdown has been disabled. LockdownEnabled() Emitted when lockdown has been enabled. LockdownWhitelistCommandAdded(s: command) Emitted when command has been added to whitelist. LockdownWhitelistCommandRemoved(s: command) Emitted when command has been removed from whitelist. LockdownWhitelistContextAdded(s: context) Emitted when context has been added to whitelist. LockdownWhitelistContextRemoved(s: context) Emitted when context has been removed from whitelist. LockdownWhitelistUidAdded(i: uid) Emitted when user id uid has been added to whitelist. LockdownWhitelistUidRemoved(i: uid) Emitted when user id uid has been removed from whitelist. LockdownWhitelistUserAdded(s: user) Emitted when user has been added to whitelist. LockdownWhitelistUserRemoved(s: user) Emitted when user has been removed from whitelist. org.fedoraproject.FirewallD1.zone Operations in this interface allows to get, add, remove and query runtime zone's settings. For permanent settings see org.fedoraproject.FirewallD1.config.zone interface. Methods addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s Add the IPv4 forward port into zone. If zone is empty, use default zone. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp. The destination address is a simple IP address. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort. Returns name of zone to which the forward port was added. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, ALREADY_ENABLED, INVALID_COMMAND addIcmpBlock(s: zone, s: icmp, i: timeout) → s Add an ICMP block icmp into zone. The icmp is the one of the icmp types firewalld supports. To get a listing of supported icmp types use org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is empty, use default zone. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock. Returns name of zone to which the ICMP block was added. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, ALREADY_ENABLED, INVALID_COMMAND addIcmpBlockInversion(s: zone) → s Add ICMP block inversion to zone. If zone is empty, use default zone. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion. Returns name of zone to which the ICMP block inversion was added. Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND addInterface(s: zone, s: interface) → s Bind interface with zone. From now on all traffic going through the interface will respect the zone's settings. If zone is empty, use default zone. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addInterface. Returns name of zone to which the interface was bound. Possible errors: INVALID_ZONE, INVALID_INTERFACE, ALREADY_ENABLED, INVALID_COMMAND addMasquerade(s: zone, i: timeout) → s Enable masquerade in zone. If zone is empty, use default zone. If timeout is non-zero, masquerading will be active for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade. Returns name of zone in which the masquerade was enabled. Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND addPort(s: zone, s: port, s: protocol, i: timeout) → s Add port into zone. If zone is empty, use default zone. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp or udp. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addPort. Returns name of zone to which the port was added. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND addProtocol(s: zone, s: protocol, i: timeout) → s Add protocol into zone. If zone is empty, use default zone. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol. Returns name of zone to which the protocol was added. Possible errors: INVALID_ZONE, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND addRichRule(s: zone, s: rule, i: timeout) → s Add rich language rule into zone. For the rich language rule syntax, please have a look at firewalld.direct5. If zone is empty, use default zone. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule. Returns name of zone to which the rich language rule was added. Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED, INVALID_COMMAND addService(s: zone, s: service, i: timeout) → s Add service into zone. If zone is empty, use default zone. If timeout is non-zero, the operation will be active only for the amount of seconds. To get a list of supported services, use org.fedoraproject.FirewallD1.Methods.listServices. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addService. Returns name of zone to which the service was added. Possible errors: INVALID_ZONE, INVALID_SERVICE, ALREADY_ENABLED, INVALID_COMMAND addSource(s: zone, s: source) → s Bind source with zone. From now on all traffic going from this source will respect the zone's settings. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. Use of host names is not supported. If zone is empty, use default zone. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addSource. Returns name of zone to which the source was bound. Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED, INVALID_COMMAND addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s Add source port into zone. If zone is empty, use default zone. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp or udp. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort. Returns name of zone to which the port was added. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND changeZone(s: zone, s: interface) → s This function is deprecated, use org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface instead. changeZoneOfInterface(s: zone, s: interface) → s Change a zone an interface is bound to to zone. It's basically removeInterface(interface) followed by addInterface(zone, interface). If interface has not been bound to a zone before, it behaves like addInterface. If zone is empty, use default zone. Returns name of zone to which the interface was bound. Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT changeZoneOfSource(s: zone, s: source) → s Change a zone an source is bound to to zone. It's basically removeSource(source) followed by addSource(zone, source). If source has not been bound to a zone before, it behaves like addSource. If zone is empty, use default zone. Returns name of zone to which the source was bound. Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT getActiveZones() → a{sa{sas}} Return dictionary of currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. Return value is a dictionary where keys are zone names (s) and values are again dictionaries where keys are either 'interfaces' or 'sources' and values are arrays of interface names (s) or sources (s). getForwardPorts(s: zone) → aas Return array of IPv4 forward ports previously added into zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts. Return value is array of 4-tuples, where each 4-tuple consists of (port, protocol, to-port, to-addr). to-addr might be empty in case of local forwarding. Possible errors: INVALID_ZONE getIcmpBlocks(s: zone) → as Return array of ICMP type (s) blocks previously added into zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks. Possible errors: INVALID_ZONE getIcmpBlockInversion(s: zone) → b Return whether ICMP block inversion was previously added to zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion. Possible errors: INVALID_ZONE getInterfaces(s: zone) → as Return array of interfaces (s) previously bound with zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces. Possible errors: INVALID_ZONE getPorts(s: zone) → aas Return array of ports (2-tuple of port and protocol) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getPorts. Possible errors: INVALID_ZONE getProtocols(s: zone) → as Return array of protocols (s) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols. Possible errors: INVALID_ZONE getRichRules(s: zone) → as Return array of rich language rules (s) previously added into zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules. Possible errors: INVALID_ZONE getServices(s: zone) → as Return array of services (s) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getServices. Possible errors: INVALID_ZONE getSourcePorts(s: zone) → aas Return array of source ports (2-tuple of port and protocol) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts. Possible errors: INVALID_ZONE getSources(s: zone) → as Return array of sources (s) previously bound with zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSources. Possible errors: INVALID_ZONE getZoneOfInterface(s: interface) → s Return name (s) of zone the interface is bound to or empty string. getZoneOfSource(s: source) → s Return name (s) of zone the source is bound to or empty string. getZones() → as Return array of names (s) of predefined zones known to current runtime environment. For list of zones known to permanent environment see org.fedoraproject.FirewallD1.config.Methods.listZones. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addZone has been called recently, but firewalld has not been reloaded since then. isImmutable(s: zone) → b Deprecated. queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b Return whether the IPv4 forward port (port, protocol, toport, toaddr) has been added into zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD queryIcmpBlock(s: zone, s: icmp) → b Return whether an ICMP block for icmp has been added into zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE queryIcmpBlockInversion(s: zone) → b Return whether ICMP block inversion has been added to zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE queryInterface(s: zone, s: interface) → b Query whether interface has been bound to zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface. Possible errors: INVALID_ZONE, INVALID_INTERFACE queryMasquerade(s: zone) → b Return whether masquerading has been enabled in zone If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade. Possible errors: INVALID_ZONE queryPort(s: zone, s: port, s: protocol) → b Return whether port/protocol has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryPort. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL queryProtocol(s: zone, s: protocol) → b Return whether protocol has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol. Possible errors: INVALID_ZONE, INVALID_PROTOCOL queryRichRule(s: zone, s: rule) → b Return whether rich rule rule has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule. Possible errors: INVALID_ZONE, INVALID_RULE queryService(s: zone, s: service) → b Return whether service has been added for zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryService. Possible errors: INVALID_ZONE, INVALID_SERVICE querySource(s: zone, s: source) → b Query whether sourcehas been bound to zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.querySource. Possible errors: INVALID_ZONE, INVALID_ADDR querySourcePort(s: zone, s: port, s: protocol) → b Return whether port/protocol has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s Remove IPv4 forward port ((port, protocol, toport, toaddr)) from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort. Returns name of zone from which the forward port was removed. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED, INVALID_COMMAND removeIcmpBlock(s: zone, s: icmp) → s Remove ICMP block icmp from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock. Returns name of zone from which the ICMP block was removed. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED, INVALID_COMMAND removeIcmpBlockInversion(s: zone) → s Remove ICMP block inversion from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion. Returns name of zone from which the ICMP block inversion was removed. Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND removeInterface(s: zone, s: interface) → s Remove binding of interface from zone. If zone is empty, the interface will be removed from zone it belongs to. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface. Returns name of zone from which the interface was removed. Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED, INVALID_COMMAND removeMasquerade(s: zone) → s Disable masquerade for zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade. Returns name of zone for which the masquerade was disabled. Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND removePort(s: zone, s: port, s: protocol) → s Remove port/protocol from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removePort. Returns name of zone from which the port was removed. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND removeProtocol(s: zone, s: protocol) → s Remove protocol from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol. Returns name of zone from which the protocol was removed. Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND removeRichRule(s: zone, s: rule) → s Remove rich language rule from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule. Returns name of zone from which the rich language rule was removed. Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED, INVALID_COMMAND removeService(s: zone, s: service) → s Remove service from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeService. Returns name of zone from which the service was removed. Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED, INVALID_COMMAND removeSource(s: zone, s: source) → s Remove binding of source from zone. If zone is empty, the source will be removed from zone it belongs to. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeSource. Returns name of zone from which the source was removed. Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED, INVALID_COMMAND removeSourcePort(s: zone, s: port, s: protocol) → s Remove port/protocol from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort. Returns name of zone from which the source port was removed. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND Signals ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) Emitted when forward port has been added to zone with timeout. ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr) Emitted when forward port has been removed from zone. IcmpBlockAdded(s: zone, s: icmp, i: timeout) Emitted when ICMP block for icmp has been added to zone with timeout. IcmpBlockInversionAdded(s: zone) Emitted when ICMP block inversion has been added to zone. IcmpBlockInversionRemoved(s: zone) Emitted when ICMP block inversion has been removed from zone. IcmpBlockRemoved(s: zone, s: icmp) Emitted when ICMP block for icmp has been removed from zone. InterfaceAdded(s: zone, s: interface) Emitted when interface has been added to zone. InterfaceRemoved(s: zone, s: interface) Emitted when interface has been removed from zone. MasqueradeAdded(s: zone, i: timeout) Emitted when masquerade has been enabled for zone. MasqueradeRemoved(s: zone) Emitted when masquerade has been disabled for zone. PortAdded(s: zone, s: port, s: protocol, i: timeout) Emitted when port/protocol has been added to zone with timeout. PortRemoved(s: zone, s: port, s: protocol) Emitted when port/protocol has been removed from zone. ProtocolAdded(s: zone, s: protocol, i: timeout) Emitted when protocol has been added to zone with timeout. ProtocolRemoved(s: zone, s: protocol) Emitted when protocol has been removed from zone. RichRuleAdded(s: zone, s: rule, i: timeout) Emitted when rich language rule has been added to zone with timeout. RichRuleRemoved(s: zone, s: rule) Emitted when rich language rule has been removed from zone. ServiceAdded(s: zone, s: service, i: timeout) Emitted when service has been added to zone with timeout. ServiceRemoved(s: zone, s: service) Emitted when service has been removed from zone. SourceAdded(s: zone, s: source) Emitted when source has been added to zone. SourcePortAdded(s: zone, s: port, s: protocol, i: timeout) Emitted when source-port/protocol has been added to zone with timeout. SourcePortRemoved(s: zone, s: port, s: protocol) Emitted when source-port/protocol has been removed from zone. SourceRemoved(s: zone, s: source) Emitted when source has been removed from zone. ZoneChanged(s: zone, s: interface) Deprecated ZoneOfInterfaceChanged(s: zone, s: interface) Emitted when a zone an interface is part of has been changed to zone. ZoneOfSourceChanged(s: zone, s: source) Emitted when a zone an source is part of has been changed to zone. org.fedoraproject.FirewallD1.config Allows to permanently add, remove and query zones, services and icmp types. Methods addIPSet(s: ipset, (ssssa{ss}as): settings) → o Add ipset with given settings into permanent configuration. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addIcmpType(s: icmptype, (sssas): settings) → o Add icmptype with given settings into permanent configuration. Settings are in format: version, name, description, array of destinations. Returns object path of the new icmp type. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o This function is deprecated, use org.fedoraproject.FirewallD1.config.Methods.addService2 instead. addService2s: service, a{sv}: settings) → o Add service with given settings into permanent configuration. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → o Add zone with given settings into permanent configuration. Settings are in format: version, name, description, UNUSED, target, array of services, array of ports (port, protocol), array of icmp-blocks, masquerade, array of forward-ports (port, protocol, to-port, to-addr), array of interfaces, array of sources, array of rich rules, array of protocols and array of source-ports (port, protocol). version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. UNUSED (b): this boolean value is no longer used for anything. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp-blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward-ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. source addresses (as): array of source addresses. See source tag in firewalld.zone5. rich rules (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols. See protocol tag in firewalld.zone5. source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE getHelperByName(s: helper) → o Return object path (permanent configuration) of helper with given name. Possible errors: INVALID_HELPER getHelperNames() → as Return list of helper names (permanent configuration). getIPSetByName(s: ipset) → o Return object path (permanent configuration) of ipset with given name. Possible errors: INVALID_IPSET getIPSetNames() → as Return list of ipset names (permanent configuration). getIcmpTypeByName(s: icmptype) → o Return object path (permanent configuration) of icmptype with given name. Possible errors: INVALID_ICMPTYPE getIcmpTypeNames() → as Return list of icmptype names (permanent configuration). getServiceByName(s: service) → o Return object path (permanent configuration) of service with given name. Possible errors: INVALID_SERVICE getServiceNames() → as Return list of service names (permanent configuration). getZoneByName(s: zone) → o Return object path (permanent configuration) of zone with given name. Possible errors: INVALID_ZONE getZoneNames() → as Return list of zone names (permanent configuration) of. getZoneOfInterface(s: iface) → s Return name of zone the iface is bound to or empty string. getZoneOfSource(s: source) → s Return name of zone the source is bound to or empty string. listHelpers() → ao Return array of object paths (o) of helper in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.Methods.getHelpers. listIPSets() → ao Return array of object paths (o) of ipset in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.ipset.Methods.getIPSets. listIcmpTypes() → ao Return array of object paths (o) of icmp types in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.Methods.listIcmpTypes. listServices() → ao Return array of objects paths (o) of services in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.Methods.listServices. listZones() → ao List object paths of zones known to permanent environment. For list of zones known to runtime environment see org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addZone has been called recently, but firewalld has not been reloaded since then. Signals HelperAdded(s: helper) Emitted when helper has been added. IPSetAdded(s: ipset) Emitted when ipset has been added. IcmpTypeAdded(s: icmptype) Emitted when icmptype has been added. ServiceAdded(s: service) Emitted when service has been added. ZoneAdded(s: zone) Emitted when zone has been added. Properties AllowZoneDrifting - s - (rw) Older versions of firewalld had undocumented behavior known as "zone drifting". This allowed packets to ingress multiple zones - this is a violation of zone based firewalls. However, some users rely on this behavior to have a "catch-all" zone, e.g. the default zone. You can enable this if you desire such behavior. It's disabled by default for security reasons. Note: If "yes" packets will only drift from source based zones to interface based zones (including the default zone). Packets never drift from interface based zones to other interfaces based zones (including the default zone). Valid values; "yes", "no". Defaults to "no". AutomaticHelpers - s - (rw) Deprecated. Getting this value always returns "no". Setting this value is ignored. CleanupOnExit - s - (rw) If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. DefaultZone - s - (ro) Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. FirewallBackend - s - (rw) Selects the firewalld backend for all rules except the direct interface. Valid options are; nftables, iptables. Default in nftables. FirewallBackend - s - (rw) Flush all runtime rules on a reload. Valid options are; yes, no. IPv6_rpfilter - s - (rw) Indicates whether the reverse path filter test on a packet for IPv6 is enabled. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. IndividualCalls - s - (ro) Indicates whether individual calls combined -restore calls are used. If enabled, this increases the time that is needed to apply changes and to start the daemon, but is good for debugging. Lockdown - s - (rw) If this property is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist. LogDenied - s - (rw) If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off. MinimalMark - i - (rw) Deprecated. This option is ignored and no longer used. Marks are no longer used internally. FirewallBackend - s - (rw) As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet. Valid options are; yes, no. org.fedoraproject.FirewallD1.config.direct Interface for permanent direct configuration, see also firewalld.direct5. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface. Methods addChain(s: ipv, s: table, s: chain) → Nothing Add a new chain to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Make sure there's no other chain with this name already. There already exist basic chains to use with direct methods, for example INPUT_direct chain. These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addChain. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED addPassthrough(s: ipv, as: args) → Nothing Add a passthrough rule with the arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addPassthrough. Possible errors: INVALID_IPV, ALREADY_ENABLED addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Add a rule with the arguments args to chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addRule. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED getAllChains() → a(sss) Get all chains added to all tables in format: ipv, table, chain. This concerns only chains previously added with addChain. Return value is a array of (ipv, table, chain). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllChains. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. getAllPassthroughs() → a(sas) Get all passthrough rules added in all ipv types in format: ipv, rule. This concerns only rules previously added with addPassthrough. Return value is a array of (ipv, array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getAllRules() → a(sssias) Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule. This concerns only rules previously added with addRule. Return value is a array of (ipv, table, chain, priority, array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllRules. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getChains(s: ipv, s: table) → as Return an array of chains (s) added to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getChains. Possible errors: INVALID_IPV, INVALID_TABLE getPassthroughs(s: ipv) → aas Get tracked passthrough rules added in either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. Return value is a array of (array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getRules(s: ipv, s: table, s: chain) → a(ias) Get all rules added to chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. Return value is a array of (priority, array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getRules. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. Possible errors: INVALID_IPV, INVALID_TABLE getSettings() → (a(sss)a(sssias)a(sas)) Get settings of permanent direct configuration in format: array of chains, array of rules, array of passthroughs. chains (a(sss)): array of (ipv, table, chain), see 'chain' in firewalld.direct5.. rules (a(sssias)): array of (ipv, table, chain, priority, array of arguments), see 'rule' in firewalld.direct5.. passthroughs (a(sas)): array of (ipv, array of arguments), see passthrough in firewalld.direct5.. queryChain(s: ipv, s: table, s: chain) → b Return whether a chain exists in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryChain. Possible errors: INVALID_IPV, INVALID_TABLE queryPassthrough(s: ipv, as: args) → b Return whether a tracked passthrough rule with the arguments args exists for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough. Possible errors: INVALID_IPV queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b Return whether a rule with priority and the arguments args exists in chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryRule. Possible errors: INVALID_IPV, INVALID_TABLE removeChain(s: ipv, s: table, s: chain) → Nothing Remove a chain from table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only chains previously added with addChain can be removed this way. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeChain. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED removePassthrough(s: ipv, as: args) → Nothing Remove a passthrough rule with arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addPassthrough can be removed this way. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removePassthrough. Possible errors: INVALID_IPV, NOT_ENABLED removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Remove a rule with priority and arguments args from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addRule can be removed this way. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeRule. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED removeRules(s: ipv, s: table, s: chain) → Nothing Remove all rules from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeRules. Possible errors: INVALID_IPV, INVALID_TABLE update((a(sss)a(sssias)a(sas)): settings) → Nothing Update permanent direct configuration with given settings. Settings are in format: array of chains, array of rules, array of passthroughs. chains (a(sss)): array of (ipv, table, chain), see 'chain' in firewalld.direct5.. rules (a(sssias)): array of (ipv, table, chain, priority, array of arguments), see 'rule' in firewalld.direct5.. passthroughs (a(sas)): array of (ipv, array of arguments), see passthrough in firewalld.direct5.. Possible errors: INVALID_TYPE Signals Updated() Emitted when configuration has been updated. org.fedoraproject.FirewallD1.config.policies Interface for permanent lockdown-whitelist configuration, see also firewalld.lockdown-whitelist5. For runtime configuration see org.fedoraproject.FirewallD1.policies interface. Methods addLockdownWhitelistCommand(s: command) → Nothing Add command to whitelist. See command option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand. Possible errors: ALREADY_ENABLED, INVALID_TYPE addLockdownWhitelistContext(s: context) → Nothing Add context to whitelist. See selinux option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext. Possible errors: ALREADY_ENABLED, INVALID_TYPE addLockdownWhitelistUid(i: uid) → Nothing Add user id uid to whitelist. See user option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid. Possible errors: ALREADY_ENABLED, INVALID_TYPE addLockdownWhitelistUser(s: user) → Nothing Add user name to whitelist. See user option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser. Possible errors: ALREADY_ENABLED, INVALID_TYPE getLockdownWhitelist() → (asasasai) Get settings of permanent lockdown-whitelist configuration in format: commands, selinux contexts, users, uids commands (as): see command option in firewalld.lockdown-whitelist5. selinux contexts (as): see selinux option in firewalld.lockdown-whitelist5. users (as): see name attribute of user option in firewalld.lockdown-whitelist5. uids (ai): see id attribute of user option in firewalld.lockdown-whitelist5. getLockdownWhitelistCommands() → as List all command lines (s) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands. getLockdownWhitelistContexts() → as List all contexts (s) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts. getLockdownWhitelistUids() → ai List all user ids (i) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids. getLockdownWhitelistUsers() → as List all users (s) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers. queryLockdownWhitelistCommand(s: command) → b Query whether command is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand. queryLockdownWhitelistContext(s: context) → b Query whether context is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext. queryLockdownWhitelistUid(i: uid) → b Query whether user id uid is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid. queryLockdownWhitelistUser(s: user) → b Query whether user is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser. removeLockdownWhitelistCommand(s: command) → Nothing Remove command from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand. Possible errors: NOT_ENABLED removeLockdownWhitelistContext(s: context) → Nothing Remove context from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext. Possible errors: NOT_ENABLED removeLockdownWhitelistUid(i: uid) → Nothing Remove user id uid from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid. Possible errors: NOT_ENABLED removeLockdownWhitelistUser(s: user) → Nothing Remove user from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser. Possible errors: NOT_ENABLED setLockdownWhitelist((asasasai): settings) → Nothing Set permanent lockdown-whitelist configuration to settings. Settings are in format: commands, selinux contexts, users, uids commands (as): see command option in firewalld.lockdown-whitelist5. selinux contexts (as): see selinux option in firewalld.lockdown-whitelist5. users (as): see name attribute of user option in firewalld.lockdown-whitelist5. uids (ai): see id attribute of user option in firewalld.lockdown-whitelist5. Possible errors: INVALID_TYPE Signals LockdownWhitelistUpdated() Emitted when permanent lockdown-whitelist configuration has been updated. org.fedoraproject.FirewallD1.config.ipset Interface for permanent ipset configuration, see also firewalld.ipset5. Methods addEntry(s: entry) → Nothing Permanently add entry to list of entries of ipset. See entry tag in firewalld.ipset5. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.addEntry. Possible errors: ALREADY_ENABLED addOption(s: key, s: value) → Nothing Permanently add (key, value) to the ipset. See option tag in firewalld.ipset5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of ipset. See description tag in firewalld.ipset5. getEntries() → as Get list of entries added to ipset. See entry tag in firewalld.ipset5. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.getEntries. Possible errors: IPSET_WITH_TIMEOUT getOptions() → a{ss} Get dictionary of options set for ipset. See option tag in firewalld.ipset5. getSettings() → (ssssa{ss}as) Return permament settings of the ipset. For getting runtime settings see org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. getShort() → s Get name of ipset. See short tag in firewalld.ipset5. getType() → s Get type of ipset. See type attribute of ipset tag in firewalld.ipset5. getVersion() → s Get version of ipset. See version attribute of ipset tag in firewalld.ipset5. loadDefaults() → Nothing Load default settings for built-in ipset. Possible errors: NO_DEFAULTS queryEntry(s: entry) → b Return whether entry has been added to ipset. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.queryEntry. queryOption(s: key, s: value) → b Return whether (key, value) has been added to options of the ipset. remove() → Nothing Remove not built-in ipset. Possible errors: BUILTIN_IPSET removeEntry(s: entry) → Nothing Permanently remove entry from ipset. See entry tag in firewalld.ipset5. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.removeEntry. Possible errors: NOT_ENABLED removeOption(s: key) → Nothing Permanently remove key from the ipset. See option tag in firewalld.ipset5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in ipset to name. Possible errors: BUILTIN_IPSET setDescription(s: description) → Nothing Permanently set description of ipset to description. See description tag in firewalld.ipset5. setEntries(as: entries) → Nothing Permanently set list of entries to entries. See entry tag in firewalld.ipset5. setOptions(a{ss}: options) → Nothing Permanently set dict of options to options. See option tag in firewalld.ipset5. setShort(s: short) → Nothing Permanently set name of ipset to short. See short tag in firewalld.ipset5. setType(s: ipset_type) → Nothing Permanently set type of ipset to ipset_type. See type attribute of ipset tag in firewalld.ipset5. setVersion(s: version) → Nothing Permanently set version of ipset to version. See version attribute of ipset tag in firewalld.ipset5. update((ssssa{ss}as): settings) → Nothing Update settings of ipset to settings. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when ipset with name has been removed. Renamed(s: name) Emitted when ipset has been renamed to name. Updated(s: name) Emitted when ipset with name has been updated. Properties builtin - b - (ro) True if ipset is build-in, false else. default - b - (ro) True if build-in ipset has default settings. False if it has been modified. Always False for not build-in ipsets. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of ipset. path - s - (ro) Path to directory where the ipset configuration is stored. Should be either /usr/lib/firewalld/ipsets or /etc/firewalld/ipsets. org.fedoraproject.FirewallD1.config.zone Interface for permanent zone configuration, see also firewalld.zone5. Methods addForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing Permanently add (port, protocol, toport, toaddr) to list of forward ports of zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addForwardPort. Possible errors: ALREADY_ENABLED addIcmpBlock(s: icmptype) → Nothing Permanently add icmptype to list of icmp types blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock. Possible errors: ALREADY_ENABLED addIcmpBlock(s: icmptype) → Nothing Permanently add icmp block inversion to zone. See icmp-block-inversion tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion. Possible errors: ALREADY_ENABLED addInterface(s: interface) → Nothing Permanently add interface to list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addInterface. Possible errors: ALREADY_ENABLED addMasquerade() → Nothing Permanently enable masquerading in zone. See masquerade tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addMasquerade. Possible errors: ALREADY_ENABLED addPort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of ports of zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addPort. Possible errors: ALREADY_ENABLED addProtocol(s: protocol) → Nothing Permanently add protocol into zone. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addProtocol. Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED addRichRule(s: rule) → Nothing Permanently add rule to list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addRichRule. Possible errors: ALREADY_ENABLED addService(s: service) → Nothing Permanently add service to list of services used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addService. Possible errors: ALREADY_ENABLED addSource(s: source) → Nothing Permanently add source to list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addSource. Possible errors: ALREADY_ENABLED addSourcePort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of source ports of zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addSourcePort. Possible errors: ALREADY_ENABLED getDescription() → s Get description of zone. See description tag in firewalld.zone5. getForwardPorts() → a(ssss) Get list of (port, protocol, toport, toaddr) defined in zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts. getIcmpBlockInversion() → b Get icmp block inversion flag of zone. See icmp-block-inversion tag in firewalld.zone5. getIcmpBlocks() → as Get list of icmp type names blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks. getInterfaces() → as Get list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getInterfaces. getMasquerade() → b Return whether masquerade is enabled in zone. This is the same as queryMasquerade() method. See masquerade tag in firewalld.zone5. getPorts() → a(ss) Get list of (port, protocol) defined in zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getPorts. getProtocols() → as Return array of protocols (s) previously enabled in zone. For getting runtime settings see org.fedoraproject.FirewallD1.zone.Methods.getProtocols. getRichRules() → as Get list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getRichRules. getServices() → as Get list of service names used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getServices. getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)) Return permanent settings of given zone. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getZoneSettings. Settings are in format: version, name, description, UNUSED, target, array of services, array of ports (port, protocol), array of icmp-blocks, masquerade, array of forward-ports (port, protocol, to-port, to-addr), array of interfaces, array of sources, array of rich rules, array of protocols and array of source-ports (port, protocol). version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. UNUSED (b): this boolean value is no longer used for anything. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp-blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward-ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. source addresses (as): array of source addresses. See source tag in firewalld.zone5. rich rules (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols. See protocol tag in firewalld.zone5. source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. getShort() → s Get name of zone. See short tag in firewalld.zone5. getSourcePorts() → a(ss) Get list of (port, protocol) defined in zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts. getSources() → as Get list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getSources. getTarget() → s Get target of zone. See target attribute of zone tag in firewalld.zone5. getVersion() → s Get version of zone. See version attribute of zone tag in firewalld.zone5. loadDefaults() → Nothing Load default settings for built-in zone. Possible errors: NO_DEFAULTS queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b Return whether (port, protocol, toport, toaddr) is in list of forward ports of zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort. queryIcmpBlock(s: icmptype) → b Return whether icmptype is in list of icmp types blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock. queryIcmpBlockInversion() → b Return whether icmp block inversion is in enabled in zone. See icmp-block-inversion tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion. queryInterface(s: interface) → b Return whether interface is in list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryInterface. queryMasquerade() → b Return whether masquerade is enabled in zone. This is the same as getMasquerade() method. See masquerade tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade. queryPort(s: port, s: protocol) → b Return whether (port, protocol) is in list of ports of zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryPort. queryProtocol(s: protocol) → b Return whether protocol has been added in zone. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryProtocol. Possible errors: INVALID_PROTOCOL queryRichRule(s: rule) → b Return whether rule is in list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryRichRule. queryService(s: service) → b Return whether service is in list of services used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryService. querySource(s: source) → b Return whether source is in list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.querySource. querySourcePort(s: port, s: protocol) → b Return whether (port, protocol) is in list of source ports of zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.querySourcePort. remove() → Nothing Remove not built-in zone. Possible errors: BUILTIN_ZONE removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing Permanently remove (port, protocol, toport, toaddr) from list of forward ports of zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort. Possible errors: NOT_ENABLED removeIcmpBlock(s: icmptype) → Nothing Permanently remove icmptype from list of icmp types blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock. Possible errors: NOT_ENABLED removeIcmpBlockInversion() → Nothing Permanently remove icmp block inversion from the zone. See icmp-block-inversion tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion. Possible errors: NOT_ENABLED removeInterface(s: interface) → Nothing Permanently remove interface from list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeInterface. Possible errors: NOT_ENABLED removeMasquerade() → Nothing Permanently disable masquerading in zone. See masquerade tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade. Possible errors: NOT_ENABLED removePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of ports of zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removePort. Possible errors: NOT_ENABLED removeProtocol(s: protocol) → Nothing Permanently remove protocol from zone. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol. Possible errors: INVALID_PROTOCOL, NOT_ENABLED removeRichRule(s: rule) → Nothing Permanently remove rule from list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule. Possible errors: NOT_ENABLED removeService(s: service) → Nothing Permanently remove service from list of services used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeService. Possible errors: NOT_ENABLED removeSource(s: source) → Nothing Permanently remove source from list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeSource. Possible errors: NOT_ENABLED removeSourcePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of source ports of zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in zone to name. Possible errors: BUILTIN_ZONE setDescription(s: description) → Nothing Permanently set description of zone to description. See description tag in firewalld.zone5. setForwardPorts(a(ssss): ports) → Nothing Permanently set forward ports of zone to list of (port, protocol, toport, toaddr). See forward-port tag in firewalld.zone5. setIcmpBlockInversion(b: flag) → Nothing Permanently set icmp block inversion flag of zone to flag. See icmp-block-inversion tag in firewalld.zone5. setIcmpBlocks(as: icmptypes) → Nothing Permanently set list of icmp types blocked in zone to icmptypes. See icmp-block tag in firewalld.zone5. setInterfaces(as: interfaces) → Nothing Permanently set list of interfaces bound to zone to interfaces. See interface tag in firewalld.zone5. setMasquerade(b: masquerade) → Nothing Permanently set masquerading in zone to masquerade. See masquerade tag in firewalld.zone5. setPorts(a(ss): ports) → Nothing Permanently set ports of zone to list of (port, protocol). See port tag in firewalld.zone5. setProtocols(as: protocols) → Nothing Permanently set list of protocols used in zone to protocols. See protocol tag in firewalld.zone5. setRichRules(as: rules) → Nothing Permanently set list of rich-language rules to rules. See rule tag in firewalld.zone5. setServices(as: services) → Nothing Permanently set list of services used in zone to services. See service tag in firewalld.zone5. setShort(s: short) → Nothing Permanently set name of zone to short. See short tag in firewalld.zone5. setSourcePorts(a(ss): ports) → Nothing Permanently set source-ports of zone to list of (port, protocol). See source-port tag in firewalld.zone5. setSources(as: sources) → Nothing Permanently set list of source addresses bound to zone to sources. See source tag in firewalld.zone5. setTarget(s: target) → Nothing Permanently set target of zone to target. See target attribute of zone tag in firewalld.zone5. setVersion(s: version) → Nothing Permanently set version of zone to version. See version attribute of zone tag in firewalld.zone5. update((sssbsasa(ss)asba(ssss)asasasasa(ss)): settings) → Nothing Update settings of zone to settings. Settings are in format: version, name, description, UNUSED, target, array of services, array of ports (port, protocol), array of icmp-blocks, masquerade, array of forward-ports (port, protocol, to-port, to-addr), array of interfaces, array of sources, array of rich rules, array of protocols and array of source-ports (port, protocol). version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. UNUSED (b): this boolean value is no longer used for anything. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp-blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward-ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. source addresses (as): array of source addresses. See source tag in firewalld.zone5. rich rules (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols. See protocol tag in firewalld.zone5. source-ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when zone with name has been removed. Renamed(s: name) Emitted when zone has been renamed to name. Updated(s: name) Emitted when zone with name has been updated. Properties builtin - b - (ro) True if zone is build-in, false else. default - b - (ro) True if build-in zone has default settings. False if it has been modified. Always False for not build-in zones. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of zone. path - s - (ro) Path to directory where the zone configuration is stored. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones. org.fedoraproject.FirewallD1.config.service Interface for permanent service configuration, see also firewalld.service5. Methods addModule(s: module) → Nothing This method is deprecated. Please use "helpers" in the update2() method. addPort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of ports in service. See port tag in firewalld.service5. Possible errors: ALREADY_ENABLED addProtocol(s: protocol) → Nothing Permanently add protocol into zone. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. See protocol tag in firewalld.service5. Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED addSourcePort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of source ports in service. See source-port tag in firewalld.service5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of service. See description tag in firewalld.service5. getDestination(s: family) → s Get destination for IP family being either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. Possible errors: ALREADY_ENABLED getDestinations() → a{ss} Get list of destinations. Return value is a dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. getModules() → as This method is deprecated. Please use "helpers" in the getSettings2() method. getPorts() → a(ss) Get list of (port, protocol) defined in service. See port tag in firewalld.service5. getProtocols() → as Return array of protocols (s) defined in service. See protocol tag in firewalld.service5. getSettings() → (sssa(ss)asa{ss}asa(ss)) This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.getSettings2 instead. getSettings2(s: service) → s{sv} Return runtime settings of given service. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getServiceSettings2. Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be ommitted. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. getShort() → s Get name of service. See short tag in firewalld.service5. getSourcePorts() → a(ss) Get list of (port, protocol) defined in service. See source-port tag in firewalld.service5. getVersion() → s Get version of service. See version attribute of service tag in firewalld.service5. loadDefaults() → Nothing Load default settings for built-in service. Possible errors: NO_DEFAULTS queryDestination(s: family, s: address) → b Return whether a destination is in dictionary of destinations of this service. destination is in format: (IP family, IP address) where IP family can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. queryModule(s: module) → b This method is deprecated. Please use "helpers" in the getSettings2() method. queryPort(s: port, s: protocol) → b Return whether (port, protocol) is in list of ports in service. See port tag in firewalld.service5. queryProtocol(s: protocol) → b Return whether protocol is in list of protocols in service. See protocol tag in firewalld.service5. querySourcePort(s: port, s: protocol) → b Return whether (port, protocol) is in list of source ports in service. See source-port tag in firewalld.service5. remove() → Nothing Remove not built-in service. Possible errors: BUILTIN_SERVICE removeDestination(s: family) → Nothing Permanently remove a destination with family ('ipv4' or 'ipv6') from service. See destination tag in firewalld.service5. Possible errors: NOT_ENABLED removeModule(s: module) → Nothing This method is deprecated. Please use "helpers" in the update2() method. removePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of ports in service. See port tag in firewalld.service5. Possible errors: NOT_ENABLED removeProtocol(s: protocol) → Nothing Permanently remove protocol from list of protocols in service. See protocol tag in firewalld.service5. Possible errors: NOT_ENABLED removeSourcePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of source ports in service. See source-port tag in firewalld.service5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in service to name. Possible errors: BUILTIN_SERVICE setDescription(s: description) → Nothing Permanently set description of service to description. See description tag in firewalld.service5. setDestination(s: family, s: address) → Nothing Permanently set a destination address. destination is in format: (IP family, IP address) where IP family can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. Possible errors: ALREADY_ENABLED setDestinations(a{ss}: destinations) → Nothing Permanently set destinations of service to destinations, which is a dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. setModules(as: modules) → Nothing This method is deprecated. Please use "helpers" in the update2() method. setPorts(a(ss): ports) → Nothing Permanently set ports of service to list of (port, protocol). See port tag in firewalld.service5. setProtocols(as: protocols) → Nothing Permanently set protocols of service to list of protocols. See protocol tag in firewalld.service5. setShort(s: short) → Nothing Permanently set name of service to short. See short tag in firewalld.service5. setSourcePorts(a(ss): ports) → Nothing Permanently set source-ports of service to list of (port, protocol). See source-port tag in firewalld.service5. setVersion(s: version) → Nothing Permanently set version of service to version. See version attribute of service tag in firewalld.service5. update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.update2 instead. update2a{sv}: settings) → Nothing Update settings of service to settings. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when service with name has been removed. Renamed(s: name) Emitted when service has been renamed to name. Updated(s: name) Emitted when service with name has been updated. Properties builtin - b - (ro) True if service is build-in, false else. default - b - (ro) True if build-in service has default settings. False if it has been modified. Always False for not build-in services. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of service. path - s - (ro) Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/services or /etc/firewalld/services. org.fedoraproject.FirewallD1.config.helper Interface for permanent helper configuration, see also firewalld.helper5. Methods addPort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of ports in helper. See port tag in firewalld.helper5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of helper. See description tag in firewalld.helper5. getFamily() → s Get family being 'ipv4', 'ipv6' or empty for both. See family tag in firewalld.helper5. getModule() → s Get modules (netfilter kernel helpers) used in helper. See module tag in firewalld.helper5. getPorts() → a(ss) Get list of (port, protocol) defined in helper. See port tag in firewalld.helper5. getSettings() → (sssssa(ss)) Return permanent settings of a helper. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getHelperSettings. Settings are in format: version, name, description, family, module, array of ports (port, protocol). version (s): see version attribute of helper tag in firewalld.helper5. name (s): see short tag in firewalld.helper5. description (s): see description tag in firewalld.helper5. family (s): see family tag in firewalld.helper5. module (s): see module tag in firewalld.helper5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper5. getShort() → s Get name of helper. See short tag in firewalld.helper5. getVersion() → s Get version of helper. See version attribute of helper tag in firewalld.helper5. loadDefaults() → Nothing Load default settings for built-in helper. Possible errors: NO_DEFAULTS queryFamily(s: module) → b Return whether family is set for helper. See family tag in firewalld.helper5. queryModule(s: module) → b Return whether module (netfilter kernel helpers) is used in helper. See module tag in firewalld.helper5. queryPort(s: port, s: protocol) → b Return whether (port, protocol) is in list of ports in helper. See port tag in firewalld.helper5. remove() → Nothing Remove not built-in helper. Possible errors: BUILTIN_HELPER removePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of ports in helper. See port tag in firewalld.helper5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in helper to name. Possible errors: BUILTIN_HELPER setDescription(s: description) → Nothing Permanently set description of helper to description. See description tag in firewalld.helper5. setFamily(s: family) → Nothing Permanently set family of helper to family. See family tag in firewalld.helper5. setModule(s: module) → Nothing Permanently set module of helper to description. See module tag in firewalld.helper5. setPorts(a(ss): ports) → Nothing Permanently set ports of helper to list of (port, protocol). See port tag in firewalld.helper5. setShort(s: short) → Nothing Permanently set name of helper to short. See short tag in firewalld.helper5. setVersion(s: version) → Nothing Permanently set version of helper to version. See version attribute of helper tag in firewalld.helper5. update((sssssa(ss)): settings) → Nothing Update settings of helper to settings. Settings are in format: version, name, description, family, module and array of ports. version (s): see version attribute of helper tag in firewalld.helper5. name (s): see short tag in firewalld.helper5. description (s): see description tag in firewalld.helper5. family (s): see family tag in firewalld.helper5. module (s): see module tag in firewalld.helper5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper5. Possible errors: INVALID_HELPER Signals Removed(s: name) Emitted when helper with name has been removed. Renamed(s: name) Emitted when helper has been renamed to name. Updated(s: name) Emitted when helper with name has been updated. Properties builtin - b - (ro) True if helper is build-in, false else. default - b - (ro) True if build-in helper has default settings. False if it has been modified. Always False for not build-in helpers. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of helper. path - s - (ro) Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/helpers or /etc/firewalld/helpers. org.fedoraproject.FirewallD1.config.icmptype Interface for permanent icmp type configuration, see also firewalld.icmptype5. Methods addDestination(s: destination) → Nothing Permanently add a destination ('ipv4' or 'ipv6') to list of destinations of this icmp type. See destination tag in firewalld.icmptype5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of icmp type. See description tag in firewalld.icmptype5. getDestinations() → as Get list of destinations. See destination tag in firewalld.icmptype5. getSettings() → (sssas) Return permanent settings of icmp type. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings. Settings are in format: version, name, description, array of destinations. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' and/or 'ipv6', see destination tag in firewalld.icmptype5. getShort() → s Get name of icmp type. See short tag in firewalld.icmptype5. getVersion() → s Get version of icmp type. See version attribute of icmptype tag in firewalld.icmptype5. loadDefaults() → Nothing Load default settings for built-in icmp type. Possible errors: NO_DEFAULTS queryDestination(s: destination) → b Return whether a destination ('ipv4' or 'ipv6') is in list of destinations of this icmp type. See destination tag in firewalld.icmptype5. remove() → Nothing Remove not built-in icmp type. Possible errors: BUILTIN_ICMPTYPE removeDestination(s: destination) → Nothing Permanently remove a destination ('ipv4' or 'ipv6') from list of destinations of this icmp type. See destination tag in firewalld.icmptype5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in icmp type to name. Possible errors: BUILTIN_ICMPTYPE setDescription(s: description) → Nothing Permanently set description of icmp type to description. See description tag in firewalld.icmptype5. setDestinations(as: destinations) → Nothing Permanently set destinations of icmp type to destinations, which is array, either empty or containing strings 'ipv4' and/or 'ipv6'. See destination tag in firewalld.icmptype5. setShort(s: short) → Nothing Permanently set name of icmp type to short. See short tag in firewalld.icmptype5. setVersion(s: version) → Nothing Permanently set version of icmp type to version. See version attribute of icmptype tag in firewalld.icmptype5. update((sssas): settings) → Nothing Update permanent settings of icmp type to settings. Settings are in format: version, name, description, array of destinations. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' and/or 'ipv6', see destination tag in firewalld.icmptype5. Signals Removed(s: name) Emitted when icmp type with name has been removed. Renamed(s: name) Emitted when icmp type has been renamed to name. Updated(s: name) Emitted when icmp type with name has been updated. Properties builtin - b - (ro) True if icmptype is build-in, false else. default - b - (ro) True if build-in icmp type has default settings. False if it has been modified. Always False for not build-in zones. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of icmp type. path - s - (ro) Path to directory where the icmp type configuration is stored. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes. &seealso; ¬es; firewalld-0.8.2/doc/xml/firewall-config.xml0000664007115300711530000000471713630022170022016 0ustar00egarveregarver00000000000000 ]> firewall-config firewalld &authors; firewall-config 1 firewall-config firewalld GUI configuration tool firewall-config OPTIONS Description firewall-config is a GUI configuration tool for firewalld. Options firewall-config does not support any special options. The only options that can be used are the general options that Gtk uses for Gtk application initialization. For more information on these options, please have a look at the runtime documentation for Gtk. The following options are supported: Prints a short help text and exits. &seealso; ¬es; firewalld-0.8.2/doc/xml/seealso.xml0000664007115300711530000000545413614563155020417 0ustar00egarveregarver00000000000000 See Also firewall-applet1 firewalld1 firewall-cmd1 firewall-config1 firewalld.conf5 firewalld.direct5 firewalld.dbus5 firewalld.icmptype5 firewalld.lockdown-whitelist5 firewall-offline-cmd1 firewalld.richlanguage5 firewalld.service5 firewalld.zone5 firewalld.zones5 firewalld.ipset5 firewalld.helper5 firewalld-0.8.2/doc/xml/firewalld.richlanguage.xml0000664007115300711530000004423213620317435023355 0ustar00egarveregarver00000000000000 ]> firewalld.richlanguage firewalld &authors; firewalld.richlanguage 5 firewalld.richlanguage Rich Language Documentation Description With the rich language more complex firewall rules can be created in an easy to understand way. The language uses keywords with values and is an abstract representation of ip*tables rules. The rich language extends the current zone elements (service, port, icmp-block, icmp-type, masquerade, forward-port and source-port) with additional source and destination addresses, logging, actions and limits for logs and actions. This page describes the rich language used in the command line client and D-Bus interface. For information about the rich language representation used in the zone configuration files, please have a look at firewalld.zone5. A rule is part of a zone. One zone can contain several rules. If some rules interact/contradict, the first rule that matches "wins". General rule structure rule [source] [destination] service|port|protocol|icmp-block|icmp-type|masquerade|forward-port|source-port [log] [audit] [accept|reject|drop|mark] The complete rule is provided as a single line string. A destination is allowed here as long as it does not conflict with the destination of a service. Rule structure for source black or white listing rule source [log] [audit] accept|reject|drop|mark This is used to grant or limit access from a source to this machine or machines that are reachable by this machine. A destination is not allowed here. Important information about element options: Options for elements in a rule need to be added exactly after the element. If the option is placed somewhere else it might be used for another element as far as it matches the options of the other element or will result in a rule error. Rule rule [family="ipv4|ipv6"] [priority="priority"] If the rule family is provided, it can be either "ipv4" or "ipv6", which limits the rule to IPv4 or IPv6. If the rule family is not provided, the rule will be added for IPv4 and IPv6. If source or destination addresses are used in a rule, then the rule family need to be provided. This is also the case for port/packet forwarding. If the rule priority is provided, it can be in the range of -32768 to 32767 where lower values have higher precendence. Rich rules are sorted by priority. Ordering for rules with the same priority value is undefined. A negative priority value will be executed before other firewalld primitives. A positive priority value will be executed after other firewalld primitives. A priority value of 0 will place the rule in a chain based on the action as per the "Information about logging and actions" below. Source source [not] address="address[/mask]"|mac="mac-address"|ipset="ipset" With the source address the origin of a connection attempt can be limited to the source address. An address is either a single IP address, or a network IP address, a MAC address or an IPSet. The address has to match the rule family (IPv4/IPv6). Subnet mask is expressed in either dot-decimal (/x.x.x.x) or prefix (/x) notations for IPv4, and in prefix notation (/x) for IPv6 network addresses. It is possible to invert the sense of an address by adding before . All but the specified address will match then. Destination destination [not] address="address[/mask]" With the destination address the target can be limited to the destination address. The destination address is using the same syntax as the source address. The use of source and destination addresses is optional and the use of a destination addresses is not possible with all elements. This depends on the use of destination addresses for example in service entries. Service service name="service name" The service service name will be added to the rule. The service name is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. If a service provides a destination address, it will conflict with a destination address in the rule and will result in an error. The services using destination addresses internally are mostly services using multicast. Port port port="port value" protocol="tcp|udp" The port port value can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp. Protocol protocol value="protocol value" The protocol value can be either a protocol id number or a protocol name. For allowed protocol entries, please have a look at /etc/protocols. ICMP-Block icmp-block name="icmptype name" The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes It is not allowed to specify an action here. icmp-block uses the action reject internally. Masquerade masquerade Turn on masquerading in the rule. A source and also a destination address can be provided to limit masquerading to this area. It is not allowed to specify an action here. Note: IP forwarding will be implicitly enabled. ICMP-Type icmp-type name="icmptype name" The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes Forward-Port forward-port port="port value" protocol="tcp|udp" to-port="port value" to-addr="address" Forward port/packets from local port value with protocol "tcp" or "udp" to either another port locally or to another machine or to another port on another machine. The port value can either be a single port number or a port range portid-portid. The is an IP address. It is not allowed to specify an action here. forward-port uses the action accept internally. Note: IP forwarding will be implicitly enabled if is specified. Source-Port source-port port="port value" protocol="tcp|udp" The source-port port value can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp. Log log [prefix="prefix text"] [level="log level"] [limit value="rate/duration"] Log new connection attempts to the rule with kernel logging for example in syslog. You can define a prefix text that will be added to the log message as a prefix. Log level can be one of "", "", "", "", "", "", "" or "", where default (i.e. if there's no one specified) is "". See syslog3 for description of levels. See Limit section for description of tag. Audit audit [limit value="rate/duration"] Audit provides an alternative way for logging using audit records sent to the service auditd. Audit type will be discovered from the rule action automatically. Use of audit is optional. See Limit section for description of tag. Action An action can be one of , , or . The rule can either contain an element or also a source only. If the rule contains an element, then new connection matching the element will be handled with the action. If the rule does not contain an element, then everything from the source address will be handled with the action. accept [limit value="rate/duration"] reject [type="reject type"] [limit value="rate/duration"] drop [limit value="rate/duration"] mark set="mark[/mask]" [limit value="rate/duration"] With all new connection attempts will be granted. With they will not be accepted and their source will get a reject ICMP(v6) message. The reject type can be set to specify appropriate ICMP(v6) error message. For valid reject types see in iptables-extensions8 man page. Because reject types are different for IPv4 and IPv6 you have to specify rule family when using reject type. With all packets will be dropped immediately, there is no information sent to the source. With all packets will be marked in the chain in the table with the mark and mask combination. See Limit section for description of tag. Limit limit value="rate/duration" It is possible to limit Log, Audit and Action. A rule using this tag will match until this limit is reached. The rate is a natural positive number [1, ..] The duration is of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. Maximum limit value is "2/d", which means at maximum two matches per day. Information about logging and actions Logging can be done with the log and audit actions. A new chain is added to all zones: zone_log. This will be jumped into before the deny chain to be able to have a proper ordering. The rules or parts of them are placed in separate chains according to the priority and action of the rule: zone_pre zone_log zone_deny zone_allow zone_post When priority < 0, the rich rule will be placed in the zone_pre chain. When priority == 0Then all logging rules will be placed in the zone_log chain. All reject and drop rules will be placed in the zone_deny chain, which will be walked after the log chain. All accept rules will be placed in the zone_allow chain, which will be walked after the deny chain. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains. When priority > 0, the rich rule will be placed in the zone_post chain. Examples These are examples of how to specify rich language rules. This format (i.e. one string that specifies whole rule) uses for example (see firewall-cmd1) as well as D-Bus interface. Example 1 Enable new IPv4 and IPv6 connections for protocol 'ah' rule protocol value="ah" accept Example 2 Allow new IPv4 and IPv6 connections for service ftp and log 1 per minute using audit rule service name="ftp" log limit value="1/m" audit accept Example 3 Allow new IPv4 connections from address 192.168.0.0/24 for service tftp and log 1 per minutes using syslog rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp" level="info" limit value="1/m" accept Example 4 New IPv6 connections from 1:2:3:4:6:: to service radius are all rejected and logged at a rate of 3 per minute. New IPv6 connections from other sources are accepted. rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns" level="info" limit value="3/m" reject rule family="ipv6" service name="radius" accept Example 5 Forward IPv6 port/packets receiving from 1:2:3:4:6:: on port 4011 with protocol tcp to 1::2:3:4:7 on port 4012 rule family="ipv6" source address="1:2:3:4:6::" forward-port to-addr="1::2:3:4:7" to-port="4012" protocol="tcp" port="4011" Example 6 White-list source address to allow all connections from 192.168.2.2 rule family="ipv4" source address="192.168.2.2" accept Example 7 Black-list source address to reject all connections from 192.168.2.3 rule family="ipv4" source address="192.168.2.3" reject type="icmp-admin-prohibited" Example 8 Black-list source address to drop all connections from 192.168.2.4 rule family="ipv4" source address="192.168.2.4" drop &seealso; ¬es; firewalld-0.8.2/doc/Makefile.am0000664007115300711530000000002213341016621017444 0ustar00egarveregarver00000000000000SUBDIRS = xml man firewalld-0.8.2/doxygen.conf.in0000664007115300711530000022136213341016621017610 0ustar00egarveregarver00000000000000# Doxyfile 1.7.5 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or sequence of words) that should # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. PROJECT_NAME = @PACKAGE@ # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer # a quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is # included in the documentation. The maximum height of the logo should not # exceed 55 pixels and the maximum width should not exceed 200 pixels. # Doxygen will copy the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = NO # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given extension. # Doxygen has a built-in mapping, but you can override or extend it using this # tag. The format is ext=language, where ext is a file extension, and language # is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, # C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make # doxygen treat .inc files as Fortran files (default is PHP), and .f files as C # (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions # you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. EXTENSION_MAPPING = # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate getter # and setter methods for a property. Setting this option to YES (the default) # will make doxygen replace the get and set methods by a property in the # documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and # unions are shown inside the group in which they are included (e.g. using # @ingroup) instead of on a separate page (for HTML and Man pages) or # section (for LaTeX and RTF). INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and # unions with only public data fields will be shown inline in the documentation # of the scope in which they are defined (i.e. file, namespace, or group # documentation), provided this scope is documented. If set to NO (the default), # structs, classes, and unions are shown on a separate page (for HTML and Man # pages) or section (for LaTeX and RTF). INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols SYMBOL_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = YES #NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES #NO # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen # will list include files with double quotes in the documentation # rather than with sharp brackets. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen # will sort the (brief and detailed) documentation of class members so that # constructors and destructors are listed first. If set to NO (the default) # the constructors will appear in the respective orders defined by # SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. # This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO # and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to # do proper type resolution of all parameters of a function it will reject a # match between the prototype and the implementation of a member function even # if there is only one candidate or it is obvious which candidate to choose # by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen # will still accept a match between prototype and implementation in such cases. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if sectionname ... \endif. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # If the sources in your project are distributed over multiple directories # then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy # in the documentation. The default is NO. SHOW_DIRECTORIES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command , where is the value of # the FILE_VERSION_FILTER tag, and is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. The create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files # containing the references data. This must be a list of .bib files. The # .bib extension is automatically appended if omitted. Using this command # requires the bibtex tool to be installed. See also # http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style # of the bibliography can be controlled using LATEX_BIB_STYLE. CITE_BIB_FILES = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = src/firewall # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = *.py # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = YES # The EXCLUDE tag can be used to specify files and/or directories that should # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # Note that relative paths are relative to directory from which doxygen is run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = Makfile* *.in # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty or if # non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = YES INPUT_FILTER = doxypy.py #NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) # and it is also possible to disable source filtering for a specific pattern # using *.ext= (so without naming a filter). This option only has effect when # FILTER_SOURCE_FILES is enabled. FILTER_SOURCE_PATTERNS = #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C and C++ comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = YES # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. Note that when using a custom header you are responsible # for the proper inclusion of any scripts and style sheets that doxygen # needs, which is dependent on the configuration options used. # It is adviced to generate a default header using "doxygen -w html # header.html footer.html stylesheet.css YourConfigFile" and then modify # that header. Note that the header is subject to change so you typically # have to redo this when upgrading to a newer version of doxygen or when # changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # If the HTML_TIMESTAMP tag is set to YES then the generated HTML documentation will contain the timesstamp. HTML_TIMESTAMP = NO # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If the tag is left blank doxygen # will generate a default style sheet. Note that doxygen will try to copy # the style sheet file to the HTML output directory, so don't put your own # stylesheet in the HTML output directory as well, or it will be erased! HTML_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that # the files will be copied as-is; there are no commands or markers available. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. # Doxygen will adjust the colors in the stylesheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, # 180 is cyan, 240 is blue, 300 purple, and 360 is red again. # The allowed range is 0 to 359. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of # the colors in the HTML output. For a value of 0 the output will use # grayscales only. A value of 255 will produce the most vivid colors. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to # the luminance component of the colors in the HTML output. Values below # 100 gradually make the output lighter, whereas values above 100 make # the output darker. The value divided by 100 is the actual gamma applied, # so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, # and 100 does not change the gamma. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = YES # If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. For this to work a browser that supports # JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox # Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). HTML_DYNAMIC_SECTIONS = NO # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated # that can be used as input for Qt's qhelpgenerator to generate a # Qt Compressed Help (.qch) of the generated HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to # add. For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see # # Qt Help Project / Custom Filters. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's # filter section matches. # # Qt Help Project / Filter Attributes. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files # will be generated, which together with the HTML files, form an Eclipse help # plugin. To install this plugin and make it available under the help contents # menu in Eclipse, the contents of the directory containing the HTML and XML # files needs to be copied into the plugins directory of eclipse. The name of # the directory within the plugins directory should be the same as # the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before # the help appears. GENERATE_ECLIPSEHELP = NO # A unique identifier for the eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have # this name. ECLIPSE_DOC_ID = org.doxygen.Project # The DISABLE_INDEX tag can be used to turn on/off the condensed index at # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. DISABLE_INDEX = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values # (range [0,1..20]) that doxygen will group on one line in the generated HTML # documentation. Note that a value of 0 will completely suppress the enum # values from appearing in the overview section. ENUM_VALUES_PER_LINE = 4 # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. GENERATE_TREEVIEW = NO # By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, # and Class Hierarchy pages using a tree view instead of an ordered list. USE_INLINE_TREES = NO # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open # links to external symbols imported via tag files in a separate window. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files # in the HTML output before the changes have effect. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax # (see http://www.mathjax.org) which uses client side Javascript for the # rendering instead of using prerendered bitmaps. Use this if you do not # have LaTeX installed or if you want to formulas look prettier in the HTML # output. When enabled you also need to install MathJax separately and # configure the path to it using the MATHJAX_RELPATH option. USE_MATHJAX = NO # When MathJax is enabled you need to specify the location relative to the # HTML output directory using the MATHJAX_RELPATH option. The destination # directory should contain the MathJax.js script. For instance, if the mathjax # directory is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the # mathjax.org site, so you can quickly see the result without installing # MathJax, but it is strongly recommended to install a local copy of MathJax # before deployment. MATHJAX_RELPATH = http://www.mathjax.org/mathjax # The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension # names that should be enabled during MathJax rendering. MATHJAX_EXTENSIONS = # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using # HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets # (GENERATE_DOCSET) there is already a search function so this one should # typically be disabled. For large projects the javascript based search engine # can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. SEARCHENGINE = YES # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a PHP enabled web server instead of at the web client # using Javascript. Doxygen will generate the search PHP script and index # file to put on the web server. The advantage of the server # based approach is that it scales better to large projects and allows # full text search. The disadvantages are that it is more difficult to setup # and does not have live searching capabilities. SERVER_BASED_SEARCH = NO #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. # Note that when enabling USE_PDFLATEX this option is only used for # generating bitmaps for formulas in the HTML output, but not in the # Makefile that is written to the output directory. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4 # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for # the generated latex document. The footer should contain everything after # the last chapter. If it is left blank doxygen will generate a # standard footer. Notice: only use this tag if you know what you are doing! LATEX_FOOTER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include # source code with syntax highlighting in the LaTeX output. # Note that which sources are shown also depends on other settings # such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See # http://en.wikipedia.org/wiki/BibTeX for more info. LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load stylesheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros # that are alone on a line, have an all uppercase name, and do not end with a # semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. # Optionally an initial location of the external documentation # can be added for each tagfile. The format of a tag file without # this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths or # URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. # Note that each tag file must have a unique name # (where the name does NOT include the path) # If a tag file is not located in the directory in which doxygen # is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option also works with HAVE_DOT disabled, but it is recommended to # install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is # allowed to run in parallel. When set to 0 (the default) doxygen will # base this on the number of processors available in the system. You can set it # explicitly to a value larger than 0 to get control over the balance # between CPU load and processing speed. DOT_NUM_THREADS = 0 # By default doxygen will use the Helvetica font for all dot files that # doxygen generates. When you want a differently looking font you can specify # the font name using DOT_FONTNAME. You need to make sure dot is able to find # the font, which can be done by putting it in a standard location or by setting # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the # directory containing the font. DOT_FONTNAME = Helvetica # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the Helvetica font. # If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to # set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # the CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are svg, png, jpg, or gif. # If left blank png will be used. If you choose svg you need to set # HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # Note that this requires a modern browser other than Internet Explorer. # Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you # need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible. Older versions of IE do not have SVG support. INTERACTIVE_SVG = NO # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the # \mscfile command). MSCFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = NO # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES firewalld-0.8.2/COPYING0000664007115300711530000004325413341016621015714 0ustar00egarveregarver00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. firewalld-0.8.2/shell-completion/0000775007115300711530000000000013641123257020136 5ustar00egarveregarver00000000000000firewalld-0.8.2/shell-completion/bash/0000775007115300711530000000000013641123257021053 5ustar00egarveregarver00000000000000firewalld-0.8.2/shell-completion/bash/firewall-cmd0000664007115300711530000002414513614563155023357 0ustar00egarveregarver00000000000000# bash completion for firewall-cmd -*- shell-script -*- # Copyright (C) 2013 Red Hat, Inc. # # Authors: # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # TODO: find a way how to get the following options from firewall-cmd OPTIONS_LOCKDOWN="--add-lockdown-whitelist-command= --remove-lockdown-whitelist-command= \ --query-lockdown-whitelist-command= --list-lockdown-whitelist-commands \ --add-lockdown-whitelist-context= --remove-lockdown-whitelist-context= \ --query-lockdown-whitelist-context= --list-lockdown-whitelist-contexts \ --add-lockdown-whitelist-uid= --remove-lockdown-whitelist-uid= \ --query-lockdown-whitelist-uid= --list-lockdown-whitelist-uids \ --add-lockdown-whitelist-user= --remove-lockdown-whitelist-user= \ --query-lockdown-whitelist-user= --list-lockdown-whitelist-users" # can be used as standalone or with --permanent OPTIONS_CONFIG="--get-zones --get-services --get-icmptypes --get-helpers \ ${OPTIONS_LOCKDOWN} --list-all-zones \ --info-zone= --info-service= --info-icmptype= \ --info-ipset= --info-helper=" OPTIONS_ZONE_INTERFACES_SOURCES="\ --add-interface= --remove-interface= --query-interface= \ --list-interfaces --change-interface= --change-zone= \ --add-source= --remove-source= --query-source= \ --change-source= --list-sources" OPTIONS_ZONE_ACTION_ACTION="--add-service= --remove-service= --query-service= \ --add-port= --remove-port= --query-port= \ --add-source-port= --remove-source-port= --query-source-port= \ --add-protocol= --remove-protocol= --query-protocol= \ --add-icmp-block= --remove-icmp-block= --query-icmp-block= \ --add-forward-port= --remove-forward-port= --query-forward-port=" OPTIONS_ZONE_ADAPT_QUERY="--add-rich-rule= --remove-rich-rule= --query-rich-rule= \ --add-icmp-block-inversion --remove-icmp-block-inversion \ --query-icmp-block-inversion \ --add-masquerade --remove-masquerade --query-masquerade \ --list-services --list-ports --list-protocols \ --list-source-ports --list-icmp-blocks \ --list-forward-ports --list-rich-rules --list-all" OPTIONS_ZONE_PERMANENT_ONLY="--get-description --get-short \ --set-description= --set-short=" OPTIONS_IPSET_ACTION_ACTION="--add-entry= --remove-entry= --query-entry= --add-entries-from-file= --remove-entries-from-file" OPTIONS_IPSET_ADAPT_QUERY="--list-entries" # can be used with/without preceding --zone= OPTIONS_ZONE="${OPTIONS_ZONE_INTERFACES_SOURCES} \ ${OPTIONS_ZONE_ACTION_ACTION} ${OPTIONS_ZONE_ADAPT_QUERY} ${OPTIONS_ZONE_PERMANENT_ONLY}" OPTIONS_IPSET="${OPTIONS_IPSETACTION_ACTION} ${OPTIONS_IPSET_ADAPT_QUERY}" OPTIONS_PERMANENT_ONLY="--new-icmptype= --new-icmptype-from-file= --delete-icmptype= \ --new-service= --new-service-from-file= --delete-service= \ --new-zone= --new-zone-from-file= --delete-zone= \ --new-ipset= --new-helper-from-file= --delete-ipset= \ --new-helper= --new-helper-from-file= --delete-helper= \ --get-target --set-target= \ --path-zone= --path-service= --path-icmptype= \ --path-ipset= --path-helper=" OPTIONS_NEW_IPSET="--type= --option=" OPTIONS_NEW_HELPER="--module= --family=" OPTIONS_HELPER="" # can be used after --permanent OPTIONS_PERMANENT="${OPTIONS_CONFIG} --zone= ${OPTIONS_ZONE} \ ${OPTIONS_PERMANENT_ONLY}" OPTIONS_DIRECT="--passthrough \ --add-chain --remove-chain --query-chain --get-chains --get-all-chains \ --add-rule --remove-rule --remove-rules --query-rule --get-rules --get-all-rules \ --add-passthrough --remove-passthrough \ --query-passthrough --get-passthroughs --get-all-passthroughs" # these all can be used as a "first" option OPTIONS_GENERAL="--help --version \ --state --reload --complete-reload \ --panic-on --panic-off --query-panic \ --get-log-denied --set-log-denied= --get-ipset-types \ --lockdown-on --lockdown-off --query-lockdown \ --get-default-zone --set-default-zone= --get-active-zones \ --get-zone-of-interface= --get-zone-of-interface= \ ${OPTIONS_CONFIG} \ --zone= ${OPTIONS_ZONE} \ --permanent --direct" _firewall_cmd() { local cur prev words cword split _init_completion -s || return case $prev in --*-entries-from-file|--new-*-from-file) _filedir return ;; --new-ipset*) if [[ "$cur" == -* ]]; then COMPREPLY=( $( compgen -W "${OPTIONS_NEW_IPSET}" -- "$cur") ) fi ;; --new-helper*) if [[ "$cur" == -* ]]; then COMPREPLY=( $( compgen -W "${OPTIONS_NEW_HELPER}" -- "$cur") ) fi ;; --new-*) ;; --zone|--set-default-zone|--info-zone|--path-zone) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-zones`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-zones`' -- "$cur" ) ) fi ;; --zone=*) COMPREPLY=( $( compgen -W "${OPTIONS_ZONE}" -- "$cur" ) ) ;; --ipset=*) COMPREPLY=( $( compgen -W "${OPTIONS_IPSET}" -- "$cur" ) ) ;; --*-ipset) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-ipsets`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-ipsets`' -- "$cur" ) ) fi ;; --*-service) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-services`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-services`' -- "$cur" ) ) fi ;; --helper|--info-helper|--path-helper) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-helpers`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-helpers`' -- "$cur" ) ) fi ;; --helper=*) COMPREPLY=( $( compgen -W "${OPTIONS_HELPER}" -- "$cur" ) ) ;; --*-icmp-block|--info-icmptype|--path-icmptype) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-icmptypes`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-icmptypes`' -- "$cur" ) ) fi ;; --list-services|--add-service=*|--remove-service=*|--query-service=*|\ --list-ports|--add-port=*|--remove-port=*|--query-port=*|\ --list-source-ports|--add-source-port=*|--remove-source-port=*|--query-source-port=*|\ --list-protocols|--add-protocol=*|--remove-protocol=*|--query-protocol=*|\ --list-icmp-blocks|--add-icmp-block=*|--remove-icmp-block=*|--query-icmp-block=*|\ --list-forward-ports|--add-forward-port=*|--remove-forward-port=*|--query-forward-port=*|\ --list-interfaces|--add-interface=*|--remove-interface=*|--query-interface=*|\ --list-sources|--add-source=*|--remove-source=*|--query-source=*|\ --add-masquerade|--remove-masquerade|--query-masquerade|--list-all|\ --get-description|--get-short|--set-description=*|--set-short=*) opts="" # --add and --remove can be used multiple times if [[ ( ${prev} == --add-* ) || ( ${prev} == --remove-* ) ]]; then [[ ${prev} == *=* ]] && opts="${prev%=*}=" || opts="${prev}" fi if [[ ! ${words[@]} == *--permanent* ]]; then opts="${opts} --permanent" [[ ${prev} == --add-* ]] && opts="${opts} --timeout=" fi [[ ! ${words[@]} == *--zone=* ]] && opts="${opts} --zone=" if [ -n "${opts}" ]; then COMPREPLY=( $( compgen -W "${opts}" -- "$cur" ) ) fi ;; --*-interface|--change-zone) _available_interfaces ;; --permanent) [[ ${words[@]} == *--direct* ]] && opts="${OPTIONS_DIRECT}" || opts="${OPTIONS_PERMANENT} --direct" COMPREPLY=( $( compgen -W "${opts}" -- "$cur" ) ) ;; --direct) [[ ${words[@]} == *--permanent* ]] && opts="${OPTIONS_DIRECT}" || opts="${OPTIONS_DIRECT} --permanent" COMPREPLY=( $( compgen -W "${opts}" -- "$cur" ) ) ;; --*-rich-rule) # to not be matched with --*-rule below return 0 ;; --passthrough|--*-chain|--get-chains|--*-rule|--get-rules|--remove-rules) COMPREPLY=( $( compgen -W 'ipv4 ipv6 eb' -- "$cur" ) ) ;; ipv4|ipv6|eb) if [[ ${words[@]} == *--passthrough* ]]; then return 0 else COMPREPLY=( $( compgen -W 'nat filter mangle' -- "$cur" ) ) fi ;; *) if [[ "$cur" == -* ]]; then if [[ ${words[@]} == *--new-ipset* ]]; then COMPREPLY=( $( compgen -W "${OPTIONS_NEW_IPSET}" -- "$cur") ) else COMPREPLY=( $( compgen -W "${OPTIONS_GENERAL}" -- "$cur") ) fi fi ;; esac # do not append a space to words that end with = [[ $COMPREPLY == *= ]] && compopt -o nospace } && complete -F _firewall_cmd firewall-cmd firewalld-0.8.2/shell-completion/Makefile.in0000664007115300711530000004010613641123177022205 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = shell-completion DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(dist_bashcompletion_DATA) $(dist_zshcompletion_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(bashcompletiondir)" \ "$(DESTDIR)$(zshcompletiondir)" DATA = $(dist_bashcompletion_DATA) $(dist_zshcompletion_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ bashcompletiondir = @BASHCOMPLETIONDIR@ dist_bashcompletion_DATA = \ bash/firewall-cmd zshcompletiondir = @ZSHCOMPLETIONDIR@ dist_zshcompletion_DATA = \ zsh/_firewalld CLEANFILES = *~ *\# .\#* all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign shell-completion/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign shell-completion/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-dist_bashcompletionDATA: $(dist_bashcompletion_DATA) @$(NORMAL_INSTALL) @list='$(dist_bashcompletion_DATA)'; test -n "$(bashcompletiondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bashcompletiondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bashcompletiondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(bashcompletiondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(bashcompletiondir)" || exit $$?; \ done uninstall-dist_bashcompletionDATA: @$(NORMAL_UNINSTALL) @list='$(dist_bashcompletion_DATA)'; test -n "$(bashcompletiondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(bashcompletiondir)'; $(am__uninstall_files_from_dir) install-dist_zshcompletionDATA: $(dist_zshcompletion_DATA) @$(NORMAL_INSTALL) @list='$(dist_zshcompletion_DATA)'; test -n "$(zshcompletiondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(zshcompletiondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(zshcompletiondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(zshcompletiondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(zshcompletiondir)" || exit $$?; \ done uninstall-dist_zshcompletionDATA: @$(NORMAL_UNINSTALL) @list='$(dist_zshcompletion_DATA)'; test -n "$(zshcompletiondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(zshcompletiondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(bashcompletiondir)" "$(DESTDIR)$(zshcompletiondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dist_bashcompletionDATA \ install-dist_zshcompletionDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-dist_bashcompletionDATA \ uninstall-dist_zshcompletionDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dist_bashcompletionDATA \ install-dist_zshcompletionDATA install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am \ uninstall-dist_bashcompletionDATA \ uninstall-dist_zshcompletionDATA # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/shell-completion/zsh/0000775007115300711530000000000013641123257020742 5ustar00egarveregarver00000000000000firewalld-0.8.2/shell-completion/zsh/_firewalld0000664007115300711530000004460413620317435023005 0ustar00egarveregarver00000000000000#compdef firewall-cmd firewall-offline-cmd local curcontext="$curcontext" name nm="$compstate[nmatches]" local -a state line expl direct args auxargs opargs suf typeset -A opt_args direct=( '--get-all-chains[get all chains]' '--get-chains[get all chains added to the table]:family:(ipv4 ipv6 eb):table:->tables' '--add-chain[add a new chain to the table]:family:(ipv4 ipv6 eb):table:->tables:new chain' '--remove-chain[remove a chain from the table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains' '--query-chain[return whether the chain has been added to the table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains' '--get-all-rules[get all rules]' '--get-rules[get all rules added to chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains' '--add-rule[add rule to chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains:priority: :*:argument' '--remove-rule[remove rule with priority from chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains:priority: :*:argument' '--remove-rules[remove rules from chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain->chains' '--query-rule[chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain: :priority: :*:argument' '--get-all-passthroughs[get all tracked passthrough rules]' '--get-passthroughs[get tracked passthrough rules]:family:(ipv4 ipv6 eb):*:: : _iptables' '--add-passthrough[add a new tracked passthrough rule]:family:(ipv4 ipv6 eb):*:: : _iptables' '--remove-passthrough[remove a tracked passthrough rule]:family:(ipv4 ipv6 eb):*:: : _iptables' '--query-passthrough[return whether the tracked passthrough rule has been added]:family:(ipv4 ipv6 eb):*:: : _iptables' ) name='--name=[specify new name]:name' case $service in firewall-cmd) direct+=( '--passthrough[pass a command through (untracked by firewalld)]:family:(ipv4 ipv6 eb):*:: : _iptables' ) args=( '(--timeout)--permanent[set an option permanently]' ) auxargs=( '(--permanent)--timeout=[specify time for rule to be active]:time value (seconds)' ) opargs=( '(aux --permanent --zone)--state[print firewalld state]' '(aux --permanent --zone)--reload[reload firewall and keep state information]' '(aux --permanent --zone)--complete-reload[reload firewall and lose state information]' '(aux --permanent --zone)--runtime-to-permanent[create permanent from runtime configuration]' '(aux --permanent --zone -q --quiet)--get-active-zones[print currently active zones]' '*--remove-service=[remove a service from a zone]:service:->services' '(aux --permanent --zone)--panic-on[enable panic mode]' '(aux --permanent --zone)--panic-off[disable panic mode]' '(aux --permanent --zone)--query-panic[query whether panic mode is enabled]' ) ;; firewall-offline-cmd) args=( '--system-config[specify path to firewalld system configuration]:path:_directories' '--default-config[specify path to firewalld default configuration]:path:_directories' '--migrate-system-config-firewall=[import configuration data from the given configuration file]:file:_files' '--disabled[disable the firewall by disabling the firewalld service]' '!(--disabled)--enabled' '!--'{add,remove}'module=:iptables module' '!--custom-rules=:type:table:filename (ignored' \*{-s+,--service=}'[enable a service in the default zone]:service:->services' '*--remove-service=[disable a service in the default zone]:service:->services' \*{-p+,--port=}'[enable a port in the default zone]:port:->ports' \*{-t+,--trust=}'[bind an interface to the trusted zone]:interface:_net_interfaces' {-m+,--masq=}'[enable masquerading in the default zone, IPv4 only]:interface (ignored)' '--forward-port=[add port forward in the default zone]:port forward:->port-forwards' '--block-icmp=[block this ICMP type in the default zone]:icmp type:->icmp-types' "--policy-server[change Polkit actions to 'server' (more restricted)]" "--policy-desktop[change Polkit actions to 'desktop' (less restricted)]" ) opargs=( '*--remove-service-from-zone[remove a service from a zone]:service:->services' ) ;; esac # option ordering doesn't matter but listing fewer options makes # completion more useful: (( $words[(I)--direct] )) || direct=( \!$^direct ) # only list direct options after --direct (( $words[(I)--new-*-from-file*] )) || name="!$name" # also check for required options before listing --name _arguments -C -s $args $direct \ '!(-q --quiet)'{-v,--verbose} \ '(-q --quiet --list-all --list-all-zones --list-lockdown-whitelist-commands --list-lockdown-whitelist-contexts --list-lockdown-whitelist-uids --list-lockdown-whitelist-users --list-services --list-ports --list-protocols --list-icmp-blocks --list-forward-ports --list-rich-rules --list-interfaces --list-sources --get-default-zone --get-active-zones --get-zone-of-interface --get-zone-of-source --get-zones --get-services --get-icmptypes --get-target --info-zone --info-icmptype --info-service --info-ipset --get-ipsets --get-entries --info-helper --get-helpers --get-destinations --get-description --version -h --help)'{-q,--quiet}"[don't print status messages]" \ '*--zone=[use this zone to set or query options, else default zone]:zone:->zones' \ + aux \ $auxargs $name \ '*--option=[specify option]:option (key=value)' \ '--type=[specify ipset type]:ipset type:->ipset-types' \ '--ipset=[specify ipset]:ipset:->ipsets' \ '--icmptype=[specify icmp type]:icmp type:->icmp-types' \ '--service=[specify service]:service:->services' \ '--helper=[specify helper]:helper:->helpers' \ '--family=[specify family]:family:(ipv4 ipv6)' \ '--module=[specify module]:module' \ + '(op)' \ $opargs \ '(aux -)'{-h,--help}'[display usage information]' \ '(aux -)'{-V,--version}'[display version information]' \ '(aux --permanent --zone)--get-log-denied[print the log denied value]' \ '(aux --permanent --zone)--set-log-denied=[set log denied value]:value:(all unicast broadcast multicast off)' \ '(aux --permanent --zone)--get-automatic-helpers[print the automatic helpers value]' \ '(aux --permanent --zone)--set-automatic-helpers=[set automatic helpers value]:value:(yes no system)' \ '(aux --permanent --zone -q --quiet)--get-default-zone[print default zone for connections and interfaces]' \ '(aux --permanent --zone)--set-default-zone=[set default zone]:zone:->zones' \ '(--zone -q --quiet)--get-zones[print predefined zones]' \ '(--zone -q --quiet)--get-services[print predefined services]' \ '(--zone -q --quiet)--get-icmptypes[print predefined icmptypes]' \ '(-q --quiet)*--get-zone-of-interface=[print name of the zone the interface is bound to]:interface:_net_interfaces' \ '(-q --quiet)*--get-zone-of-source=[print name of the zone a source is bound to]:source' \ '(-q --quiet)--list-all-zones[list everything added for or enabled in all zones]' \ '--new-zone=[add a new zone]:zone:->zones' \ '--new-zone-from-file=[add a new zone from file with optional name]:filename:_files' \ '--delete-zone=[delete an existing zone]:zone:->zones' \ '--load-zone-defaults=[load zone default settings]:zone:->zones' \ '(-q --quiet)--get-target[get the zone target]' \ '--set-target=[set the zone target]:target:(default ACCEPT DROP REJECT)' \ '(-q --quiet)--info-zone=[print information about a zone]:zone:->zones' \ '--path-zone=[print file path of a zone]:zone:->zones' \ '(aux --permanent --zone)--get-ipset-types[print the supported ipset types]' \ '--new-ipset=[add a new ipset]:ipset:->ipsets' \ '--new-ipset-from-file=[add a new ipset from file with optional name]:filename:_files' \ '--delete-ipset=[delete an existing ipset]:ipset:->ipsets' \ '--load-ipset-defaults=[load ipset default settings]:ipset:->ipsets' \ '(-q --quiet)--info-ipset=[print information about an ipset]:ipset' \ '--path-ipset=[print file path of an ipset]:ipset' \ '(aux --permanent --zone -q --quiet)--get-ipsets[print predefined ipsets]' \ '--set-description=[set new description]:description' \ '(-q --quiet)--get-description[print description]' \ '--set-short=[set new short description]:description' \ '--get-short[print short description]' \ '*--add-entry=[add a new entry to an ipset]:entry' \ '*--remove-entry=[remove an entry from an ipset]:entry' \ '*--query-entry=[return whether ipset has an entry]:entry' \ '(-q --quiet)--get-entries[list entries of an ipset]' \ '*--add-entries-from-file=[add a new entries to an ipset]:entry' \ '--remove-entries-from-file=[remove entries from an ipset]:entry' \ '--new-icmptype=[add a new icmptype]:icmp type:->icmp-types' \ '--new-icmptype-from-file=[add a new icmptype from file with optional name]:file:_files' \ '--delete-icmptype=[delete an existing icmptype]:icmp type:->icmp-types' \ '--load-icmptype-defaults=[load icmptype default settings]:icmp type:->icmp-types' \ '(-q --quiet)--info-icmptype=[print information about an icmptype]:icmp type:->icmp-types' \ '--path-icmptype=[print file path of an icmptype]:icmp type:->icmp-types' \ '*--add-destination=[enable destination for ipv in icmptype]:destination:->destinations' \ '*--remove-destination=[disable destination for ipv in service or icmp-type]:destination:->destinations' \ '(-q --quiet)--get-destinations[list destinations]' \ '--new-service=[add a new service]:service' \ '--new-service-from-file=[add a new service from file with optional name]:file:_files' \ '--delete-service=[delete an existing service]:service:->services' \ '--load-service-defaults=[load icmptype default settings]:service:->services' \ '(-q --quiet)--info-service=[print information about a service]:service:->services' \ '--path-service=[print file path of a service]:service:->services' \ '*--add-port=[add a new port to service, zone or helper]:port:->ports' \ '*--remove-port=[remove a port from a service, zone or helper]:port:->ports' \ '*--query-port=[return whether the port has been added for service, zone or helper]:port:->ports' \ '--get-ports[list ports of service or helper]' \ '*--add-protocol=[add a new protocol to service or zone]:protocol' \ '*--remove-protocol=[remove a protocol from service or zone]:protocol' \ '*--query-protocol=[return whether the protocol has been added for service or zone]:protocol' \ '--get-protocols[list protocols of service]' \ '*--add-source-port=[add a new source port to service or zone]:port:->ports' \ '*--remove-source-port=[remove a source port from service or zone]:port:->ports' \ '*--query-source-port=[return whether the source port has been added for service or zone]:port:->ports' \ '--get-source-ports[list source ports of service]' \ '*--add-module=[add a new module to service]:module' \ '*--remove-module=[remove a module from service]:module' \ '*--query-module=[return whether the module has been added for service]:module' \ '--get-modules[list modules of service]' \ '*--set-destination=[set destination for ipv to address in service]:destination:->destinations' \ '--query-destination=[return whether destination ipv is set for service or enabled for icmptype]:destination:->destinations' \ '(-q --quiet)--list-all[list everything added for or enabled in a zone]' \ '(-q --quiet)--list-services[list services added for a zone]' \ '*--add-service=[add a service for a zone]:service:->services' \ '*--query-service=[return whether service has been added for a zone]:service:->services' \ '(-q --quiet)--list-ports[list ports added for a zone]' \ '(-q --quiet)--list-protocols[list protocols added for a zone]' \ '--list-source-ports[list source ports added for a zone]' \ '(-q --quiet)--list-icmp-blocks[list Internet ICMP type blocks added for a zone]' \ '*--add-icmp-block=[add an ICMP block for a zone]:icmp type:->icmp-types' \ '*--remove-icmp-block=[remove the ICMP block from a zone]:icmp type:->icmp-types' \ '*--query-icmp-block=[return whether an ICMP block has been added for a zone]:icmp type:->icmp-types' \ '--add-icmp-block-inversion[enable inversion of icmp blocks for a zone]' \ '--remove-icmp-block-inversion[disable inversion of icmp blocks for a zone]' \ '--query-icmp-block-inversion[return whether inversion of icmp blocks has been enabled for a zone]' \ '(-q --quiet)--list-forward-ports[list IPv4 forward ports added for a zone]' \ '*--add-forward-port=[add the IPv4 forward port for a zone]: :->port-forwards' \ '*--remove-forward-port=[remove the IPv4 forward port from a zone]: :->port-forwards' \ '*--query-forward-port=[return whether the IPv4 forward port has been added for a zone]: :->port-forwards' \ '--add-masquerade[enable IPv4 masquerade for a zone]' \ '--remove-masquerade[disable IPv4 masquerade for a zone]' \ '--query-masquerade[return whether IPv4 masquerading has been enabled for a zone]' \ '(-q --quiet)--list-rich-rules[list rich language rules added for a zone]' \ '*--add-rich-rule=[add rich language rule for a zone]:rule' \ '*--remove-rich-rule=[remove specified rich language rule from a zone]:rule' \ '*--query-rich-rule=[return whether specified rich language rule has been added for a zone]:rule' \ '(-q --quiet)--list-interfaces[list interfaces that are bound to a zone]' \ '*--add-interface=[bind the specified interface to a zone]:interface:_net_interfaces' \ '*--change-interface=[change zone the specified interface is bound to]:interface:_net_interfaces' \ '*--query-interface=[query whether specified interface is bound to a zone]:interface:_net_interfaces' \ '*--remove-interface=[remove binding of specified interface from a zone]:interface:_net_interfaces' \ '(-q --quiet)--list-sources[list sources that are bound to a zone]' \ '*--add-source=[bind source to a zone]: :->sources' \ '*--change-source=[change zone a source is bound to]: :->sources' \ '*--query-source=[query whether source is bound to a zone]: :->sources' \ '*--remove-source=[remove binding of a source from a zone]: :->sources' \ '--new-helper=[add a new helper]:helper:->helpers' \ '--new-helper-from-file=[add a new helper from file with optional name]:file:_files' \ '--delete-helper=[delete an existing helper]:helper:->helpers' \ '--load-helper-defaults=[load helper default settings]:helper:->helpers' \ '(--zone -q --quiet)--info-helper=[print information about an helper]:helper:->helpers' \ '--path-helper=[print file path of an helper]:helper:->helpers' \ '(--zone -q --quiet)--get-helpers[print predefined helpers]' \ '--set-module=[set module to helper]:module' \ '--get-module[get module from helper]' \ '--set-family=[set family for helper]:family' \ '--get-family[get family from helper]' \ '(aux --permanent --zone)--lockdown-on[enable lockdown]' \ '(aux --permanent --zone)--lockdown-off[disable lockdown]' \ '(aux --permanent --zone)--query-lockdown[query whether lockdown is enabled]' \ '(-q --quiet)--list-lockdown-whitelist-commands[list all command lines that are on the whitelist]' \ '*--add-lockdown-whitelist-command=[add a command to the whitelist]:command:_cmdstring' \ '*--remove-lockdown-whitelist-command=[remove the command from the whitelist]:command' \ '*--query-lockdown-whitelist-command=[query whether a command is on the whitelist]:command' \ '(-q --quiet)--list-lockdown-whitelist-contexts[list all contexts that are on the whitelist]' \ '*--add-lockdown-whitelist-context=[add the specified context to the whitelist]:context' \ '*--remove-lockdown-whitelist-context=[remove a context from the whitelist]:context' \ '*--query-lockdown-whitelist-context=[query whether a context is on the whitelist]:context' \ '(-q --quiet)--list-lockdown-whitelist-uids[list all user ids that are on the whitelist]' \ '*--add-lockdown-whitelist-uid=[add the specified user id to the whitelist]:uid' \ '*--remove-lockdown-whitelist-uid=[remove the specified user id from the whitelist]:uid' \ '*--query-lockdown-whitelist-uid=[query whether a user id is on the whitelist]:uid' \ '(-q --quiet)--list-lockdown-whitelist-users[list all user names that are on the whitelist]' \ '*--add-lockdown-whitelist-user=[add the specified user to the whitelist]:user:_users' \ '*--remove-lockdown-whitelist-user=[remove the specified user from the whitelist]:user:_users' \ '*--query-lockdown-whitelist-user=[query whether the specified user is on the whitelist]:user:_users' \ '--direct[first option for all direct options]' [[ $state = sources ]] && compset -P 'ipset:' && state=ipsets case $state in sources) _message -e sources "source[/mask]|MAC|ipset:ipset" ;; chains) _description chains expl 'chain' compadd "$expl[@]" - ${${(f)"$(_call_program chains $words[1] ${(k)opt_args[--permanent]} --direct --get-all-chains)"}##* } ;; destinations) if compset -P 1 '*:'; then if compset -P 1 '*/'; then _message -e masks "mask" else _message -e addresses "address" fi else compset -S ':*' || suf=( -qS : ) _description ipvs expl 'ipv' compadd "$expl[@]" $suf - ipv4 ipv6 fi ;; helpers) _description helpers expl 'helper' compadd "$expl[@]" - $(_call_program helpers $words[1] ${(k)opt_args[--permanent]} --get-helpers) ;; icmp-types) _description icmp-types expl 'icmp type' compadd "$expl[@]" - $(_call_program icmp-types $words[1] --get-icmptypes) ;; ipsets) _description ipsets expl 'ipset' compadd "$expl[@]" - $(_call_program ipsets $words[1] ${(k)opt_args[--permanent]} --get-ipsets) ;; ipset-types) _description ipset-types expl 'ipset type' compadd "$expl[@]" - $(_call_program ipset-types $words[1] --get-ipset-types) ;; ports) if compset -P 1 '*/'; then _description protocols expl 'protocol' compadd "$expl[@]" - tcp udp sctp dccp else _message -e ports 'port number' fi ;; port-forwards) _values -S = -s : 'port forward' \ 'port[specify port]:port range:_sequence -n 2 -s - _ports' \ 'proto[specify protocol]:protocol:(tcp udp sctp dccp)' \ 'toport[specify port]:port range:_sequence -n 2 -s - _ports' \ 'toaddr[specify destination address]:address[/mask]' ;; services) _description services expl 'service' compadd "$expl[@]" - $(_call_program services $words[1] --get-services) ;; tables) _description services expl 'service' compadd "$expl[@]" - security raw mangle nat filter ;; zones) _description zones expl 'zone' compadd "$expl[@]" - $(_call_program zones $words[1] --get-zones) ;; esac # return whether matches were added [[ nm -ne compstate[nmatches] ]] && return 0 return 1 firewalld-0.8.2/shell-completion/Makefile.am0000664007115300711530000000030113620317435022164 0ustar00egarveregarver00000000000000bashcompletiondir=@BASHCOMPLETIONDIR@ dist_bashcompletion_DATA = \ bash/firewall-cmd zshcompletiondir=@ZSHCOMPLETIONDIR@ dist_zshcompletion_DATA = \ zsh/_firewalld CLEANFILES = *~ *\# .\#* firewalld-0.8.2/install-sh0000755007115300711530000003325512257332274016675 0ustar00egarveregarver00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2011-11-20.07; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. nl=' ' IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else doit_exec=$doit fi # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_glob='?' initialize_posix_glob=' test "$posix_glob" != "?" || { if (set -f) 2>/dev/null; then posix_glob= else posix_glob=: fi } ' posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false no_target_directory= usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 trap "ret=141; $do_exit" 13 trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names problematic for 'test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; [-=\(\)!]*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: firewalld-0.8.2/missing0000755007115300711530000001533112257332274016263 0ustar00egarveregarver00000000000000#! /bin/sh # Common wrapper for a few potentially missing GNU programs. scriptversion=2012-06-26.16; # UTC # Copyright (C) 1996-2013 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try '$0 --help' for more information" exit 1 fi case $1 in --is-lightweight) # Used by our autoconf macros to check whether the available missing # script is modern enough. exit 0 ;; --run) # Back-compat with the calling convention used by older automake. shift ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit Supported PROGRAM values: aclocal autoconf autoheader autom4te automake makeinfo bison yacc flex lex help2man Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and 'g' are ignored when checking the name. Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: unknown '$1' option" echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac # Run the given program, remember its exit status. "$@"; st=$? # If it succeeded, we are done. test $st -eq 0 && exit 0 # Also exit now if we it failed (or wasn't found), and '--version' was # passed; such an option is passed most likely to detect whether the # program is present and works. case $2 in --version|--help) exit $st;; esac # Exit code 63 means version mismatch. This often happens when the user # tries to use an ancient version of a tool on a file that requires a # minimum version. if test $st -eq 63; then msg="probably too old" elif test $st -eq 127; then # Program was missing. msg="missing on your system" else # Program was found and executed, but failed. Give up. exit $st fi perl_URL=http://www.perl.org/ flex_URL=http://flex.sourceforge.net/ gnu_software_URL=http://www.gnu.org/software program_details () { case $1 in aclocal|automake) echo "The '$1' program is part of the GNU Automake package:" echo "<$gnu_software_URL/automake>" echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/autoconf>" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; autoconf|autom4te|autoheader) echo "The '$1' program is part of the GNU Autoconf package:" echo "<$gnu_software_URL/autoconf/>" echo "It also requires GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; esac } give_advice () { # Normalize program name to check for. normalized_program=`echo "$1" | sed ' s/^gnu-//; t s/^gnu//; t s/^g//; t'` printf '%s\n' "'$1' is $msg." configure_deps="'configure.ac' or m4 files included by 'configure.ac'" case $normalized_program in autoconf*) echo "You should only need it if you modified 'configure.ac'," echo "or m4 files included by it." program_details 'autoconf' ;; autoheader*) echo "You should only need it if you modified 'acconfig.h' or" echo "$configure_deps." program_details 'autoheader' ;; automake*) echo "You should only need it if you modified 'Makefile.am' or" echo "$configure_deps." program_details 'automake' ;; aclocal*) echo "You should only need it if you modified 'acinclude.m4' or" echo "$configure_deps." program_details 'aclocal' ;; autom4te*) echo "You might have modified some maintainer files that require" echo "the 'automa4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) echo "You should only need it if you modified a '.y' file." echo "You may want to install the GNU Bison package:" echo "<$gnu_software_URL/bison/>" ;; lex*|flex*) echo "You should only need it if you modified a '.l' file." echo "You may want to install the Fast Lexical Analyzer package:" echo "<$flex_URL>" ;; help2man*) echo "You should only need it if you modified a dependency" \ "of a man page." echo "You may want to install the GNU Help2man package:" echo "<$gnu_software_URL/help2man/>" ;; makeinfo*) echo "You should only need it if you modified a '.texi' file, or" echo "any other file indirectly affecting the aspect of the manual." echo "You might want to install the Texinfo package:" echo "<$gnu_software_URL/texinfo/>" echo "The spurious makeinfo call might also be the consequence of" echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" echo "want to install GNU make:" echo "<$gnu_software_URL/make/>" ;; *) echo "You might have modified some files without having the proper" echo "tools for further handling them. Check the 'README' file, it" echo "often tells you about the needed prerequisites for installing" echo "this package. You may also peek at any GNU archive site, in" echo "case some other package contains this missing '$1' program." ;; esac } give_advice "$1" | sed -e '1s/^/WARNING: /' \ -e '2,$s/^/ /' >&2 # Propagate the correct exit status (expected to be 127 for a program # not found, 63 for a program that failed due to version mismatch). exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: firewalld-0.8.2/configure.ac0000664007115300711530000001604213641106161017144 0ustar00egarveregarver00000000000000# Process this file with autoconf to produce a configure script. AC_PREREQ([2.68]) m4_define([PKG_NAME], firewalld) m4_define([PKG_VERSION], m4_bpatsubst(m4_esyscmd([grep "Version:" firewalld.spec]), [Version:\W\([0-9.]*\)\W], [\1])) m4_define([PKG_RELEASE], m4_bpatsubst(m4_esyscmd([grep "Release:" firewalld.spec]), [Release:\W\([0-9.]*\).*\W], [\1])) m4_define([PKG_TAG], m4_format(v%s, PKG_VERSION)) AC_INIT(PKG_NAME,PKG_VERSION) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([src/firewalld.in]) AC_PREFIX_DEFAULT([/usr]) AM_INIT_AUTOMAKE([1.11 tar-ustar no-define foreign dist-bzip2 no-dist-gzip]) AC_SUBST([PACKAGE_RELEASE], '[PKG_RELEASE]') AC_DEFINE_UNQUOTED([PACKAGE_RELEASE], ["$PACKAGE_RELEASE"]) AC_SUBST([PACKAGE_TAG], '[PKG_TAG]') AC_DEFINE_UNQUOTED([PACKAGE_TAG], ["$PACKAGE_TAG"]) AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MKDIR_P AC_PROG_SED AC_PROG_GREP AC_PROG_AWK AC_PROG_MAKE_SET AM_PATH_PYTHON AC_PATH_PROG([XSLTPROC], [xsltproc]) AC_PATH_PROG([KILL], [kill], [/usr/bin/kill]) AC_PATH_PROG([MODPROBE], [modprobe], [/sbin/modprobe]) AC_PATH_PROG([RMMOD], [rmmod], [/sbin/rmmod]) AC_PATH_PROG([SYSCTL], [sysctl], [/sbin/sysctl]) AC_CONFIG_TESTDIR([src/tests]) AC_PATH_PROGS([PODMAN], [podman docker], [/bin/false]) GLIB_GSETTINGS ############################################################# AC_ARG_ENABLE([docs], [AS_HELP_STRING([--disable-docs], [Disable building documentation])]) AM_CONDITIONAL([ENABLE_DOCS], [test x$enable_docs != xno]) AM_COND_IF([ENABLE_DOCS], [ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], [DocBook XSL Stylesheets]) ]) ############################################################# AC_ARG_ENABLE([systemd], AS_HELP_STRING([--disable-systemd], [Disable systemd support]), [use_systemd=$enableval], [use_systemd=yes]) AM_CONDITIONAL(USE_SYSTEMD, test x$use_systemd = xyes) AC_SUBST(USE_SYSTEMD) AC_ARG_ENABLE([sysconfig], [AS_HELP_STRING([--enable-sysconfig], [Install sysconfig file])], [INSTALL_SYSCONFIG="${enableval}"], [INSTALL_SYSCONFIG='no']) AM_CONDITIONAL(INSTALL_SYSCONFIG, [test x$INSTALL_SYSCONFIG = xyes]) AC_SUBST(INSTALL_SYSCONFIG) AC_ARG_ENABLE([rpmmacros], [AS_HELP_STRING([--enable-rpmmacros], [Install rpm macros file])], [INSTALL_RPMMACROS="${enableval}"], [INSTALL_RPMMACROS='no']) AM_CONDITIONAL(INSTALL_RPMMACROS, [test x$INSTALL_RPMMACROS = xyes]) AC_SUBST(INSTALL_RPMMACROS) AC_ARG_WITH([systemd-unitdir], AS_HELP_STRING([--with-systemd-unitdir], [Directory for systemd service files]), [SYSTEMD_UNITDIR=$withval], [SYSTEMD_UNITDIR="\${prefix}/lib/systemd/system"]) AC_SUBST(SYSTEMD_UNITDIR) AC_ARG_WITH([bashcompletiondir], AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]), [BASHCOMPLETIONDIR=$withval], [BASHCOMPLETIONDIR="${datadir}/bash-completion/completions"]) AC_SUBST(BASHCOMPLETIONDIR) AC_ARG_WITH([zshcompletiondir], AS_HELP_STRING([--with-zshcompletiondir=DIR], [Zsh completions directory]), [ZSHCOMPLETIONDIR=$withval], [ZSHCOMPLETIONDIR="${datadir}/zsh/site-functions"]) AC_SUBST(ZSHCOMPLETIONDIR) AC_ARG_WITH([ifcfgdir], AS_HELP_STRING([--with-ifcfgdir=DIR], [The ifcfg configuration directory]), [IFCFGDIR=$withval], [IFCFGDIR="/etc/sysconfig/network-scripts"]) AC_SUBST(IFCFGDIR) # Extend PATH to include /sbin etc in case we are building as non-root FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin" AC_ARG_WITH([iptables], AS_HELP_STRING([--with-iptables], [Path to iptables executable]), [IPTABLES=$withval AC_MSG_NOTICE([Using for iptables: $IPTABLES])], [AC_PATH_PROG([IPTABLES], [iptables], [], [$FW_TOOLS_PATH])]) if test "x$IPTABLES" = "x"; then AC_MSG_ERROR([iptables was not found in $FW_TOOLS_PATH]) fi AC_SUBST(IPTABLES) AC_ARG_WITH([iptables-restore], AS_HELP_STRING([--with-iptables-restore], [Path to iptables-restore executable]), [IPTABLES_RESTORE=$withval AC_MSG_NOTICE([Using for iptables-restore: $IPTABLES_RESTORE])], [AC_PATH_PROG([IPTABLES_RESTORE], [iptables-restore], [], [$FW_TOOLS_PATH])]) if test "x$IPTABLES_RESTORE" = "x"; then AC_MSG_ERROR([iptables-restore was not found in $FW_TOOLS_PATH]) fi AC_SUBST(IPTABLES_RESTORE) AC_ARG_WITH([ip6tables], AS_HELP_STRING([--with-ip6tables], [Path to ip6tables executable]), [IP6TABLES=$withval AC_MSG_NOTICE([Using for ip6tables: $IP6TABLES])], [AC_PATH_PROG([IP6TABLES], [ip6tables], [], [$FW_TOOLS_PATH])]) if test "x$IP6TABLES" = "x"; then AC_MSG_ERROR([ip6tables was not found in $FW_TOOLS_PATH]) fi AC_SUBST(IP6TABLES) AC_ARG_WITH([ip6tables-restore], AS_HELP_STRING([--with-ip6tables-restore], [Path to ip6tables-restore executable]), [IP6TABLES_RESTORE=$withval AC_MSG_NOTICE([Using for ip6tables-restore: $IP6TABLES_RESTORE])], [AC_PATH_PROG([IP6TABLES_RESTORE], [ip6tables-restore], [], [$FW_TOOLS_PATH])]) if test "x$IP6TABLES_RESTORE" = "x"; then AC_MSG_ERROR([ip6tables-restore was not found in $FW_TOOLS_PATH]) fi AC_SUBST(IP6TABLES_RESTORE) AC_ARG_WITH([ebtables], AS_HELP_STRING([--with-ebtables], [Path to ebtables executable]), [EBTABLES=$withval AC_MSG_NOTICE([Using for ebtables: $EBTABLES])], [AC_PATH_PROG([EBTABLES], [ebtables], [], [$FW_TOOLS_PATH])]) if test "x$EBTABLES" = "x"; then AC_MSG_ERROR([ebtables was not found in $FW_TOOLS_PATH]) fi AC_SUBST(EBTABLES) AC_ARG_WITH([ebtables-restore], AS_HELP_STRING([--with-ebtables-restore], [Path to ebtables-restore executable]), [EBTABLES_RESTORE=$withval AC_MSG_NOTICE([Using for ebtables-restore: $EBTABLES_RESTORE])], [AC_PATH_PROG([EBTABLES_RESTORE], [ebtables-restore], [], [$FW_TOOLS_PATH])]) if test "x$EBTABLES_RESTORE" = "x"; then AC_MSG_ERROR([ebtables-restore was not found in $FW_TOOLS_PATH]) fi AC_SUBST(EBTABLES_RESTORE) AC_ARG_WITH([ipset], AS_HELP_STRING([--with-ipset], [Path to ipset executable]), [IPSET=$withval AC_MSG_NOTICE([Using for ipset: $IPSET])], [AC_PATH_PROG([IPSET], [ipset], [], [$FW_TOOLS_PATH])]) if test "x$IPSET" = "x"; then AC_MSG_ERROR([ipset was not found in $FW_TOOLS_PATH]) fi AC_SUBST(IPSET) ############################################################# AC_SUBST([GETTEXT_PACKAGE], '[PKG_NAME]') AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE], ["$GETTEXT_PACKAGE"],) IT_PROG_INTLTOOL([0.35.0], [no-xml]) AM_PO_SUBDIRS AC_CONFIG_COMMANDS([xsl-cleanup],,[rm -f doc/xml/transform-*.xsl]) AC_CONFIG_FILES([Makefile doxygen.conf config/lockdown-whitelist.xml config/Makefile doc/Makefile doc/man/Makefile doc/man/man1/Makefile doc/man/man5/Makefile doc/xml/Makefile po/Makefile.in shell-completion/Makefile src/firewall/config/__init__.py src/Makefile src/tests/Makefile src/tests/atlocal src/icons/Makefile]) m4_foreach([FILE], [[src/firewall-applet], [src/firewall-cmd], [src/firewall-offline-cmd], [src/firewall-config], [src/firewalld]], [AC_CONFIG_FILES(FILE, chmod +x FILE)] ) AC_OUTPUT firewalld-0.8.2/README0000664007115300711530000001157613626005156015552 0ustar00egarveregarver00000000000000README for firewalld ==================== firewalld provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add ip*tables and ebtables rules directly. Development ----------- To check out the source repository, you can use: git clone https://github.com/firewalld/firewalld.git This will create a local copy of the repository. Language Translations --------------------- Firewalld uses GNU gettext for localization support. Translations can be done using Fedora's Weblate instance [1]. Translations are periodically merged into the main firewalld repository. [1] https://translate.stg.fedoraproject.org/projects/firewalld/ Working With The Source Repository ---------------------------------- Install the following requirements or packages: desktop-file-utils: /usr/bin/desktop-file-install gettext intltool glib2: /usr/bin/glib-compile-schemas glib2-devel: /usr/share/aclocal/gsettings.m4 systemd-units iptables ebtables ipset For use with Python 3: python3-dbus python3-slip-dbus python3-decorator python3-gobject python3-nftables (nftables >= 0.9.3) For use with Python 2: dbus-python python-slip-dbus (http://fedorahosted.org/python-slip) python-decorator pygobject3-base (non-cairo parts of pygobject3) python-nftables (nftables >= 0.9.3) To be able to create man pages and documentation from docbook files: docbook-style-xsl Use the usual autoconf/automake incantation to generate makefiles ./autogen.sh ./configure You can use a specific python interpreter by passing the PYTHON variable. This is also used by the testsuite. ./configure PYTHON=/path/to/python3 Use make to create the documentation and to update the po files. Use make check to run the testsuite. Tests are run inside network namespaces and do not interfere with the host's running firewalld. They can also be run in parallel by passing flags to autotest. make check TESTSUITEFLAGS="-j4" The testsuite also uses keywords to allow running a subset of tests that exercise a specific area. For example: make check TESTSUITEFLAGS="-k rich -j4" 24: rich rules audit ok 25: rich rules priority ok 26: rich rules bad ok 53: rich rules audit ok 23: rich rules good ok 55: rich rules bad ok 74: remove forward-port after reload ok You can get a list of tests and keywords make -C src/tests check TESTSUITEFLAGS="-l" Or just the keywords make -C src/tests check TESTSUITEFLAGS="-l" \ |awk '/^[[:space:]]*[[:digit:]]+/{getline; print $0}' \ |tr ' ' '\n' |sort |uniq There are integration tests. Currently this includes NetworkManager. These may be _destructive_ to the host. Run them in a disposable VM or container. make check-integration There is also a check-container target that will run the testsuite inside various podman/docker containers. This is useful for coverage of multiple distributions. It also runs tests that may be destructive to the host such as integration tests. make check-container TESTSUITEFLAGS="-j4" RPM package ----------- For Fedora and RHEL based distributions, there is a spec file in the source repo named firewalld.spec. This should be usable for Fedora versions >= 16 and RHEL >= 7. Links ----- Homepage: http://firewalld.org Report a bug: https://github.com/firewalld/firewalld/issues Git repo browser: https://github.com/firewalld/firewalld Git repo: https://github.com/firewalld/firewalld.git Documentation: http://firewalld.org/documentation/ Mailing lists ------------- For usage: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/ For development: https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/ Directory Structure ------------------- config/ Configuration files config/icmptypes/ Predefined ICMP types config/services/ Predefined services config/zones/ Predefined zones config/ipsets/ Predefined ipsets doc/ Documentation doc/man/ Base directory for man pages doc/man/man1/ Man(1) pages doc/man/man5/ Man(5) pages po/ Translations shell-completion/ Base directory for auto completion scripts src/ Source tree src/firewall/ Import tree for the sevice and all applications src/icons/ Icons in the sizes: 16, 22, 24, 32, 48 and scalable src/tests/ Testsuite firewalld-0.8.2/configure0000775007115300711530000056622413641123176016606 0ustar00egarveregarver00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for firewalld 0.8.2. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='firewalld' PACKAGE_TARNAME='firewalld' PACKAGE_VERSION='0.8.2' PACKAGE_STRING='firewalld 0.8.2' PACKAGE_BUGREPORT='' PACKAGE_URL='' ac_unique_file="src/firewalld.in" ac_default_prefix=/usr ac_subst_vars='LTLIBOBJS LIBOBJS XGETTEXT_EXTRA_OPTIONS XGETTEXT_015 GMSGFMT_015 MSGFMT_015 GETTEXT_MACRO_VERSION ALL_LINGUAS INTLTOOL_PERL GMSGFMT MSGFMT MSGMERGE XGETTEXT INTLTOOL_POLICY_RULE INTLTOOL_SERVICE_RULE INTLTOOL_THEME_RULE INTLTOOL_SCHEMAS_RULE INTLTOOL_CAVES_RULE INTLTOOL_XML_NOMERGE_RULE INTLTOOL_XML_RULE INTLTOOL_KBD_RULE INTLTOOL_XAM_RULE INTLTOOL_UI_RULE INTLTOOL_SOUNDLIST_RULE INTLTOOL_SHEET_RULE INTLTOOL_SERVER_RULE INTLTOOL_PONG_RULE INTLTOOL_OAF_RULE INTLTOOL_PROP_RULE INTLTOOL_KEYS_RULE INTLTOOL_DIRECTORY_RULE INTLTOOL_DESKTOP_RULE intltool__v_merge_options_0 intltool__v_merge_options_ INTLTOOL_V_MERGE_OPTIONS INTLTOOL__v_MERGE_0 INTLTOOL__v_MERGE_ INTLTOOL_V_MERGE INTLTOOL_EXTRACT INTLTOOL_MERGE INTLTOOL_UPDATE USE_NLS GETTEXT_PACKAGE IPSET EBTABLES_RESTORE EBTABLES IP6TABLES_RESTORE IP6TABLES IPTABLES_RESTORE IPTABLES IFCFGDIR ZSHCOMPLETIONDIR BASHCOMPLETIONDIR SYSTEMD_UNITDIR INSTALL_RPMMACROS INSTALL_RPMMACROS_FALSE INSTALL_RPMMACROS_TRUE INSTALL_SYSCONFIG INSTALL_SYSCONFIG_FALSE INSTALL_SYSCONFIG_TRUE USE_SYSTEMD USE_SYSTEMD_FALSE USE_SYSTEMD_TRUE XMLCATALOG XML_CATALOG_FILE ENABLE_DOCS_FALSE ENABLE_DOCS_TRUE GSETTINGS_RULES GLIB_COMPILE_SCHEMAS gsettingsschemadir PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG GSETTINGS_DISABLE_SCHEMAS_COMPILE PODMAN SYSCTL RMMOD MODPROBE KILL XSLTPROC pkgpyexecdir pyexecdir pkgpythondir pythondir PYTHON_PLATFORM PYTHON_EXEC_PREFIX PYTHON_PREFIX PYTHON_VERSION PYTHON GREP SED LN_S PACKAGE_TAG PACKAGE_RELEASE AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V AM_V am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_silent_rules enable_schemas_compile enable_docs with_xml_catalog enable_systemd enable_sysconfig enable_rpmmacros with_systemd_unitdir with_bashcompletiondir with_zshcompletiondir with_ifcfgdir with_iptables with_iptables_restore with_ip6tables with_ip6tables_restore with_ebtables with_ebtables_restore with_ipset enable_nls ' ac_precious_vars='build_alias host_alias target_alias PYTHON PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures firewalld 0.8.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/firewalld] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of firewalld 0.8.2:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --disable-schemas-compile Disable regeneration of gschemas.compiled on install --disable-docs Disable building documentation --disable-systemd Disable systemd support --enable-sysconfig Install sysconfig file --enable-rpmmacros Install rpm macros file --disable-nls do not use Native Language Support Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-xml-catalog=CATALOG path to xml catalog to use --with-systemd-unitdir Directory for systemd service files --with-bashcompletiondir=DIR Bash completions directory --with-zshcompletiondir=DIR Zsh completions directory --with-ifcfgdir=DIR The ifcfg configuration directory --with-iptables Path to iptables executable --with-iptables-restore Path to iptables-restore executable --with-ip6tables Path to ip6tables executable --with-ip6tables-restore Path to ip6tables-restore executable --with-ebtables Path to ebtables executable --with-ebtables-restore Path to ebtables-restore executable --with-ipset Path to ipset executable Some influential environment variables: PYTHON the Python interpreter PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF firewalld configure 0.8.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by firewalld $as_me 0.8.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu am__api_version='1.13' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi if test "$2" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$2" = conftest.file ) then # Ok. : else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi rm -f conftest.file test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : enableval=$enable_silent_rules; fi case $enable_silent_rules in # ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=1;; esac am_make=${MAKE-make} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 $as_echo_n "checking whether $am_make supports nested variables... " >&6; } if ${am_cv_make_support_nested_variables+:} false; then : $as_echo_n "(cached) " >&6 else if $as_echo 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 $as_echo "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AM_BACKSLASH='\' if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='firewalld' VERSION='0.8.2' # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # mkdir_p='$(MKDIR_P)' # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar plaintar pax cpio none' # The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UID '$am_uid' is supported by ustar format" >&5 $as_echo_n "checking whether UID '$am_uid' is supported by ustar format... " >&6; } if test $am_uid -le $am_max_uid; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } _am_tools=none fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GID '$am_gid' is supported by ustar format" >&5 $as_echo_n "checking whether GID '$am_gid' is supported by ustar format... " >&6; } if test $am_gid -le $am_max_gid; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } _am_tools=none fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5 $as_echo_n "checking how to create a ustar tar archive... " >&6; } # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_ustar-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do { echo "$as_me:$LINENO: $_am_tar --version" >&5 ($_am_tar --version) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && break done am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"' am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x ustar -w "$$tardir"' am__tar_='pax -L -x ustar -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H ustar -L' am__tar_='find "$tardir" -print | cpio -o -H ustar -L' am__untar='cpio -i -H ustar -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_ustar}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } rm -rf conftest.dir if test -s conftest.tar; then { echo "$as_me:$LINENO: $am__untar &5 ($am__untar &5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { echo "$as_me:$LINENO: cat conftest.dir/file" >&5 (cat conftest.dir/file) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } grep GrepMe conftest.dir/file >/dev/null 2>&1 && break fi done rm -rf conftest.dir if ${am_cv_prog_tar_ustar+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_prog_tar_ustar=$_am_tool fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5 $as_echo "$am_cv_prog_tar_ustar" >&6; } PACKAGE_RELEASE='1' cat >>confdefs.h <<_ACEOF #define PACKAGE_RELEASE "$PACKAGE_RELEASE" _ACEOF PACKAGE_TAG='v0.8.2' cat >>confdefs.h <<_ACEOF #define PACKAGE_TAG "$PACKAGE_TAG" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi # Find any Python interpreter. if test -z "$PYTHON"; then for ac_prog in python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PYTHON=$ac_cv_path_PYTHON if test -n "$PYTHON"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 $as_echo "$PYTHON" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PYTHON" && break done test -n "$PYTHON" || PYTHON=":" fi am_display_PYTHON=python if test "$PYTHON" = :; then as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 $as_echo_n "checking for $am_display_PYTHON version... " >&6; } if ${am_cv_python_version+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 $as_echo "$am_cv_python_version" >&6; } PYTHON_VERSION=$am_cv_python_version PYTHON_PREFIX='${prefix}' PYTHON_EXEC_PREFIX='${exec_prefix}' { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 $as_echo_n "checking for $am_display_PYTHON platform... " >&6; } if ${am_cv_python_platform+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 $as_echo "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform # Just factor out some code duplication. am_python_setup_sysconfig="\ import sys # Prefer sysconfig over distutils.sysconfig, for better compatibility # with python 3.x. See automake bug#10227. try: import sysconfig except ImportError: can_use_sysconfig = 0 else: can_use_sysconfig = 1 # Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: # try: from platform import python_implementation if python_implementation() == 'CPython' and sys.version[:3] == '2.7': can_use_sysconfig = 0 except ImportError: pass" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 $as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } if ${am_cv_python_pythondir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 $as_echo "$am_cv_python_pythondir" >&6; } pythondir=$am_cv_python_pythondir pkgpythondir=\${pythondir}/$PACKAGE { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 $as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } if ${am_cv_python_pyexecdir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 $as_echo "$am_cv_python_pyexecdir" >&6; } pyexecdir=$am_cv_python_pyexecdir pkgpyexecdir=\${pyexecdir}/$PACKAGE fi # Extract the first word of "xsltproc", so it can be a program name with args. set dummy xsltproc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XSLTPROC+:} false; then : $as_echo_n "(cached) " >&6 else case $XSLTPROC in [\\/]* | ?:[\\/]*) ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XSLTPROC=$ac_cv_path_XSLTPROC if test -n "$XSLTPROC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 $as_echo "$XSLTPROC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "kill", so it can be a program name with args. set dummy kill; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_KILL+:} false; then : $as_echo_n "(cached) " >&6 else case $KILL in [\\/]* | ?:[\\/]*) ac_cv_path_KILL="$KILL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_KILL" && ac_cv_path_KILL="/usr/bin/kill" ;; esac fi KILL=$ac_cv_path_KILL if test -n "$KILL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 $as_echo "$KILL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "modprobe", so it can be a program name with args. set dummy modprobe; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MODPROBE+:} false; then : $as_echo_n "(cached) " >&6 else case $MODPROBE in [\\/]* | ?:[\\/]*) ac_cv_path_MODPROBE="$MODPROBE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MODPROBE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_MODPROBE" && ac_cv_path_MODPROBE="/sbin/modprobe" ;; esac fi MODPROBE=$ac_cv_path_MODPROBE if test -n "$MODPROBE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MODPROBE" >&5 $as_echo "$MODPROBE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "rmmod", so it can be a program name with args. set dummy rmmod; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_RMMOD+:} false; then : $as_echo_n "(cached) " >&6 else case $RMMOD in [\\/]* | ?:[\\/]*) ac_cv_path_RMMOD="$RMMOD" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_RMMOD="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_RMMOD" && ac_cv_path_RMMOD="/sbin/rmmod" ;; esac fi RMMOD=$ac_cv_path_RMMOD if test -n "$RMMOD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RMMOD" >&5 $as_echo "$RMMOD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "sysctl", so it can be a program name with args. set dummy sysctl; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_SYSCTL+:} false; then : $as_echo_n "(cached) " >&6 else case $SYSCTL in [\\/]* | ?:[\\/]*) ac_cv_path_SYSCTL="$SYSCTL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SYSCTL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_SYSCTL" && ac_cv_path_SYSCTL="/sbin/sysctl" ;; esac fi SYSCTL=$ac_cv_path_SYSCTL if test -n "$SYSCTL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SYSCTL" >&5 $as_echo "$SYSCTL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ac_config_commands="$ac_config_commands src/tests/atconfig" for ac_prog in podman docker do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PODMAN+:} false; then : $as_echo_n "(cached) " >&6 else case $PODMAN in [\\/]* | ?:[\\/]*) ac_cv_path_PODMAN="$PODMAN" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PODMAN="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PODMAN=$ac_cv_path_PODMAN if test -n "$PODMAN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PODMAN" >&5 $as_echo "$PODMAN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PODMAN" && break done test -n "$PODMAN" || PODMAN="/bin/false" # Check whether --enable-schemas-compile was given. if test "${enable_schemas_compile+set}" = set; then : enableval=$enable_schemas_compile; case ${enableval} in yes) GSETTINGS_DISABLE_SCHEMAS_COMPILE="" ;; no) GSETTINGS_DISABLE_SCHEMAS_COMPILE="1" ;; *) as_fn_error $? "bad value ${enableval} for --enable-schemas-compile" "$LINENO" 5 ;; esac fi if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.16 { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi fi gsettingsschemadir=${datadir}/glib-2.0/schemas if test x$cross_compiling != xyes; then GLIB_COMPILE_SCHEMAS=`$PKG_CONFIG --variable glib_compile_schemas gio-2.0` else # Extract the first word of "glib-compile-schemas", so it can be a program name with args. set dummy glib-compile-schemas; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GLIB_COMPILE_SCHEMAS+:} false; then : $as_echo_n "(cached) " >&6 else case $GLIB_COMPILE_SCHEMAS in [\\/]* | ?:[\\/]*) ac_cv_path_GLIB_COMPILE_SCHEMAS="$GLIB_COMPILE_SCHEMAS" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GLIB_COMPILE_SCHEMAS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi GLIB_COMPILE_SCHEMAS=$ac_cv_path_GLIB_COMPILE_SCHEMAS if test -n "$GLIB_COMPILE_SCHEMAS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GLIB_COMPILE_SCHEMAS" >&5 $as_echo "$GLIB_COMPILE_SCHEMAS" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$GLIB_COMPILE_SCHEMAS" = "x"; then as_fn_error $? "glib-compile-schemas not found." "$LINENO" 5 else : fi GSETTINGS_RULES=' .PHONY : uninstall-gsettings-schemas install-gsettings-schemas clean-gsettings-schemas mostlyclean-am: clean-gsettings-schemas gsettings__enum_file = $(addsuffix .enums.xml,$(gsettings_ENUM_NAMESPACE)) %.gschema.valid: %.gschema.xml $(gsettings__enum_file) $(AM_V_GEN) $(GLIB_COMPILE_SCHEMAS) --strict --dry-run $(addprefix --schema-file=,$(gsettings__enum_file)) --schema-file=$< && mkdir -p $(@D) && touch $@ all-am: $(gsettings_SCHEMAS:.xml=.valid) uninstall-am: uninstall-gsettings-schemas install-data-am: install-gsettings-schemas .SECONDARY: $(gsettings_SCHEMAS) install-gsettings-schemas: $(gsettings_SCHEMAS) $(gsettings__enum_file) @$(NORMAL_INSTALL) if test -n "$^"; then \ test -z "$(gsettingsschemadir)" || $(MKDIR_P) "$(DESTDIR)$(gsettingsschemadir)"; \ $(INSTALL_DATA) $^ "$(DESTDIR)$(gsettingsschemadir)"; \ test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir); \ fi uninstall-gsettings-schemas: @$(NORMAL_UNINSTALL) @list='\''$(gsettings_SCHEMAS) $(gsettings__enum_file)'\''; test -n "$(gsettingsschemadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e '\''s|^.*/||'\''`; \ test -n "$$files" || exit 0; \ echo " ( cd '\''$(DESTDIR)$(gsettingsschemadir)'\'' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(gsettingsschemadir)" && rm -f $$files test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir) clean-gsettings-schemas: rm -f $(gsettings_SCHEMAS:.xml=.valid) $(gsettings__enum_file) ifdef gsettings_ENUM_NAMESPACE $(gsettings__enum_file): $(gsettings_ENUM_FILES) $(AM_V_GEN) glib-mkenums --comments '\'''\'' --fhead "" --vhead " <@type@ id='\''$(gsettings_ENUM_NAMESPACE).@EnumName@'\''>" --vprod " " --vtail " " --ftail "" $^ > $@.tmp && mv $@.tmp $@ endif ' ############################################################# # Check whether --enable-docs was given. if test "${enable_docs+set}" = set; then : enableval=$enable_docs; fi if test x$enable_docs != xno; then ENABLE_DOCS_TRUE= ENABLE_DOCS_FALSE='#' else ENABLE_DOCS_TRUE='#' ENABLE_DOCS_FALSE= fi # check for the presence of the XML catalog # Check whether --with-xml-catalog was given. if test "${with_xml_catalog+set}" = set; then : withval=$with_xml_catalog; else with_xml_catalog=/etc/xml/catalog fi jh_found_xmlcatalog=true XML_CATALOG_FILE="$with_xml_catalog" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML catalog ($XML_CATALOG_FILE)" >&5 $as_echo_n "checking for XML catalog ($XML_CATALOG_FILE)... " >&6; } if test -f "$XML_CATALOG_FILE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else jh_found_xmlcatalog=false { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } fi # check for the xmlcatalog program # Extract the first word of "xmlcatalog", so it can be a program name with args. set dummy xmlcatalog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XMLCATALOG+:} false; then : $as_echo_n "(cached) " >&6 else case $XMLCATALOG in [\\/]* | ?:[\\/]*) ac_cv_path_XMLCATALOG="$XMLCATALOG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XMLCATALOG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_XMLCATALOG" && ac_cv_path_XMLCATALOG="no" ;; esac fi XMLCATALOG=$ac_cv_path_XMLCATALOG if test -n "$XMLCATALOG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XMLCATALOG" >&5 $as_echo "$XMLCATALOG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$XMLCATALOG" = xno; then jh_found_xmlcatalog=false fi if $jh_found_xmlcatalog; then : else : fi if test -z "$ENABLE_DOCS_TRUE"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DocBook XSL Stylesheets in XML catalog" >&5 $as_echo_n "checking for DocBook XSL Stylesheets in XML catalog... " >&6; } if $jh_found_xmlcatalog && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$XMLCATALOG --noout \"\$XML_CATALOG_FILE\" \"http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl\" >&2"; } >&5 ($XMLCATALOG --noout "$XML_CATALOG_FILE" "http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl" >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } as_fn_error $? "could not find DocBook XSL Stylesheets in XML catalog" "$LINENO" 5 fi fi ############################################################# # Check whether --enable-systemd was given. if test "${enable_systemd+set}" = set; then : enableval=$enable_systemd; use_systemd=$enableval else use_systemd=yes fi if test x$use_systemd = xyes; then USE_SYSTEMD_TRUE= USE_SYSTEMD_FALSE='#' else USE_SYSTEMD_TRUE='#' USE_SYSTEMD_FALSE= fi # Check whether --enable-sysconfig was given. if test "${enable_sysconfig+set}" = set; then : enableval=$enable_sysconfig; INSTALL_SYSCONFIG="${enableval}" else INSTALL_SYSCONFIG='no' fi if test x$INSTALL_SYSCONFIG = xyes; then INSTALL_SYSCONFIG_TRUE= INSTALL_SYSCONFIG_FALSE='#' else INSTALL_SYSCONFIG_TRUE='#' INSTALL_SYSCONFIG_FALSE= fi # Check whether --enable-rpmmacros was given. if test "${enable_rpmmacros+set}" = set; then : enableval=$enable_rpmmacros; INSTALL_RPMMACROS="${enableval}" else INSTALL_RPMMACROS='no' fi if test x$INSTALL_RPMMACROS = xyes; then INSTALL_RPMMACROS_TRUE= INSTALL_RPMMACROS_FALSE='#' else INSTALL_RPMMACROS_TRUE='#' INSTALL_RPMMACROS_FALSE= fi # Check whether --with-systemd-unitdir was given. if test "${with_systemd_unitdir+set}" = set; then : withval=$with_systemd_unitdir; SYSTEMD_UNITDIR=$withval else SYSTEMD_UNITDIR="\${prefix}/lib/systemd/system" fi # Check whether --with-bashcompletiondir was given. if test "${with_bashcompletiondir+set}" = set; then : withval=$with_bashcompletiondir; BASHCOMPLETIONDIR=$withval else BASHCOMPLETIONDIR="${datadir}/bash-completion/completions" fi # Check whether --with-zshcompletiondir was given. if test "${with_zshcompletiondir+set}" = set; then : withval=$with_zshcompletiondir; ZSHCOMPLETIONDIR=$withval else ZSHCOMPLETIONDIR="${datadir}/zsh/site-functions" fi # Check whether --with-ifcfgdir was given. if test "${with_ifcfgdir+set}" = set; then : withval=$with_ifcfgdir; IFCFGDIR=$withval else IFCFGDIR="/etc/sysconfig/network-scripts" fi # Extend PATH to include /sbin etc in case we are building as non-root FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin" # Check whether --with-iptables was given. if test "${with_iptables+set}" = set; then : withval=$with_iptables; IPTABLES=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for iptables: $IPTABLES" >&5 $as_echo "$as_me: Using for iptables: $IPTABLES" >&6;} else # Extract the first word of "iptables", so it can be a program name with args. set dummy iptables; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IPTABLES+:} false; then : $as_echo_n "(cached) " >&6 else case $IPTABLES in [\\/]* | ?:[\\/]*) ac_cv_path_IPTABLES="$IPTABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPTABLES="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi IPTABLES=$ac_cv_path_IPTABLES if test -n "$IPTABLES"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPTABLES" >&5 $as_echo "$IPTABLES" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$IPTABLES" = "x"; then as_fn_error $? "iptables was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi # Check whether --with-iptables-restore was given. if test "${with_iptables_restore+set}" = set; then : withval=$with_iptables_restore; IPTABLES_RESTORE=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for iptables-restore: $IPTABLES_RESTORE" >&5 $as_echo "$as_me: Using for iptables-restore: $IPTABLES_RESTORE" >&6;} else # Extract the first word of "iptables-restore", so it can be a program name with args. set dummy iptables-restore; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IPTABLES_RESTORE+:} false; then : $as_echo_n "(cached) " >&6 else case $IPTABLES_RESTORE in [\\/]* | ?:[\\/]*) ac_cv_path_IPTABLES_RESTORE="$IPTABLES_RESTORE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPTABLES_RESTORE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi IPTABLES_RESTORE=$ac_cv_path_IPTABLES_RESTORE if test -n "$IPTABLES_RESTORE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPTABLES_RESTORE" >&5 $as_echo "$IPTABLES_RESTORE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$IPTABLES_RESTORE" = "x"; then as_fn_error $? "iptables-restore was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi # Check whether --with-ip6tables was given. if test "${with_ip6tables+set}" = set; then : withval=$with_ip6tables; IP6TABLES=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ip6tables: $IP6TABLES" >&5 $as_echo "$as_me: Using for ip6tables: $IP6TABLES" >&6;} else # Extract the first word of "ip6tables", so it can be a program name with args. set dummy ip6tables; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IP6TABLES+:} false; then : $as_echo_n "(cached) " >&6 else case $IP6TABLES in [\\/]* | ?:[\\/]*) ac_cv_path_IP6TABLES="$IP6TABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IP6TABLES="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi IP6TABLES=$ac_cv_path_IP6TABLES if test -n "$IP6TABLES"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IP6TABLES" >&5 $as_echo "$IP6TABLES" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$IP6TABLES" = "x"; then as_fn_error $? "ip6tables was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi # Check whether --with-ip6tables-restore was given. if test "${with_ip6tables_restore+set}" = set; then : withval=$with_ip6tables_restore; IP6TABLES_RESTORE=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ip6tables-restore: $IP6TABLES_RESTORE" >&5 $as_echo "$as_me: Using for ip6tables-restore: $IP6TABLES_RESTORE" >&6;} else # Extract the first word of "ip6tables-restore", so it can be a program name with args. set dummy ip6tables-restore; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IP6TABLES_RESTORE+:} false; then : $as_echo_n "(cached) " >&6 else case $IP6TABLES_RESTORE in [\\/]* | ?:[\\/]*) ac_cv_path_IP6TABLES_RESTORE="$IP6TABLES_RESTORE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IP6TABLES_RESTORE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi IP6TABLES_RESTORE=$ac_cv_path_IP6TABLES_RESTORE if test -n "$IP6TABLES_RESTORE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IP6TABLES_RESTORE" >&5 $as_echo "$IP6TABLES_RESTORE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$IP6TABLES_RESTORE" = "x"; then as_fn_error $? "ip6tables-restore was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi # Check whether --with-ebtables was given. if test "${with_ebtables+set}" = set; then : withval=$with_ebtables; EBTABLES=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ebtables: $EBTABLES" >&5 $as_echo "$as_me: Using for ebtables: $EBTABLES" >&6;} else # Extract the first word of "ebtables", so it can be a program name with args. set dummy ebtables; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_EBTABLES+:} false; then : $as_echo_n "(cached) " >&6 else case $EBTABLES in [\\/]* | ?:[\\/]*) ac_cv_path_EBTABLES="$EBTABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_EBTABLES="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi EBTABLES=$ac_cv_path_EBTABLES if test -n "$EBTABLES"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EBTABLES" >&5 $as_echo "$EBTABLES" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$EBTABLES" = "x"; then as_fn_error $? "ebtables was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi # Check whether --with-ebtables-restore was given. if test "${with_ebtables_restore+set}" = set; then : withval=$with_ebtables_restore; EBTABLES_RESTORE=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ebtables-restore: $EBTABLES_RESTORE" >&5 $as_echo "$as_me: Using for ebtables-restore: $EBTABLES_RESTORE" >&6;} else # Extract the first word of "ebtables-restore", so it can be a program name with args. set dummy ebtables-restore; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_EBTABLES_RESTORE+:} false; then : $as_echo_n "(cached) " >&6 else case $EBTABLES_RESTORE in [\\/]* | ?:[\\/]*) ac_cv_path_EBTABLES_RESTORE="$EBTABLES_RESTORE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_EBTABLES_RESTORE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi EBTABLES_RESTORE=$ac_cv_path_EBTABLES_RESTORE if test -n "$EBTABLES_RESTORE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EBTABLES_RESTORE" >&5 $as_echo "$EBTABLES_RESTORE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$EBTABLES_RESTORE" = "x"; then as_fn_error $? "ebtables-restore was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi # Check whether --with-ipset was given. if test "${with_ipset+set}" = set; then : withval=$with_ipset; IPSET=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ipset: $IPSET" >&5 $as_echo "$as_me: Using for ipset: $IPSET" >&6;} else # Extract the first word of "ipset", so it can be a program name with args. set dummy ipset; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IPSET+:} false; then : $as_echo_n "(cached) " >&6 else case $IPSET in [\\/]* | ?:[\\/]*) ac_cv_path_IPSET="$IPSET" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPSET="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi IPSET=$ac_cv_path_IPSET if test -n "$IPSET"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPSET" >&5 $as_echo "$IPSET" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$IPSET" = "x"; then as_fn_error $? "ipset was not found in $FW_TOOLS_PATH" "$LINENO" 5 fi ############################################################# GETTEXT_PACKAGE='firewalld' cat >>confdefs.h <<_ACEOF #define GETTEXT_PACKAGE "$GETTEXT_PACKAGE" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 $as_echo_n "checking whether NLS is requested... " >&6; } # Check whether --enable-nls was given. if test "${enable_nls+set}" = set; then : enableval=$enable_nls; USE_NLS=$enableval else USE_NLS=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } case "$am__api_version" in 1.01234) as_fn_error $? "Automake 1.5 or newer is required to use intltool" "$LINENO" 5 ;; *) ;; esac INTLTOOL_REQUIRED_VERSION_AS_INT=`echo 0.35.0 | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` INTLTOOL_APPLIED_VERSION=`intltool-update --version | head -1 | cut -d" " -f3` INTLTOOL_APPLIED_VERSION_AS_INT=`echo $INTLTOOL_APPLIED_VERSION | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` if test -n "0.35.0"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intltool >= 0.35.0" >&5 $as_echo_n "checking for intltool >= 0.35.0... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_APPLIED_VERSION found" >&5 $as_echo "$INTLTOOL_APPLIED_VERSION found" >&6; } test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge "$INTLTOOL_REQUIRED_VERSION_AS_INT" || as_fn_error $? "Your intltool is too old. You need intltool 0.35.0 or later." "$LINENO" 5 fi # Extract the first word of "intltool-update", so it can be a program name with args. set dummy intltool-update; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_UPDATE+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_UPDATE in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_UPDATE="$INTLTOOL_UPDATE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_UPDATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_UPDATE=$ac_cv_path_INTLTOOL_UPDATE if test -n "$INTLTOOL_UPDATE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_UPDATE" >&5 $as_echo "$INTLTOOL_UPDATE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "intltool-merge", so it can be a program name with args. set dummy intltool-merge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_MERGE+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_MERGE in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_MERGE="$INTLTOOL_MERGE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_MERGE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_MERGE=$ac_cv_path_INTLTOOL_MERGE if test -n "$INTLTOOL_MERGE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_MERGE" >&5 $as_echo "$INTLTOOL_MERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "intltool-extract", so it can be a program name with args. set dummy intltool-extract; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_EXTRACT+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_EXTRACT in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_EXTRACT="$INTLTOOL_EXTRACT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_EXTRACT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_EXTRACT=$ac_cv_path_INTLTOOL_EXTRACT if test -n "$INTLTOOL_EXTRACT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_EXTRACT" >&5 $as_echo "$INTLTOOL_EXTRACT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$INTLTOOL_UPDATE" -o -z "$INTLTOOL_MERGE" -o -z "$INTLTOOL_EXTRACT"; then as_fn_error $? "The intltool scripts were not found. Please install intltool." "$LINENO" 5 fi if test -z "$AM_DEFAULT_VERBOSITY"; then AM_DEFAULT_VERBOSITY=1 fi INTLTOOL_V_MERGE='$(INTLTOOL__v_MERGE_$(V))' INTLTOOL__v_MERGE_='$(INTLTOOL__v_MERGE_$(AM_DEFAULT_VERBOSITY))' INTLTOOL__v_MERGE_0='@echo " ITMRG " $@;' INTLTOOL_V_MERGE_OPTIONS='$(intltool__v_merge_options_$(V))' intltool__v_merge_options_='$(intltool__v_merge_options_$(AM_DEFAULT_VERBOSITY))' intltool__v_merge_options_0='-q' INTLTOOL_DESKTOP_RULE='%.desktop: %.desktop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_DIRECTORY_RULE='%.directory: %.directory.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_KEYS_RULE='%.keys: %.keys.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -k -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_PROP_RULE='%.prop: %.prop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_OAF_RULE='%.oaf: %.oaf.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -p $(top_srcdir)/po $< $@' INTLTOOL_PONG_RULE='%.pong: %.pong.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SERVER_RULE='%.server: %.server.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SHEET_RULE='%.sheet: %.sheet.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SOUNDLIST_RULE='%.soundlist: %.soundlist.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_UI_RULE='%.ui: %.ui.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_XML_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' if test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge 5000; then INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u --no-translations $< $@' else INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)_it_tmp_dir=tmp.intltool.$$RANDOM && mkdir $$_it_tmp_dir && LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u $$_it_tmp_dir $< $@ && rmdir $$_it_tmp_dir' fi INTLTOOL_XAM_RULE='%.xam: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_KBD_RULE='%.kbd: %.kbd.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -m -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_CAVES_RULE='%.caves: %.caves.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SCHEMAS_RULE='%.schemas: %.schemas.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -s -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_THEME_RULE='%.theme: %.theme.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SERVICE_RULE='%.service: %.service.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_POLICY_RULE='%.policy: %.policy.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' # Check the gettext tools to make sure they are GNU # Extract the first word of "xgettext", so it can be a program name with args. set dummy xgettext; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XGETTEXT+:} false; then : $as_echo_n "(cached) " >&6 else case $XGETTEXT in [\\/]* | ?:[\\/]*) ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XGETTEXT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XGETTEXT=$ac_cv_path_XGETTEXT if test -n "$XGETTEXT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 $as_echo "$XGETTEXT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "msgmerge", so it can be a program name with args. set dummy msgmerge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGMERGE+:} false; then : $as_echo_n "(cached) " >&6 else case $MSGMERGE in [\\/]* | ?:[\\/]*) ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MSGMERGE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MSGMERGE=$ac_cv_path_MSGMERGE if test -n "$MSGMERGE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 $as_echo "$MSGMERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $MSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MSGFMT=$ac_cv_path_MSGFMT if test -n "$MSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 $as_echo "$MSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gmsgfmt", so it can be a program name with args. set dummy gmsgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GMSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $GMSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" ;; esac fi GMSGFMT=$ac_cv_path_GMSGFMT if test -n "$GMSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 $as_echo "$GMSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then as_fn_error $? "GNU gettext tools not found; required for intltool" "$LINENO" 5 fi xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`" mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`" mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`" if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then as_fn_error $? "GNU gettext tools not found; required for intltool" "$LINENO" 5 fi # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_PERL+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_PERL in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_PERL="$INTLTOOL_PERL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_PERL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_PERL=$ac_cv_path_INTLTOOL_PERL if test -n "$INTLTOOL_PERL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_PERL" >&5 $as_echo "$INTLTOOL_PERL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$INTLTOOL_PERL"; then as_fn_error $? "perl not found" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for perl >= 5.8.1" >&5 $as_echo_n "checking for perl >= 5.8.1... " >&6; } $INTLTOOL_PERL -e "use 5.8.1;" > /dev/null 2>&1 if test $? -ne 0; then as_fn_error $? "perl 5.8.1 is required for intltool" "$LINENO" 5 else IT_PERL_VERSION=`$INTLTOOL_PERL -e "printf '%vd', $^V"` { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IT_PERL_VERSION" >&5 $as_echo "$IT_PERL_VERSION" >&6; } fi if test "xno-xml" != "xno-xml"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML::Parser" >&5 $as_echo_n "checking for XML::Parser... " >&6; } if `$INTLTOOL_PERL -e "require XML::Parser" 2>/dev/null`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } else as_fn_error $? "XML::Parser perl module is required for intltool" "$LINENO" 5 fi fi # Substitute ALL_LINGUAS so we can use it in po/Makefile GETTEXT_MACRO_VERSION=0.19 # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case "$MSGFMT" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" ;; esac fi MSGFMT="$ac_cv_path_MSGFMT" if test "$MSGFMT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 $as_echo "$MSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gmsgfmt", so it can be a program name with args. set dummy gmsgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GMSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $GMSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" ;; esac fi GMSGFMT=$ac_cv_path_GMSGFMT if test -n "$GMSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 $as_echo "$GMSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; *) MSGFMT_015=$MSGFMT ;; esac case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; *) GMSGFMT_015=$GMSGFMT ;; esac # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "xgettext", so it can be a program name with args. set dummy xgettext; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XGETTEXT+:} false; then : $as_echo_n "(cached) " >&6 else case "$XGETTEXT" in [\\/]* | ?:[\\/]*) ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" ;; esac fi XGETTEXT="$ac_cv_path_XGETTEXT" if test "$XGETTEXT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 $as_echo "$XGETTEXT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f messages.po case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; *) XGETTEXT_015=$XGETTEXT ;; esac # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgmerge", so it can be a program name with args. set dummy msgmerge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGMERGE+:} false; then : $as_echo_n "(cached) " >&6 else case "$MSGMERGE" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" ;; esac fi MSGMERGE="$ac_cv_path_MSGMERGE" if test "$MSGMERGE" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 $as_echo "$MSGMERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$localedir" || localedir='${datadir}/locale' test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= ac_config_commands="$ac_config_commands po-directories" ac_config_commands="$ac_config_commands xsl-cleanup" ac_config_files="$ac_config_files Makefile doxygen.conf config/lockdown-whitelist.xml config/Makefile doc/Makefile doc/man/Makefile doc/man/man1/Makefile doc/man/man5/Makefile doc/xml/Makefile po/Makefile.in shell-completion/Makefile src/firewall/config/__init__.py src/Makefile src/tests/Makefile src/tests/atlocal src/icons/Makefile" ac_config_files="$ac_config_files src/firewall-applet" ac_config_files="$ac_config_files src/firewall-cmd" ac_config_files="$ac_config_files src/firewall-offline-cmd" ac_config_files="$ac_config_files src/firewall-config" ac_config_files="$ac_config_files src/firewalld" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. # # If the first sed substitution is executed (which looks for macros that # take arguments), then branch to the quote section. Otherwise, # look for a macro that doesn't take arguments. ac_script=' :mline /\\$/{ N s,\\\n,, b mline } t clear :clear s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g t quote s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g s/\[/\\&/g s/\]/\\&/g s/\$/$$/g H :any ${ g s/^\n// s/\n/ /g p } ' DEFS=`sed -n "$ac_script" confdefs.h` ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs { $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 $as_echo_n "checking that generated files are newer than configure... " >&6; } if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 $as_echo "done" >&6; } if test -z "${ENABLE_DOCS_TRUE}" && test -z "${ENABLE_DOCS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_DOCS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${INSTALL_SYSCONFIG_TRUE}" && test -z "${INSTALL_SYSCONFIG_FALSE}"; then as_fn_error $? "conditional \"INSTALL_SYSCONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${INSTALL_RPMMACROS_TRUE}" && test -z "${INSTALL_RPMMACROS_FALSE}"; then as_fn_error $? "conditional \"INSTALL_RPMMACROS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi ac_config_commands="$ac_config_commands po/stamp-it" : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by firewalld $as_me 0.8.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE Configuration files: $config_files Configuration commands: $config_commands Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ firewalld config.status 0.8.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --he | --h | --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # # Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake < 1.5. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" rm -f doc/xml/transform-*.xsl _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "src/tests/atconfig") CONFIG_COMMANDS="$CONFIG_COMMANDS src/tests/atconfig" ;; "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;; "xsl-cleanup") CONFIG_COMMANDS="$CONFIG_COMMANDS xsl-cleanup" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doxygen.conf") CONFIG_FILES="$CONFIG_FILES doxygen.conf" ;; "config/lockdown-whitelist.xml") CONFIG_FILES="$CONFIG_FILES config/lockdown-whitelist.xml" ;; "config/Makefile") CONFIG_FILES="$CONFIG_FILES config/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;; "doc/man/man1/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man1/Makefile" ;; "doc/man/man5/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man5/Makefile" ;; "doc/xml/Makefile") CONFIG_FILES="$CONFIG_FILES doc/xml/Makefile" ;; "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; "shell-completion/Makefile") CONFIG_FILES="$CONFIG_FILES shell-completion/Makefile" ;; "src/firewall/config/__init__.py") CONFIG_FILES="$CONFIG_FILES src/firewall/config/__init__.py" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/tests/Makefile" ;; "src/tests/atlocal") CONFIG_FILES="$CONFIG_FILES src/tests/atlocal" ;; "src/icons/Makefile") CONFIG_FILES="$CONFIG_FILES src/icons/Makefile" ;; "src/firewall-applet") CONFIG_FILES="$CONFIG_FILES src/firewall-applet" ;; "src/firewall-cmd") CONFIG_FILES="$CONFIG_FILES src/firewall-cmd" ;; "src/firewall-offline-cmd") CONFIG_FILES="$CONFIG_FILES src/firewall-offline-cmd" ;; "src/firewall-config") CONFIG_FILES="$CONFIG_FILES src/firewall-config" ;; "src/firewalld") CONFIG_FILES="$CONFIG_FILES src/firewalld" ;; "po/stamp-it") CONFIG_COMMANDS="$CONFIG_COMMANDS po/stamp-it" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "src/tests/atconfig":C) cat >src/tests/atconfig < "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done ;; "src/firewall-applet":F) chmod +x src/firewall-applet ;; "src/firewall-cmd":F) chmod +x src/firewall-cmd ;; "src/firewall-offline-cmd":F) chmod +x src/firewall-offline-cmd ;; "src/firewall-config":F) chmod +x src/firewall-config ;; "src/firewalld":F) chmod +x src/firewalld ;; "po/stamp-it":C) if ! grep "^# INTLTOOL_MAKEFILE$" "po/Makefile.in" > /dev/null ; then as_fn_error $? "po/Makefile.in.in was not created by intltoolize." "$LINENO" 5 fi rm -f "po/stamp-it" "po/stamp-it.tmp" "po/POTFILES" "po/Makefile.tmp" >"po/stamp-it.tmp" sed '/^#/d s/^[[].*] *// /^[ ]*$/d '"s|^| $ac_top_srcdir/|" \ "$srcdir/po/POTFILES.in" | sed '$!s/$/ \\/' >"po/POTFILES" sed '/^POTFILES =/,/[^\\]$/ { /^POTFILES =/!d r po/POTFILES } ' "po/Makefile.in" >"po/Makefile" rm -f "po/Makefile.tmp" mv "po/stamp-it.tmp" "po/stamp-it" ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi firewalld-0.8.2/m4/0000775007115300711530000000000013641123256015177 5ustar00egarveregarver00000000000000firewalld-0.8.2/m4/intltool.m40000644007115300711530000002636113051337761017316 0ustar00egarveregarver00000000000000## intltool.m4 - Configure intltool for the target system. -*-Shell-script-*- ## Copyright (C) 2001 Eazel, Inc. ## Author: Maciej Stachowiak ## Kenneth Christiansen ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ## ## As a special exception to the GNU General Public License, if you ## distribute this file as part of a program that contains a ## configuration script generated by Autoconf, you may include it under ## the same distribution terms that you use for the rest of that program. dnl IT_PROG_INTLTOOL([MINIMUM-VERSION], [no-xml]) # serial 42 IT_PROG_INTLTOOL AC_DEFUN([IT_PROG_INTLTOOL], [ AC_PREREQ([2.50])dnl AC_REQUIRE([AM_NLS])dnl case "$am__api_version" in 1.[01234]) AC_MSG_ERROR([Automake 1.5 or newer is required to use intltool]) ;; *) ;; esac INTLTOOL_REQUIRED_VERSION_AS_INT=`echo $1 | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` INTLTOOL_APPLIED_VERSION=`intltool-update --version | head -1 | cut -d" " -f3` INTLTOOL_APPLIED_VERSION_AS_INT=`echo $INTLTOOL_APPLIED_VERSION | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` if test -n "$1"; then AC_MSG_CHECKING([for intltool >= $1]) AC_MSG_RESULT([$INTLTOOL_APPLIED_VERSION found]) test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge "$INTLTOOL_REQUIRED_VERSION_AS_INT" || AC_MSG_ERROR([Your intltool is too old. You need intltool $1 or later.]) fi AC_PATH_PROG(INTLTOOL_UPDATE, [intltool-update]) AC_PATH_PROG(INTLTOOL_MERGE, [intltool-merge]) AC_PATH_PROG(INTLTOOL_EXTRACT, [intltool-extract]) if test -z "$INTLTOOL_UPDATE" -o -z "$INTLTOOL_MERGE" -o -z "$INTLTOOL_EXTRACT"; then AC_MSG_ERROR([The intltool scripts were not found. Please install intltool.]) fi if test -z "$AM_DEFAULT_VERBOSITY"; then AM_DEFAULT_VERBOSITY=1 fi AC_SUBST([AM_DEFAULT_VERBOSITY]) INTLTOOL_V_MERGE='$(INTLTOOL__v_MERGE_$(V))' INTLTOOL__v_MERGE_='$(INTLTOOL__v_MERGE_$(AM_DEFAULT_VERBOSITY))' INTLTOOL__v_MERGE_0='@echo " ITMRG " [$]@;' AC_SUBST(INTLTOOL_V_MERGE) AC_SUBST(INTLTOOL__v_MERGE_) AC_SUBST(INTLTOOL__v_MERGE_0) INTLTOOL_V_MERGE_OPTIONS='$(intltool__v_merge_options_$(V))' intltool__v_merge_options_='$(intltool__v_merge_options_$(AM_DEFAULT_VERBOSITY))' intltool__v_merge_options_0='-q' AC_SUBST(INTLTOOL_V_MERGE_OPTIONS) AC_SUBST(intltool__v_merge_options_) AC_SUBST(intltool__v_merge_options_0) INTLTOOL_DESKTOP_RULE='%.desktop: %.desktop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_DIRECTORY_RULE='%.directory: %.directory.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_KEYS_RULE='%.keys: %.keys.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -k -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_PROP_RULE='%.prop: %.prop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_OAF_RULE='%.oaf: %.oaf.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -p $(top_srcdir)/po $< [$]@' INTLTOOL_PONG_RULE='%.pong: %.pong.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SERVER_RULE='%.server: %.server.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SHEET_RULE='%.sheet: %.sheet.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SOUNDLIST_RULE='%.soundlist: %.soundlist.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_UI_RULE='%.ui: %.ui.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_XML_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' if test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge 5000; then INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u --no-translations $< [$]@' else INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)_it_tmp_dir=tmp.intltool.[$][$]RANDOM && mkdir [$][$]_it_tmp_dir && LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u [$][$]_it_tmp_dir $< [$]@ && rmdir [$][$]_it_tmp_dir' fi INTLTOOL_XAM_RULE='%.xam: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_KBD_RULE='%.kbd: %.kbd.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -m -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_CAVES_RULE='%.caves: %.caves.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SCHEMAS_RULE='%.schemas: %.schemas.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -s -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_THEME_RULE='%.theme: %.theme.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SERVICE_RULE='%.service: %.service.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_POLICY_RULE='%.policy: %.policy.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' _IT_SUBST(INTLTOOL_DESKTOP_RULE) _IT_SUBST(INTLTOOL_DIRECTORY_RULE) _IT_SUBST(INTLTOOL_KEYS_RULE) _IT_SUBST(INTLTOOL_PROP_RULE) _IT_SUBST(INTLTOOL_OAF_RULE) _IT_SUBST(INTLTOOL_PONG_RULE) _IT_SUBST(INTLTOOL_SERVER_RULE) _IT_SUBST(INTLTOOL_SHEET_RULE) _IT_SUBST(INTLTOOL_SOUNDLIST_RULE) _IT_SUBST(INTLTOOL_UI_RULE) _IT_SUBST(INTLTOOL_XAM_RULE) _IT_SUBST(INTLTOOL_KBD_RULE) _IT_SUBST(INTLTOOL_XML_RULE) _IT_SUBST(INTLTOOL_XML_NOMERGE_RULE) _IT_SUBST(INTLTOOL_CAVES_RULE) _IT_SUBST(INTLTOOL_SCHEMAS_RULE) _IT_SUBST(INTLTOOL_THEME_RULE) _IT_SUBST(INTLTOOL_SERVICE_RULE) _IT_SUBST(INTLTOOL_POLICY_RULE) # Check the gettext tools to make sure they are GNU AC_PATH_PROG(XGETTEXT, xgettext) AC_PATH_PROG(MSGMERGE, msgmerge) AC_PATH_PROG(MSGFMT, msgfmt) AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then AC_MSG_ERROR([GNU gettext tools not found; required for intltool]) fi xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`" mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`" mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`" if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then AC_MSG_ERROR([GNU gettext tools not found; required for intltool]) fi AC_PATH_PROG(INTLTOOL_PERL, perl) if test -z "$INTLTOOL_PERL"; then AC_MSG_ERROR([perl not found]) fi AC_MSG_CHECKING([for perl >= 5.8.1]) $INTLTOOL_PERL -e "use 5.8.1;" > /dev/null 2>&1 if test $? -ne 0; then AC_MSG_ERROR([perl 5.8.1 is required for intltool]) else IT_PERL_VERSION=`$INTLTOOL_PERL -e "printf '%vd', $^V"` AC_MSG_RESULT([$IT_PERL_VERSION]) fi if test "x$2" != "xno-xml"; then AC_MSG_CHECKING([for XML::Parser]) if `$INTLTOOL_PERL -e "require XML::Parser" 2>/dev/null`; then AC_MSG_RESULT([ok]) else AC_MSG_ERROR([XML::Parser perl module is required for intltool]) fi fi # Substitute ALL_LINGUAS so we can use it in po/Makefile AC_SUBST(ALL_LINGUAS) IT_PO_SUBDIR([po]) ]) # IT_PO_SUBDIR(DIRNAME) # --------------------- # All po subdirs have to be declared with this macro; the subdir "po" is # declared by IT_PROG_INTLTOOL. # AC_DEFUN([IT_PO_SUBDIR], [AC_PREREQ([2.53])dnl We use ac_top_srcdir inside AC_CONFIG_COMMANDS. dnl dnl The following CONFIG_COMMANDS should be executed at the very end dnl of config.status. AC_CONFIG_COMMANDS_PRE([ AC_CONFIG_COMMANDS([$1/stamp-it], [ if [ ! grep "^# INTLTOOL_MAKEFILE$" "$1/Makefile.in" > /dev/null ]; then AC_MSG_ERROR([$1/Makefile.in.in was not created by intltoolize.]) fi rm -f "$1/stamp-it" "$1/stamp-it.tmp" "$1/POTFILES" "$1/Makefile.tmp" >"$1/stamp-it.tmp" [sed '/^#/d s/^[[].*] *// /^[ ]*$/d '"s|^| $ac_top_srcdir/|" \ "$srcdir/$1/POTFILES.in" | sed '$!s/$/ \\/' >"$1/POTFILES" ] [sed '/^POTFILES =/,/[^\\]$/ { /^POTFILES =/!d r $1/POTFILES } ' "$1/Makefile.in" >"$1/Makefile"] rm -f "$1/Makefile.tmp" mv "$1/stamp-it.tmp" "$1/stamp-it" ]) ])dnl ]) # _IT_SUBST(VARIABLE) # ------------------- # Abstract macro to do either _AM_SUBST_NOTMAKE or AC_SUBST # AC_DEFUN([_IT_SUBST], [ AC_SUBST([$1]) m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([$1])]) ] ) # deprecated macros AU_ALIAS([AC_PROG_INTLTOOL], [IT_PROG_INTLTOOL]) # A hint is needed for aclocal from Automake <= 1.9.4: # AC_DEFUN([AC_PROG_INTLTOOL], ...) firewalld-0.8.2/m4/jh_path_xml_catalog.m40000664007115300711530000000321313620317435021430 0ustar00egarveregarver00000000000000# Checks the location of the XML Catalog # Usage: # JH_PATH_XML_CATALOG([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # Defines XMLCATALOG and XML_CATALOG_FILE substitutions AC_DEFUN([JH_PATH_XML_CATALOG], [ # check for the presence of the XML catalog AC_ARG_WITH([xml-catalog], AC_HELP_STRING([--with-xml-catalog=CATALOG], [path to xml catalog to use]),, [with_xml_catalog=/etc/xml/catalog]) jh_found_xmlcatalog=true XML_CATALOG_FILE="$with_xml_catalog" AC_SUBST([XML_CATALOG_FILE]) AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)]) if test -f "$XML_CATALOG_FILE"; then AC_MSG_RESULT([found]) else jh_found_xmlcatalog=false AC_MSG_RESULT([not found]) fi # check for the xmlcatalog program AC_PATH_PROG(XMLCATALOG, xmlcatalog, no) if test "x$XMLCATALOG" = xno; then jh_found_xmlcatalog=false fi if $jh_found_xmlcatalog; then ifelse([$1],,[:],[$1]) else ifelse([$2],,[AC_MSG_ERROR([could not find XML catalog])],[$2]) fi ]) # Checks if the particular URI appears in the XML catalog # Usage: # JH_CHECK_XML_CATALOG(URI, [FRIENDLY-NAME], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([JH_CHECK_XML_CATALOG], [ AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])]) AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog]) if $jh_found_xmlcatalog && \ AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then AC_MSG_RESULT([found]) ifelse([$3],,,[$3 ]) else AC_MSG_RESULT([not found]) ifelse([$4],, [AC_MSG_ERROR([could not find ifelse([$2],,[$1],[$2]) in XML catalog])], [$4]) fi ]) firewalld-0.8.2/Makefile.in0000664007115300711530000007302313641123176016732 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = . DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/configure $(am__configure_deps) \ $(srcdir)/doxygen.conf.in \ $(top_srcdir)/src/firewall/config/__init__.py.in COPYING \ README install-sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = doxygen.conf src/firewall/config/__init__.py CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope distdir dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" GZIP_ENV = --best DIST_ARCHIVES = $(distdir).tar.bz2 distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = config doc po shell-completion src DIST_TARGETS = dist-gzip EXTRA_DIST = \ COPYING \ README \ autogen.sh \ ${PACKAGE_NAME}.spec CLEANFILES = *~ *\# .\#* *.tar* DISTCLEANFILES = config.log intltool-* DISTCLEANDIRS = autom4te.cache ${PACKAGE_NAME}-* all: all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): doxygen.conf: $(top_builddir)/config.status $(srcdir)/doxygen.conf.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/firewall/config/__init__.py: $(top_builddir)/config.status $(top_srcdir)/src/firewall/config/__init__.py.in cd $(top_builddir) && $(SHELL) ./config.status $@ # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ distcheck distclean distclean-generic distclean-local \ distclean-tags distcleancheck distdir distuninstallcheck dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am tag: @spec_ver=`awk '/Version:/ { print $$2}' ${PACKAGE_NAME}.spec`; \ if test "$$spec_ver" != "${PACKAGE_VERSION}"; then \ echo "Spec file and package versions differ: $$spec_ver != ${PACKAGE_VERSION}"; \ secs=10; \ echo -n "Using ./autogen.sh in $$secs seconds: "; \ for i in `seq $$secs -1 1`; do echo -n "."; sleep 1; done; echo; \ ./autogen.sh; \ echo; \ echo "Please run make again to apply version changes."; \ exit 1; \ fi @if ! git diff --quiet --exit-code; then \ clear; \ echo -n "========================================"; \ echo "========================================"; \ PAGER= git diff; \ echo -n "========================================"; \ echo "========================================"; \ echo "Do you want to commit these changes? (y/N)"; \ read answer; \ [ "$$answer" == "Y" -o "$$answer" == "y" ] || exit 1; \ git commit -a -m "$(PACKAGE_TAG)"; \ fi git tag -f $(PACKAGE_TAG) git push git push --tags dist: clean-docs update-docs dist-check: @rm -f _dist_check_failed @(cat config/Makefile.am | sed -n '/^CONFIG_FILES/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd config; git ls-files icmptypes helpers ipsets services zones | sort | sed -e 's/^/\t/' | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix config/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @(cat src/Makefile.am | sed -n '/^nobase_dist_python_DATA/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd src; git ls-files firewall | sort | sed -e 's/^/\t/' -e "s/.py.in/.py/" | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix src/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @if [ -f "_dist_check_failed" ]; then \ rm -f _dist_check_failed; \ exit 1; \ fi check-container check-integration installcheck-integration: $(MAKE) -C src/tests $@ .PHONY: check-container check-integration installcheck-integration update-docs: $(MAKE) -C doc/xml clean-docs: $(MAKE) -C doc/xml clean archive: dist-check $(desktop_DATA) tag dist local: distclean @rm -rf ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) /tmp/${PACKAGE_NAME} @dir=$$PWD; cd /tmp; cp -a $$dir ${PACKAGE_NAME} @mv /tmp/${PACKAGE_NAME} /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @dir=$$PWD; cd /tmp; tar --gzip -cSpf $$dir/${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz ${PACKAGE_NAME}-$(PACKAGE_VERSION) @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @echo "The archive is in ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz" test-rpm: dist @rpmbuild -ta $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz test-srpm: dist @rpmbuild -ts $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz update-po: ls $(top_srcdir)/po/*.po | sed 's/.*\/po\///;s/.po//' > $(top_srcdir)/po/LINGUAS $(MAKE) -C po update-po ${PACKAGE_NAME}.pot # This merges translations from the upstream master branch. # It's only meant to be used from the stable branches. Translations # contributions are only done against master. merge-po: update-po git fetch -q https://github.com/firewalld/firewalld master; \ for po in $(top_srcdir)/po/*.po; do \ mv $${po} $${po}.old; \ git checkout -q FETCH_HEAD $${po}; \ msgcat --use-first -o $${po}.merged $${po} $${po}.old; \ mv $${po}.merged $${po}; \ git add $${po}; \ done clean-po: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ msgattrib --translated --no-fuzzy --no-obsolete --force-po --no-location --clear-previous --strict $(top_srcdir)/po/$$cat.po -o $(top_srcdir)/po/$$cat.out; \ mv -f $(top_srcdir)/po/$$cat.out $(top_srcdir)/po/$$cat.po; \ done report: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ echo -n "$$cat: "; \ $(MSGFMT) --statistics -o /dev/null $(top_srcdir)/po/$$cat.po; \ done distclean-local: -test -z "$(DISTCLEANDIRS)" || rm -rf $(DISTCLEANDIRS) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/aclocal.m40000664007115300711530000021234713641123176016531 0ustar00egarveregarver00000000000000# generated automatically by aclocal 1.13.4 -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) dnl GLIB_GSETTINGS dnl Defines GSETTINGS_SCHEMAS_INSTALL which controls whether dnl the schema should be compiled dnl AC_DEFUN([GLIB_GSETTINGS], [ m4_pattern_allow([AM_V_GEN]) AC_ARG_ENABLE(schemas-compile, AS_HELP_STRING([--disable-schemas-compile], [Disable regeneration of gschemas.compiled on install]), [case ${enableval} in yes) GSETTINGS_DISABLE_SCHEMAS_COMPILE="" ;; no) GSETTINGS_DISABLE_SCHEMAS_COMPILE="1" ;; *) AC_MSG_ERROR([bad value ${enableval} for --enable-schemas-compile]) ;; esac]) AC_SUBST([GSETTINGS_DISABLE_SCHEMAS_COMPILE]) PKG_PROG_PKG_CONFIG([0.16]) AC_SUBST(gsettingsschemadir, [${datadir}/glib-2.0/schemas]) if test x$cross_compiling != xyes; then GLIB_COMPILE_SCHEMAS=`$PKG_CONFIG --variable glib_compile_schemas gio-2.0` else AC_PATH_PROG(GLIB_COMPILE_SCHEMAS, glib-compile-schemas) fi AC_SUBST(GLIB_COMPILE_SCHEMAS) if test "x$GLIB_COMPILE_SCHEMAS" = "x"; then ifelse([$2],,[AC_MSG_ERROR([glib-compile-schemas not found.])],[$2]) else ifelse([$1],,[:],[$1]) fi GSETTINGS_RULES=' .PHONY : uninstall-gsettings-schemas install-gsettings-schemas clean-gsettings-schemas mostlyclean-am: clean-gsettings-schemas gsettings__enum_file = $(addsuffix .enums.xml,$(gsettings_ENUM_NAMESPACE)) %.gschema.valid: %.gschema.xml $(gsettings__enum_file) $(AM_V_GEN) $(GLIB_COMPILE_SCHEMAS) --strict --dry-run $(addprefix --schema-file=,$(gsettings__enum_file)) --schema-file=$< && mkdir -p [$](@D) && touch [$]@ all-am: $(gsettings_SCHEMAS:.xml=.valid) uninstall-am: uninstall-gsettings-schemas install-data-am: install-gsettings-schemas .SECONDARY: $(gsettings_SCHEMAS) install-gsettings-schemas: $(gsettings_SCHEMAS) $(gsettings__enum_file) @$(NORMAL_INSTALL) if test -n "$^"; then \ test -z "$(gsettingsschemadir)" || $(MKDIR_P) "$(DESTDIR)$(gsettingsschemadir)"; \ $(INSTALL_DATA) $^ "$(DESTDIR)$(gsettingsschemadir)"; \ test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir); \ fi uninstall-gsettings-schemas: @$(NORMAL_UNINSTALL) @list='\''$(gsettings_SCHEMAS) $(gsettings__enum_file)'\''; test -n "$(gsettingsschemadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e '\''s|^.*/||'\''`; \ test -n "$$files" || exit 0; \ echo " ( cd '\''$(DESTDIR)$(gsettingsschemadir)'\'' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(gsettingsschemadir)" && rm -f $$files test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir) clean-gsettings-schemas: rm -f $(gsettings_SCHEMAS:.xml=.valid) $(gsettings__enum_file) ifdef gsettings_ENUM_NAMESPACE $(gsettings__enum_file): $(gsettings_ENUM_FILES) $(AM_V_GEN) glib-mkenums --comments '\'''\'' --fhead "" --vhead " <@type@ id='\''$(gsettings_ENUM_NAMESPACE).@EnumName@'\''>" --vprod " " --vtail " " --ftail "" [$]^ > [$]@.tmp && mv [$]@.tmp [$]@ endif ' _GSETTINGS_SUBST(GSETTINGS_RULES) ]) dnl _GSETTINGS_SUBST(VARIABLE) dnl Abstract macro to do either _AM_SUBST_NOTMAKE or AC_SUBST AC_DEFUN([_GSETTINGS_SUBST], [ AC_SUBST([$1]) m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([$1])]) ] ) # nls.m4 serial 5 (gettext-0.18) dnl Copyright (C) 1995-2003, 2005-2006, 2008-2014, 2016 Free Software dnl Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_PREREQ([2.50]) AC_DEFUN([AM_NLS], [ AC_MSG_CHECKING([whether NLS is requested]) dnl Default is enabled NLS AC_ARG_ENABLE([nls], [ --disable-nls do not use Native Language Support], USE_NLS=$enableval, USE_NLS=yes) AC_MSG_RESULT([$USE_NLS]) AC_SUBST([USE_NLS]) ]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # serial 1 (pkg-config-0.24) # # Copyright © 2004 Scott James Remnant . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # PKG_PROG_PKG_CONFIG([MIN-VERSION]) # ---------------------------------- AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])# PKG_PROG_PKG_CONFIG # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) # only at the first occurence in configure.ac, so if the first place # it's called might be skipped (such as if it is within an "if", you # have to call PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" elif test -n "$PKG_CONFIG"; then PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes ], [pkg_failed=yes]) else pkg_failed=untried fi[]dnl ])# _PKG_CONFIG # _PKG_SHORT_ERRORS_SUPPORTED # ----------------------------- AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])# _PKG_SHORT_ERRORS_SUPPORTED # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], # [ACTION-IF-NOT-FOUND]) # # # Note that if there is a possibility the first call to # PKG_CHECK_MODULES might not happen, you should be sure to include an # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac # # # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])[]dnl ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) $3 fi[]dnl ])# PKG_CHECK_MODULES # PKG_INSTALLDIR(DIRECTORY) # ------------------------- # Substitutes the variable pkgconfigdir as the location where a module # should install pkg-config .pc files. By default the directory is # $libdir/pkgconfig, but the default can be changed by passing # DIRECTORY. The user can override through the --with-pkgconfigdir # parameter. AC_DEFUN([PKG_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([pkgconfigdir], [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, [with_pkgconfigdir=]pkg_default) AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ]) dnl PKG_INSTALLDIR # PKG_NOARCH_INSTALLDIR(DIRECTORY) # ------------------------- # Substitutes the variable noarch_pkgconfigdir as the location where a # module should install arch-independent pkg-config .pc files. By # default the directory is $datadir/pkgconfig, but the default can be # changed by passing DIRECTORY. The user can override through the # --with-noarch-pkgconfigdir parameter. AC_DEFUN([PKG_NOARCH_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([noarch-pkgconfigdir], [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, [with_noarch_pkgconfigdir=]pkg_default) AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ]) dnl PKG_NOARCH_INSTALLDIR # po.m4 serial 24 (gettext-0.19) dnl Copyright (C) 1995-2014, 2016 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_PREREQ([2.60]) dnl Checks for all prerequisites of the po subdirectory. AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl AC_REQUIRE([AC_PROG_SED])dnl AC_REQUIRE([AM_NLS])dnl dnl Release version of the gettext macros. This is used to ensure that dnl the gettext macros and po/Makefile.in.in are in sync. AC_SUBST([GETTEXT_MACRO_VERSION], [0.19]) dnl Perform the following tests also if --disable-nls has been given, dnl because they are needed for "make dist" to work. dnl Search for GNU msgfmt in the PATH. dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. dnl The second test excludes FreeBSD msgfmt. AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) AC_PATH_PROG([GMSGFMT], [gmsgfmt], [$MSGFMT]) dnl Test whether it is GNU msgfmt >= 0.15. changequote(,)dnl case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; *) MSGFMT_015=$MSGFMT ;; esac changequote([,])dnl AC_SUBST([MSGFMT_015]) changequote(,)dnl case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; *) GMSGFMT_015=$GMSGFMT ;; esac changequote([,])dnl AC_SUBST([GMSGFMT_015]) dnl Search for GNU xgettext 0.12 or newer in the PATH. dnl The first test excludes Solaris xgettext and early GNU xgettext versions. dnl The second test excludes FreeBSD xgettext. AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) dnl Remove leftover from FreeBSD xgettext call. rm -f messages.po dnl Test whether it is GNU xgettext >= 0.15. changequote(,)dnl case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; *) XGETTEXT_015=$XGETTEXT ;; esac changequote([,])dnl AC_SUBST([XGETTEXT_015]) dnl Search for GNU msgmerge 0.11 or newer in the PATH. AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :) dnl Installation directories. dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we dnl have to define it here, so that it can be used in po/Makefile. test -n "$localedir" || localedir='${datadir}/locale' AC_SUBST([localedir]) dnl Support for AM_XGETTEXT_OPTION. test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= AC_SUBST([XGETTEXT_EXTRA_OPTIONS]) AC_CONFIG_COMMANDS([po-directories], [[ for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" case "$ac_file" in *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; esac # PO directories have a Makefile.in generated from Makefile.in.in. case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Treat a directory as a PO directory if and only if it has a # POTFILES.in file. This allows packages to have multiple PO # directories under different names or in different locations. if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" gt_tab=`printf '\t'` cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done]], [# Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake < 1.5. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" ]) ]) dnl Postprocesses a Makefile in a directory containing PO files. AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], [ # When this code is run, in config.status, two variables have already been # set: # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in, # - LINGUAS is the value of the environment variable LINGUAS at configure # time. changequote(,)dnl # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Find a way to echo strings without interpreting backslash. if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then gt_echo='echo' else if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then gt_echo='printf %s\n' else echo_func () { cat < "$ac_file.tmp" tab=`printf '\t'` if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` cat >> "$ac_file.tmp" < /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'` cat >> "$ac_file.tmp" <> "$ac_file.tmp" <, 1996. AC_PREREQ([2.50]) # Search path for a program which passes the given test. dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) AC_DEFUN([AM_PATH_PROG_WITH_TEST], [ # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "$2", so it can be a program name with args. set dummy $2; ac_word=[$]2 AC_MSG_CHECKING([for $ac_word]) AC_CACHE_VAL([ac_cv_path_$1], [case "[$]$1" in [[\\/]]* | ?:[[\\/]]*) ac_cv_path_$1="[$]$1" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in ifelse([$5], , $PATH, [$5]); do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD if [$3]; then ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" dnl If no 4th arg is given, leave the cache variable unset, dnl so AC_PATH_PROGS will keep looking. ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" ])dnl ;; esac])dnl $1="$ac_cv_path_$1" if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then AC_MSG_RESULT([$][$1]) else AC_MSG_RESULT([no]) fi AC_SUBST([$1])dnl ]) # Copyright (C) 2002-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.13' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.13.4], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.13.4])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to # '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_COND_IF -*- Autoconf -*- # Copyright (C) 2008-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_COND_IF # _AM_COND_ELSE # _AM_COND_ENDIF # -------------- # These macros are only used for tracing. m4_define([_AM_COND_IF]) m4_define([_AM_COND_ELSE]) m4_define([_AM_COND_ENDIF]) # AM_COND_IF(COND, [IF-TRUE], [IF-FALSE]) # --------------------------------------- # If the shell condition COND is true, execute IF-TRUE, otherwise execute # IF-FALSE. Allow automake to learn about conditional instantiating macros # (the AC_CONFIG_FOOS). AC_DEFUN([AM_COND_IF], [m4_ifndef([_AM_COND_VALUE_$1], [m4_fatal([$0: no such condition "$1"])])dnl _AM_COND_IF([$1])dnl if test -z "$$1_TRUE"; then : m4_n([$2])[]dnl m4_ifval([$3], [_AM_COND_ELSE([$1])dnl else $3 ])dnl _AM_COND_ENDIF([$1])dnl fi[]dnl ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [AC_DIAGNOSE([obsolete], [$0: two- and three-arguments forms are deprecated.]) m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if( m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) AM_MISSING_PROG([AUTOCONF], [autoconf]) AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) AM_MISSING_PROG([AUTOHEADER], [autoheader]) AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES([CC])], [m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES([CXX])], [m4_define([AC_PROG_CXX], m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES([OBJC])], [m4_define([AC_PROG_OBJC], m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], [_AM_DEPENDENCIES([OBJCXX])], [m4_define([AC_PROG_OBJCXX], m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) AC_REQUIRE([AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST([install_sh])]) # Copyright (C) 2003-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it is modern enough. # If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # --------------------------------------------------------------------------- # Adds support for distributing Python modules and packages. To # install modules, copy them to $(pythondir), using the python_PYTHON # automake variable. To install a package with the same name as the # automake package, install to $(pkgpythondir), or use the # pkgpython_PYTHON automake variable. # # The variables $(pyexecdir) and $(pkgpyexecdir) are provided as # locations to install python extension modules (shared libraries). # Another macro is required to find the appropriate flags to compile # extension modules. # # If your package is configured with a different prefix to python, # users will have to add the install directory to the PYTHONPATH # environment variable, or create a .pth file (see the python # documentation for details). # # If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will # cause an error if the version of python installed on the system # doesn't meet the requirement. MINIMUM-VERSION should consist of # numbers and dots only. AC_DEFUN([AM_PATH_PYTHON], [ dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], [python python2 python3 python3.3 python3.2 python3.1 python3.0 python2.7 dnl python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) AC_ARG_VAR([PYTHON], [the Python interpreter]) m4_if([$1],[],[ dnl No version check is needed. # Find any Python interpreter. if test -z "$PYTHON"; then AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) fi am_display_PYTHON=python ], [ dnl A version check is needed. if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. AC_MSG_CHECKING([whether $PYTHON version is >= $1]) AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]) AC_MSG_ERROR([Python interpreter is too old])]) am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. AC_CACHE_CHECK([for a Python interpreter with version >= $1], [am_cv_pathless_PYTHON],[ for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do test "$am_cv_pathless_PYTHON" = none && break AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) done]) # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) fi am_display_PYTHON=$am_cv_pathless_PYTHON fi ]) if test "$PYTHON" = :; then dnl Run any user-specified action, or abort. m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) else dnl Query Python for its version number. Getting [:3] seems to be dnl the best way to do this; it's what "site.py" does in the standard dnl library. AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) dnl Use the values of $prefix and $exec_prefix for the corresponding dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made dnl distinct variables so they can be overridden if need be. However, dnl general consensus is that you shouldn't need this ability. AC_SUBST([PYTHON_PREFIX], ['${prefix}']) AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) dnl At times (like when building shared libraries) you may want dnl to know which OS platform Python thinks this is. AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) # Just factor out some code duplication. am_python_setup_sysconfig="\ import sys # Prefer sysconfig over distutils.sysconfig, for better compatibility # with python 3.x. See automake bug#10227. try: import sysconfig except ImportError: can_use_sysconfig = 0 else: can_use_sysconfig = 1 # Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: # try: from platform import python_implementation if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': can_use_sysconfig = 0 except ImportError: pass" dnl Set up 4 directories: dnl pythondir -- where to install python scripts. This is the dnl site-packages directory, not the python standard library dnl directory like in previous automake betas. This behavior dnl is more consistent with lispdir.m4 for example. dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON script directory], [am_cv_python_pythondir], [if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pythondir], [$am_cv_python_pythondir]) dnl pkgpythondir -- $PACKAGE directory under pythondir. Was dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is dnl more consistent with the rest of automake. AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) dnl pyexecdir -- directory for installing python extension modules dnl (shared libraries) dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], [am_cv_python_pyexecdir], [if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) dnl Run any user-specified action. $2 fi ]) # AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) # --------------------------------------------------------------------------- # Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. # Run ACTION-IF-FALSE otherwise. # This test uses sys.hexversion instead of the string equivalent (first # word of sys.version), in order to cope with versions such as 2.2c1. # This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_RUN_LOG(COMMAND) # ------------------- # Run COMMAND, save the exit status in ac_status, and log it. # (This has been adapted from Autoconf's _AC_RUN_LOG macro.) AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD (exit $ac_status); }]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi if test "$[2]" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT([yes]) # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi AC_MSG_RESULT([done])]) rm -f conftest.file ]) # Copyright (C) 2009-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SILENT_RULES([DEFAULT]) # -------------------------- # Enable less verbose build rules; with the default set to DEFAULT # ("yes" being less verbose, "no" or empty being verbose). AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) AS_HELP_STRING( [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) case $enable_silent_rules in @%:@ ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. dnl See automake bug#9928 and bug#10237. am_make=${MAKE-make} AC_CACHE_CHECK([whether $am_make supports nested variables], [am_cv_make_support_nested_variables], [if AS_ECHO([['TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi]) if test $am_cv_make_support_nested_variables = yes; then dnl Using '$V' instead of '$(V)' breaks IRIX make. AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) # Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar # AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' m4_if([$1], [v7], [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar], [# The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) if test $am_uid -le $am_max_uid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) if test $am_gid -le $am_max_gid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi], [pax], [], [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_$1-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/intltool.m4]) m4_include([m4/jh_path_xml_catalog.m4]) firewalld-0.8.2/Makefile.am0000664007115300711530000001130613641106165016714 0ustar00egarveregarver00000000000000SUBDIRS = config doc po shell-completion src DIST_TARGETS = dist-gzip EXTRA_DIST = \ COPYING \ README \ autogen.sh \ ${PACKAGE_NAME}.spec CLEANFILES = *~ *\# .\#* *.tar* DISTCLEANFILES = config.log intltool-* DISTCLEANDIRS = autom4te.cache ${PACKAGE_NAME}-* tag: @spec_ver=`awk '/Version:/ { print $$2}' ${PACKAGE_NAME}.spec`; \ if test "$$spec_ver" != "${PACKAGE_VERSION}"; then \ echo "Spec file and package versions differ: $$spec_ver != ${PACKAGE_VERSION}"; \ secs=10; \ echo -n "Using ./autogen.sh in $$secs seconds: "; \ for i in `seq $$secs -1 1`; do echo -n "."; sleep 1; done; echo; \ ./autogen.sh; \ echo; \ echo "Please run make again to apply version changes."; \ exit 1; \ fi @if ! git diff --quiet --exit-code; then \ clear; \ echo -n "========================================"; \ echo "========================================"; \ PAGER= git diff; \ echo -n "========================================"; \ echo "========================================"; \ echo "Do you want to commit these changes? (y/N)"; \ read answer; \ [ "$$answer" == "Y" -o "$$answer" == "y" ] || exit 1; \ git commit -a -m "$(PACKAGE_TAG)"; \ fi git tag -f $(PACKAGE_TAG) git push git push --tags dist: clean-docs update-docs dist-check: @rm -f _dist_check_failed @(cat config/Makefile.am | sed -n '/^CONFIG_FILES/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd config; git ls-files icmptypes helpers ipsets services zones | sort | sed -e 's/^/\t/' | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix config/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @(cat src/Makefile.am | sed -n '/^nobase_dist_python_DATA/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd src; git ls-files firewall | sort | sed -e 's/^/\t/' -e "s/.py.in/.py/" | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix src/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @if [ -f "_dist_check_failed" ]; then \ rm -f _dist_check_failed; \ exit 1; \ fi check-container check-integration installcheck-integration: $(MAKE) -C src/tests $@ .PHONY: check-container check-integration installcheck-integration update-docs: $(MAKE) -C doc/xml clean-docs: $(MAKE) -C doc/xml clean archive: dist-check $(desktop_DATA) tag dist local: distclean @rm -rf ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) /tmp/${PACKAGE_NAME} @dir=$$PWD; cd /tmp; cp -a $$dir ${PACKAGE_NAME} @mv /tmp/${PACKAGE_NAME} /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @dir=$$PWD; cd /tmp; tar --gzip -cSpf $$dir/${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz ${PACKAGE_NAME}-$(PACKAGE_VERSION) @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @echo "The archive is in ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz" test-rpm: dist @rpmbuild -ta $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz test-srpm: dist @rpmbuild -ts $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz update-po: ls $(top_srcdir)/po/*.po | sed 's/.*\/po\///;s/.po//' > $(top_srcdir)/po/LINGUAS $(MAKE) -C po update-po ${PACKAGE_NAME}.pot # This merges translations from the upstream master branch. # It's only meant to be used from the stable branches. Translations # contributions are only done against master. merge-po: update-po git fetch -q https://github.com/firewalld/firewalld master; \ for po in $(top_srcdir)/po/*.po; do \ mv $${po} $${po}.old; \ git checkout -q FETCH_HEAD $${po}; \ msgcat --use-first -o $${po}.merged $${po} $${po}.old; \ mv $${po}.merged $${po}; \ git add $${po}; \ done clean-po: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ msgattrib --translated --no-fuzzy --no-obsolete --force-po --no-location --clear-previous --strict $(top_srcdir)/po/$$cat.po -o $(top_srcdir)/po/$$cat.out; \ mv -f $(top_srcdir)/po/$$cat.out $(top_srcdir)/po/$$cat.po; \ done report: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ echo -n "$$cat: "; \ $(MSGFMT) --statistics -o /dev/null $(top_srcdir)/po/$$cat.po; \ done distclean-local: -test -z "$(DISTCLEANDIRS)" || rm -rf $(DISTCLEANDIRS) firewalld-0.8.2/config/0000775007115300711530000000000013641123257016125 5ustar00egarveregarver00000000000000firewalld-0.8.2/config/icmptypes/0000775007115300711530000000000013641123257020142 5ustar00egarveregarver00000000000000firewalld-0.8.2/config/icmptypes/echo-reply.xml0000664007115300711530000000025513341016621022726 0ustar00egarveregarver00000000000000 Echo Reply (pong) This message is the answer to an Echo Request. firewalld-0.8.2/config/icmptypes/parameter-problem.xml0000664007115300711530000000034113341016621024271 0ustar00egarveregarver00000000000000 Parameter Problem This error message is generated if the IP header is bad, either by a missing option or bad length. firewalld-0.8.2/config/icmptypes/beyond-scope.xml0000664007115300711530000000044613341016621023250 0ustar00egarveregarver00000000000000 Beyond Scope This error message is sent if transmitting a package whould cross a zone boundary of the scope of the source address. firewalld-0.8.2/config/icmptypes/required-option-missing.xml0000664007115300711530000000036113341016621025452 0ustar00egarveregarver00000000000000 Required Option Missing This message is sent if a required option is missing. firewalld-0.8.2/config/icmptypes/time-exceeded.xml0000664007115300711530000000037513341016621023364 0ustar00egarveregarver00000000000000 Time Exceeded This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet. firewalld-0.8.2/config/icmptypes/host-unreachable.xml0000664007115300711530000000036713341016621024107 0ustar00egarveregarver00000000000000 Host Unreachable This error message is sent if the destination host is unreachable. firewalld-0.8.2/config/icmptypes/tos-network-redirect.xml0000664007115300711530000000042013341016621024744 0ustar00egarveregarver00000000000000 TOS Network Redirect This message is sent if the datagram is redirected for the type of service and network. firewalld-0.8.2/config/icmptypes/router-solicitation.xml0000664007115300711530000000033713341016621024677 0ustar00egarveregarver00000000000000 Router Solicitation This message is used by a host attached to a multicast link to request a Router Advertisement. firewalld-0.8.2/config/icmptypes/communication-prohibited.xml0000664007115300711530000000042713341016621025654 0ustar00egarveregarver00000000000000 Communication Prohibited This error message is sent if communication with destination administratively prohibited. firewalld-0.8.2/config/icmptypes/network-unreachable.xml0000664007115300711530000000036713341016621024623 0ustar00egarveregarver00000000000000 Network Unreachable This message is sent if the destination network is unreachable. firewalld-0.8.2/config/icmptypes/source-quench.xml0000664007115300711530000000037013341016621023436 0ustar00egarveregarver00000000000000 Source Quench This error message is generated to tell a host to reduce the pace at which it is sending packets. firewalld-0.8.2/config/icmptypes/packet-too-big.xml0000664007115300711530000000051013341016621023456 0ustar00egarveregarver00000000000000 Packet Too Big This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link. firewalld-0.8.2/config/icmptypes/destination-unreachable.xml0000664007115300711530000000033613341016621025447 0ustar00egarveregarver00000000000000 Destination Unreachable This error message is generated by a host or gateway if the destination is not reachable. firewalld-0.8.2/config/icmptypes/unknown-header-type.xml0000664007115300711530000000040313341016621024556 0ustar00egarveregarver00000000000000 Unknown Header Type This error message is sent if an unrecognized Next Header type encountered. firewalld-0.8.2/config/icmptypes/neighbour-solicitation.xml0000664007115300711530000000071113341016621025335 0ustar00egarveregarver00000000000000 Neighbour Solicitation (Neighbor Solicitation) This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection. firewalld-0.8.2/config/icmptypes/host-prohibited.xml0000664007115300711530000000040113341016621023754 0ustar00egarveregarver00000000000000 Host Prohibited This error message is sent if access from a host administratively prohibited. firewalld-0.8.2/config/icmptypes/host-redirect.xml0000664007115300711530000000036213341016621023432 0ustar00egarveregarver00000000000000 Host Redirect This message is sent if the datagram is redirected for the host. firewalld-0.8.2/config/icmptypes/echo-request.xml0000664007115300711530000000032213341016621023256 0ustar00egarveregarver00000000000000 Echo Request (ping) This message is used to test if a host is reachable mostly with the ping utility. firewalld-0.8.2/config/icmptypes/neighbour-advertisement.xml0000664007115300711530000000054313341016621025511 0ustar00egarveregarver00000000000000 Neighbour Advertisement (Neighbor Advertisement) This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly. firewalld-0.8.2/config/icmptypes/network-unknown.xml0000664007115300711530000000035713341016621024050 0ustar00egarveregarver00000000000000 Network Unknown This message is sent if the destination network is unknown. firewalld-0.8.2/config/icmptypes/address-unreachable.xml0000664007115300711530000000060113341016621024546 0ustar00egarveregarver00000000000000 Address Unreachable This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion. firewalld-0.8.2/config/icmptypes/router-advertisement.xml0000664007115300711530000000034313341016621025045 0ustar00egarveregarver00000000000000 Router Advertisement This message is used by routers to periodically announce the IP address of a multicast interface. firewalld-0.8.2/config/icmptypes/bad-header.xml0000664007115300711530000000040213341016621022625 0ustar00egarveregarver00000000000000 Bad Header This error message is created if there has been an error in the header of a packet. firewalld-0.8.2/config/icmptypes/ttl-zero-during-reassembly.xml0000664007115300711530000000044513341016621026072 0ustar00egarveregarver00000000000000 TTL Zero During Reassembly This error message is sent if a host fails to reassemble a fragmented datagram within its time limit. firewalld-0.8.2/config/icmptypes/source-route-failed.xml0000664007115300711530000000035413341016621024535 0ustar00egarveregarver00000000000000 Source Route Failed This message is sent if the source route has failed. firewalld-0.8.2/config/icmptypes/unknown-option.xml0000664007115300711530000000037113341016621023663 0ustar00egarveregarver00000000000000 Unknown Option This error message is sent if an unrecognized IPv6 option encountered. firewalld-0.8.2/config/icmptypes/no-route.xml0000664007115300711530000000035713341016621022432 0ustar00egarveregarver00000000000000 No Route This error message is set if there is no route to the destination. firewalld-0.8.2/config/icmptypes/protocol-unreachable.xml0000664007115300711530000000037113341016621024766 0ustar00egarveregarver00000000000000 Protocol Unreachable This message is sent if the destination protocol is unreachable. firewalld-0.8.2/config/icmptypes/reject-route.xml0000664007115300711530000000036413341016621023270 0ustar00egarveregarver00000000000000 Reject Route This error message is sent if the route to destination is rejected. firewalld-0.8.2/config/icmptypes/fragmentation-needed.xml0000664007115300711530000000043013341016621024732 0ustar00egarveregarver00000000000000 Fragmentation Needed This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set. firewalld-0.8.2/config/icmptypes/redirect.xml0000664007115300711530000000027113341016621022456 0ustar00egarveregarver00000000000000 Redirect This error message informs a host to send packets on another route. firewalld-0.8.2/config/icmptypes/precedence-cutoff.xml0000664007115300711530000000040013341016621024230 0ustar00egarveregarver00000000000000 Precedence Cutoff This message is sent if the precedence is lower than the required minimum. firewalld-0.8.2/config/icmptypes/tos-network-unreachable.xml0000664007115300711530000000041513341016621025420 0ustar00egarveregarver00000000000000 TOS Network Unreachable This error message is sent if the network is unreachable for the type of service. firewalld-0.8.2/config/icmptypes/port-unreachable.xml0000664007115300711530000000035113341016621024107 0ustar00egarveregarver00000000000000 Port Unreachable This error message is sent if the port unreachable. firewalld-0.8.2/config/icmptypes/network-prohibited.xml0000664007115300711530000000037213341016621024477 0ustar00egarveregarver00000000000000 Network Prohibited This message is sent if the network is administratively prohibited. firewalld-0.8.2/config/icmptypes/timestamp-request.xml0000664007115300711530000000034413341016621024347 0ustar00egarveregarver00000000000000 Timestamp Request This message is used for time synchronization. firewalld-0.8.2/config/icmptypes/network-redirect.xml0000664007115300711530000000037013341016621024145 0ustar00egarveregarver00000000000000 Network Redirect This message is sent if the datagram is redirected for the network. firewalld-0.8.2/config/icmptypes/ttl-zero-during-transit.xml0000664007115300711530000000040013341016621025377 0ustar00egarveregarver00000000000000 TTL Zero During Transit This error message is sent if the time to live exceeded in transit. firewalld-0.8.2/config/icmptypes/tos-host-redirect.xml0000664007115300711530000000040213341016621024230 0ustar00egarveregarver00000000000000 TOS Host Redirect This message is the datagram is redirected for the type of service and host. firewalld-0.8.2/config/icmptypes/timestamp-reply.xml0000664007115300711530000000035113341016621024010 0ustar00egarveregarver00000000000000 Timestamp Reply This message is used to reply to a timestamp message. firewalld-0.8.2/config/icmptypes/tos-host-unreachable.xml0000664007115300711530000000040113341016621024677 0ustar00egarveregarver00000000000000 TOS Host Unreachable This message is sent if the host is unreachable for the type of service. firewalld-0.8.2/config/icmptypes/host-unknown.xml0000664007115300711530000000035713341016621023334 0ustar00egarveregarver00000000000000 Host Unknown This error message is sent if the destination host is unknown. firewalld-0.8.2/config/icmptypes/failed-policy.xml0000664007115300711530000000040513341016621023375 0ustar00egarveregarver00000000000000 Failed Policy This error message is generated if the source address failed ingress/egress policy. firewalld-0.8.2/config/icmptypes/ip-header-bad.xml0000664007115300711530000000034513341016621023241 0ustar00egarveregarver00000000000000 Ip Header Bad This error message is sent if the IP header is bad. firewalld-0.8.2/config/icmptypes/host-precedence-violation.xml0000664007115300711530000000041213341016621025724 0ustar00egarveregarver00000000000000 Host Precedence Violation This error message is sent if the communication administratively prohibited. firewalld-0.8.2/config/firewalld-sysctls.conf.in0000664007115300711530000000022613371036334023053 0ustar00egarveregarver00000000000000install nf_conntrack @MODPROBE@ --ignore-install nf_conntrack $CMDLINE_OPTS && @SYSCTL@ --quiet --pattern 'net[.]netfilter[.]nf_conntrack.*' --system firewalld-0.8.2/config/FirewallD.conf0000664007115300711530000000207413341016621020641 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/0000775007115300711530000000000013641123257017567 5ustar00egarveregarver00000000000000firewalld-0.8.2/config/helpers/pptp.xml0000664007115300711530000000021013341016621021256 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/ftp.xml0000664007115300711530000000016713341016621021077 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/h323.xml0000664007115300711530000000012513341016621020757 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/sane.xml0000664007115300711530000000017213341016621021230 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/snmp.xml0000664007115300711530000000020713341016621021256 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/sip.xml0000664007115300711530000000023613341016621021076 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/proto-gre.xml0000664007115300711530000000013213371036334022222 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/RAS.xml0000664007115300711530000000017213341016621020727 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/irc.xml0000664007115300711530000000020613341016621021055 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/amanda.xml0000664007115300711530000000017513341016621021526 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/tftp.xml0000664007115300711530000000017013341016621021255 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/netbios-ns.xml0000664007115300711530000000021513341016621022361 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/helpers/Q.931.xml0000664007115300711530000000017213341016621021015 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/zones/0000775007115300711530000000000013641123257017263 5ustar00egarveregarver00000000000000firewalld-0.8.2/config/zones/home.xml0000664007115300711530000000056113630022170020725 0ustar00egarveregarver00000000000000 Home For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-0.8.2/config/zones/internal.xml0000664007115300711530000000060013630022170021603 0ustar00egarveregarver00000000000000 Internal For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted. firewalld-0.8.2/config/zones/public.xml0000664007115300711530000000047313630022170021255 0ustar00egarveregarver00000000000000 Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-0.8.2/config/zones/block.xml0000664007115300711530000000045313341016621021072 0ustar00egarveregarver00000000000000 Block Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed. firewalld-0.8.2/config/zones/external.xml0000664007115300711530000000046013341016621021620 0ustar00egarveregarver00000000000000 External For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-0.8.2/config/zones/dmz.xml0000664007115300711530000000044513341016621020573 0ustar00egarveregarver00000000000000 DMZ For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted. firewalld-0.8.2/config/zones/trusted.xml0000664007115300711530000000024213341016621021466 0ustar00egarveregarver00000000000000 Trusted All network connections are accepted. firewalld-0.8.2/config/zones/work.xml0000664007115300711530000000046713630022170020764 0ustar00egarveregarver00000000000000 Work For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-0.8.2/config/zones/drop.xml0000664007115300711530000000044313341016621020743 0ustar00egarveregarver00000000000000 Drop Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed. firewalld-0.8.2/config/ipsets/0000775007115300711530000000000013641123257017434 5ustar00egarveregarver00000000000000firewalld-0.8.2/config/ipsets/README0000664007115300711530000000003513341016621020303 0ustar00egarveregarver00000000000000Location for built-in ipsets firewalld-0.8.2/config/services/0000775007115300711530000000000013641123257017750 5ustar00egarveregarver00000000000000firewalld-0.8.2/config/services/bgp.xml0000664007115300711530000000052313341016621021233 0ustar00egarveregarver00000000000000 BGP service listen Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet firewalld-0.8.2/config/services/squid.xml0000664007115300711530000000025513341016621021612 0ustar00egarveregarver00000000000000 squid Squid HTTP proxy server firewalld-0.8.2/config/services/redis.xml0000664007115300711530000000041413341016621021570 0ustar00egarveregarver00000000000000 redis Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. firewalld-0.8.2/config/services/salt-master.xml0000664007115300711530000000051113614563155022730 0ustar00egarveregarver00000000000000 Salt Master Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node. firewalld-0.8.2/config/services/ipsec.xml0000664007115300711530000000105213341016621021564 0ustar00egarveregarver00000000000000 IPsec Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option. firewalld-0.8.2/config/services/pmcd.xml0000664007115300711530000000066113341016621021411 0ustar00egarveregarver00000000000000 Performance metrics collector (pmcd) This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful. firewalld-0.8.2/config/services/pmproxy.xml0000664007115300711530000000073213341016621022203 0ustar00egarveregarver00000000000000 Performance metrics proxy (pmproxy) This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful. firewalld-0.8.2/config/services/pop3s.xml0000664007115300711530000000054513341016621021533 0ustar00egarveregarver00000000000000 POP-3 over SSL The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot). firewalld-0.8.2/config/services/rtsp.xml0000664007115300711530000000053613614563155021473 0ustar00egarveregarver00000000000000 RTSP The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. firewalld-0.8.2/config/services/syslog.xml0000664007115300711530000000051113341016621022000 0ustar00egarveregarver00000000000000 syslog Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. firewalld-0.8.2/config/services/svdrp.xml0000664007115300711530000000043713614563155021641 0ustar00egarveregarver00000000000000 SVDRP The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality. firewalld-0.8.2/config/services/pop3.xml0000664007115300711530000000053413341016621021346 0ustar00egarveregarver00000000000000 POP-3 The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot). firewalld-0.8.2/config/services/svn.xml0000664007115300711530000000034713614563155021311 0ustar00egarveregarver00000000000000 Subversion The custom, unencrypted protocol used the Subversion Version Control System. firewalld-0.8.2/config/services/bitcoin-testnet.xml0000664007115300711530000000043113341016621023574 0ustar00egarveregarver00000000000000 Bitcoin testnet The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network. firewalld-0.8.2/config/services/nfs3.xml0000664007115300711530000000052613341016621021337 0ustar00egarveregarver00000000000000 NFS3 The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful. firewalld-0.8.2/config/services/spideroak-lansync.xml0000664007115300711530000000062513341016621024114 0ustar00egarveregarver00000000000000 SpiderOak ONE LAN-Sync SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak. firewalld-0.8.2/config/services/dns.xml0000664007115300711530000000053213341016621021247 0ustar00egarveregarver00000000000000 DNS The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind). firewalld-0.8.2/config/services/mqtt-tls.xml0000664007115300711530000000045013614563155022263 0ustar00egarveregarver00000000000000 mqtt-tls The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption. firewalld-0.8.2/config/services/bacula.xml0000664007115300711530000000053213341016621021712 0ustar00egarveregarver00000000000000 Bacula Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services. firewalld-0.8.2/config/services/isns.xml0000664007115300711530000000054613614563155021460 0ustar00egarveregarver00000000000000 iSNS The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network. firewalld-0.8.2/config/services/mssql.xml0000664007115300711530000000025213341016621021621 0ustar00egarveregarver00000000000000 mssql Microsoft SQL Server firewalld-0.8.2/config/services/samba-client.xml0000664007115300711530000000056313620317435023035 0ustar00egarveregarver00000000000000 Samba Client This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful. firewalld-0.8.2/config/services/git.xml0000664007115300711530000000032413341016621021245 0ustar00egarveregarver00000000000000 git The git daemon for supporting git:// access to git repositories. firewalld-0.8.2/config/services/minidlna.xml0000664007115300711530000000052713341016621022262 0ustar00egarveregarver00000000000000 MiniDLNA MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service. firewalld-0.8.2/config/services/tor-socks.xml0000664007115300711530000000140313341016621022405 0ustar00egarveregarver00000000000000 Tor - SOCKS Proxy Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks. firewalld-0.8.2/config/services/dns-over-tls.xml0000664007115300711530000000047613620317435023036 0ustar00egarveregarver00000000000000 DNS over TLS DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol firewalld-0.8.2/config/services/grafana.xml0000664007115300711530000000033213620317435022067 0ustar00egarveregarver00000000000000 grafana Grafana is an open platform for beautiful analytics and monitoring firewalld-0.8.2/config/services/matrix.xml0000664007115300711530000000066013620317435022000 0ustar00egarveregarver00000000000000 Matrix Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room. firewalld-0.8.2/config/services/dhcpv6-client.xml0000664007115300711530000000046113341016621023132 0ustar00egarveregarver00000000000000 DHCPv6 Client This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server. firewalld-0.8.2/config/services/quassel.xml0000664007115300711530000000042113341016621022135 0ustar00egarveregarver00000000000000 Quassel IRC Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core. firewalld-0.8.2/config/services/slp.xml0000664007115300711530000000045313614563155021277 0ustar00egarveregarver00000000000000 SLP The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration. firewalld-0.8.2/config/services/amanda-client.xml0000664007115300711530000000061713620317435023173 0ustar00egarveregarver00000000000000 Amanda Backup Client The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. firewalld-0.8.2/config/services/smtp.xml0000664007115300711530000000104613341016621021447 0ustar00egarveregarver00000000000000 Mail (SMTP) This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam. firewalld-0.8.2/config/services/ovirt-vmconsole.xml0000664007115300711530000000035313341016621023632 0ustar00egarveregarver00000000000000 oVirt VM Console oVirt VM Consoles enables secure access to virtual machine serial console. firewalld-0.8.2/config/services/xmpp-client.xml0000664007115300711530000000075013341016621022725 0ustar00egarveregarver00000000000000 XMPP (Jabber) client Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other. firewalld-0.8.2/config/services/ftp.xml0000664007115300711530000000055113620317435021264 0ustar00egarveregarver00000000000000 FTP FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful. firewalld-0.8.2/config/services/wbem-http.xml0000664007115300711530000000054013614563155022405 0ustar00egarveregarver00000000000000 wbem-http Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant. firewalld-0.8.2/config/services/kadmin.xml0000664007115300711530000000026613341016621021732 0ustar00egarveregarver00000000000000 kadmin Kerberos Administration Protocol firewalld-0.8.2/config/services/samba.xml0000664007115300711530000000070013620317435021552 0ustar00egarveregarver00000000000000 Samba This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful. firewalld-0.8.2/config/services/mqtt.xml0000664007115300711530000000043713614563155021470 0ustar00egarveregarver00000000000000 mqtt The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted. firewalld-0.8.2/config/services/apcupsd.xml0000664007115300711530000000043513614563155022140 0ustar00egarveregarver00000000000000 apcupsd The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices. firewalld-0.8.2/config/services/nrpe.xml0000664007115300711530000000036713341016621021435 0ustar00egarveregarver00000000000000 NRPE NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible. firewalld-0.8.2/config/services/smtps.xml0000664007115300711530000000110113341016621021622 0ustar00egarveregarver00000000000000 Mail (SMTP over SSL) This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam. firewalld-0.8.2/config/services/sane.xml0000664007115300711530000000050413620317435021417 0ustar00egarveregarver00000000000000 SANE network daemon (saned) The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host. firewalld-0.8.2/config/services/kdeconnect.xml0000664007115300711530000000042013620317435022603 0ustar00egarveregarver00000000000000 KDE Connect KDE Connect is an application to connect your phone to your computer. firewalld-0.8.2/config/services/rsh.xml0000664007115300711530000000046613341016621021265 0ustar00egarveregarver00000000000000 rsh Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended. firewalld-0.8.2/config/services/openvpn.xml0000664007115300711530000000051713341016621022153 0ustar00egarveregarver00000000000000 OpenVPN OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option. firewalld-0.8.2/config/services/rpc-bind.xml0000664007115300711530000000032613341016621022162 0ustar00egarveregarver00000000000000 rpc-bind Remote Procedure Call Bind firewalld-0.8.2/config/services/amqp.xml0000664007115300711530000000042113614563155021432 0ustar00egarveregarver00000000000000 amqp The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. firewalld-0.8.2/config/services/pmwebapi.xml0000664007115300711530000000071413341016621022271 0ustar00egarveregarver00000000000000 Performance metrics web API (pmwebapi) This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful. firewalld-0.8.2/config/services/snmp.xml0000664007115300711530000000052613341016621021443 0ustar00egarveregarver00000000000000 SNMP Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks". Enable this service if you run SNMP agent (server). firewalld-0.8.2/config/services/nmea-0183.xml0000664007115300711530000000044513371036334022005 0ustar00egarveregarver00000000000000 nmea-0183 NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices. firewalld-0.8.2/config/services/ipp.xml0000664007115300711530000000065313341016621021257 0ustar00egarveregarver00000000000000 Network Printing Server (IPP) The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network. firewalld-0.8.2/config/services/syncthing.xml0000664007115300711530000000046713371036334022506 0ustar00egarveregarver00000000000000 Syncthing Syncthing is a Peer-to-Peer file synchronization service. Enable this option, if you plan to run the Synthing service. firewalld-0.8.2/config/services/kerberos.xml0000664007115300711530000000035113341016621022276 0ustar00egarveregarver00000000000000 Kerberos Kerberos network authentication protocol server firewalld-0.8.2/config/services/docker-registry.xml0000664007115300711530000000056613341016621023607 0ustar00egarveregarver00000000000000 Docker Registry Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally. firewalld-0.8.2/config/services/ctdb.xml0000664007115300711530000000045013341016621021376 0ustar00egarveregarver00000000000000 CTDB CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data. firewalld-0.8.2/config/services/tentacle.xml0000664007115300711530000000037413620317435022275 0ustar00egarveregarver00000000000000 tentacle Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation. firewalld-0.8.2/config/services/sips.xml0000664007115300711530000000043313341016621021441 0ustar00egarveregarver00000000000000 SIP-TLS (SIPS) SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling. firewalld-0.8.2/config/services/wbem-https.xml0000664007115300711530000000046613341016621022563 0ustar00egarveregarver00000000000000 wbem-https Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments firewalld-0.8.2/config/services/nfs.xml0000664007115300711530000000050413341016621021250 0ustar00egarveregarver00000000000000 NFS4 The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful. firewalld-0.8.2/config/services/ovirt-imageio.xml0000664007115300711530000000040413341016621023234 0ustar00egarveregarver00000000000000 oVirt Image I/O oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment. firewalld-0.8.2/config/services/ms-wbt.xml0000664007115300711530000000027613341016621021701 0ustar00egarveregarver00000000000000 ms-wbt Microsoft Windows-based Terminal Server firewalld-0.8.2/config/services/http.xml0000664007115300711530000000054113341016621021442 0ustar00egarveregarver00000000000000 WWW (HTTP) HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages. firewalld-0.8.2/config/services/sip.xml0000664007115300711530000000076013620317435021270 0ustar00egarveregarver00000000000000 SIP The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks. firewalld-0.8.2/config/services/ssh.xml0000664007115300711530000000071713341016621021265 0ustar00egarveregarver00000000000000 SSH Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. firewalld-0.8.2/config/services/ssdp.xml0000664007115300711530000000064513620317435021450 0ustar00egarveregarver00000000000000 Simple Service Discovery Protocol (SSDP) The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information. firewalld-0.8.2/config/services/xmpp-local.xml0000664007115300711530000000041013341016621022532 0ustar00egarveregarver00000000000000 XMPP Link-Local Messaging Serverless XMPP-like communication over local networks based on zero-configuration networking. firewalld-0.8.2/config/services/mdns.xml0000664007115300711530000000065013341016621021425 0ustar00egarveregarver00000000000000 Multicast DNS (mDNS) mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option. firewalld-0.8.2/config/services/klogin.xml0000664007115300711530000000037113341016621021747 0ustar00egarveregarver00000000000000 klogin The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication. firewalld-0.8.2/config/services/condor-collector.xml0000664007115300711530000000040413341016621023731 0ustar00egarveregarver00000000000000 HT Condor Collector The HT Condor Collector is needed to organize the condor worker nodes. firewalld-0.8.2/config/services/libvirt-tls.xml0000664007115300711530000000060113341016621022733 0ustar00egarveregarver00000000000000 Virtual Machine Management (TLS) Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful. firewalld-0.8.2/config/services/distcc.xml0000664007115300711530000000031513614563155021747 0ustar00egarveregarver00000000000000 distcc Distcc is a protocol used for distributed compilation. firewalld-0.8.2/config/services/lightning-network.xml0000664007115300711530000000041513614563155024151 0ustar00egarveregarver00000000000000 Lightning Network The default port used by Lightning Network. Enable this option if you plan to be a Lightning Network node. firewalld-0.8.2/config/services/ipp-client.xml0000664007115300711530000000070613341016621022532 0ustar00egarveregarver00000000000000 Network Printing Client (IPP) The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option. firewalld-0.8.2/config/services/rdp.xml0000664007115300711530000000026713620317435021264 0ustar00egarveregarver00000000000000 rdp Microsoft's Remote Desktop Protocol firewalld-0.8.2/config/services/llmnr.xml0000664007115300711530000000050413614563155021622 0ustar00egarveregarver00000000000000 Link-Local Multicast Name Resolution (LLMNR) LLMNR allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. firewalld-0.8.2/config/services/freeipa-ldaps.xml0000664007115300711530000000075113620317435023211 0ustar00egarveregarver00000000000000 FreeIPA with LDAPS (deprecated) This service is deprecated. Please use freeipa-4 service instead. firewalld-0.8.2/config/services/radius.xml0000664007115300711530000000101013341016621021742 0ustar00egarveregarver00000000000000 RADIUS The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option. firewalld-0.8.2/config/services/tftp-client.xml0000664007115300711530000000044013620317435022721 0ustar00egarveregarver00000000000000 TFTP Client This option allows you to access Trivial File Transfer Protocol (TFTP) servers. You need the tftp package installed for this option to be useful. firewalld-0.8.2/config/services/zabbix-agent.xml0000664007115300711530000000047213341016621023041 0ustar00egarveregarver00000000000000 Zabbix Agent Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. firewalld-0.8.2/config/services/amanda-k5-client.xml0000664007115300711530000000065313620317435023510 0ustar00egarveregarver00000000000000 Amanda Backup Client (kerberized) The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication firewalld-0.8.2/config/services/bacula-client.xml0000664007115300711530000000050013341016621023161 0ustar00egarveregarver00000000000000 Bacula Client This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful. firewalld-0.8.2/config/services/pmwebapis.xml0000664007115300711530000000104013341016621022445 0ustar00egarveregarver00000000000000 Secure performance metrics web API (pmwebapis) This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful. firewalld-0.8.2/config/services/docker-swarm.xml0000664007115300711530000000060713341016621023064 0ustar00egarveregarver00000000000000 Docker integrated swarm mode Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services. firewalld-0.8.2/config/services/xdmcp.xml0000664007115300711530000000051113614563155021607 0ustar00egarveregarver00000000000000 XDMCP The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client. firewalld-0.8.2/config/services/tinc.xml0000664007115300711530000000052013341016621021415 0ustar00egarveregarver00000000000000 tinc VPN tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. firewalld-0.8.2/config/services/syncthing-gui.xml0000664007115300711530000000045113371036334023261 0ustar00egarveregarver00000000000000 Syncthing GUI Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly). firewalld-0.8.2/config/services/pulseaudio.xml0000664007115300711530000000063613341016621022642 0ustar00egarveregarver00000000000000 PulseAudio A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service. firewalld-0.8.2/config/services/zabbix-server.xml0000664007115300711530000000047313341016621023252 0ustar00egarveregarver00000000000000 Zabbix Server Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. firewalld-0.8.2/config/services/synergy.xml0000664007115300711530000000076013341016621022166 0ustar00egarveregarver00000000000000 Synergy Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. firewalld-0.8.2/config/services/ovirt-storageconsole.xml0000664007115300711530000000052713341016621024657 0ustar00egarveregarver00000000000000 oVirt Storage-Console oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage. firewalld-0.8.2/config/services/freeipa-trust.xml0000664007115300711530000000116513341016621023260 0ustar00egarveregarver00000000000000 FreeIPA trust setup FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory firewalld-0.8.2/config/services/transmission-client.xml0000664007115300711530000000036413341016621024473 0ustar00egarveregarver00000000000000 Transmission Transmission is a lightweight BitTorrent client. firewalld-0.8.2/config/services/ldaps.xml0000664007115300711530000000035013341016621021564 0ustar00egarveregarver00000000000000 LDAPS Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server firewalld-0.8.2/config/services/redis-sentinel.xml0000664007115300711530000000032413620317435023416 0ustar00egarveregarver00000000000000 redis-sentinel Redis Sentinel provides high availability for Redis. firewalld-0.8.2/config/services/RH-Satellite-6.xml0000664007115300711530000000134113620317435023071 0ustar00egarveregarver00000000000000 Red Hat Satellite 6 Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. firewalld-0.8.2/config/services/murmur.xml0000664007115300711530000000036213341016621022013 0ustar00egarveregarver00000000000000 Murmur Murmur is the server of the Mumble VoIP chat system. firewalld-0.8.2/config/services/high-availability.xml0000664007115300711530000000114013614563155024062 0ustar00egarveregarver00000000000000 Red Hat High Availability This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd. firewalld-0.8.2/config/services/kprop.xml0000664007115300711530000000026613341016621021622 0ustar00egarveregarver00000000000000 kprop Kerberos KDC Propagation Protocol firewalld-0.8.2/config/services/audit.xml0000664007115300711530000000045513614563155021611 0ustar00egarveregarver00000000000000 Audit The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client. firewalld-0.8.2/config/services/ganglia-master.xml0000664007115300711530000000026013341016621023354 0ustar00egarveregarver00000000000000 ganglia-master Ganglia collector firewalld-0.8.2/config/services/bitcoin.xml0000664007115300711530000000036413341016621022115 0ustar00egarveregarver00000000000000 Bitcoin The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node. firewalld-0.8.2/config/services/irc.xml0000664007115300711530000000036713341016621021246 0ustar00egarveregarver00000000000000 IRC An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol. firewalld-0.8.2/config/services/memcache.xml0000664007115300711530000000036513620317435022240 0ustar00egarveregarver00000000000000 memcache memcache is a high-performance object caching system. firewalld-0.8.2/config/services/mosh.xml0000664007115300711530000000073113341016621021432 0ustar00egarveregarver00000000000000 Mobile shell that supports roaming and intelligent local echo. Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of "network lag" on high-latency connections. firewalld-0.8.2/config/services/bb.xml0000664007115300711530000000065513620317435021063 0ustar00egarveregarver00000000000000 Big Brother Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is. firewalld-0.8.2/config/services/rsyncd.xml0000664007115300711530000000046713341016621021774 0ustar00egarveregarver00000000000000 Rsync in daemon mode Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized. firewalld-0.8.2/config/services/cfengine.xml0000664007115300711530000000025013341016621022236 0ustar00egarveregarver00000000000000 CFEngine CFEngine server firewalld-0.8.2/config/services/tile38.xml0000664007115300711530000000033513620317435021603 0ustar00egarveregarver00000000000000 tile38 Tile38 is a geospatial database, spatial index, and realtime geofence. firewalld-0.8.2/config/services/privoxy.xml0000664007115300711530000000077513341016621022214 0ustar00egarveregarver00000000000000 Privoxy - A Privacy Enhancing Proxy Server Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy. firewalld-0.8.2/config/services/cockpit.xml0000664007115300711530000000032313620317435022124 0ustar00egarveregarver00000000000000 Cockpit Cockpit lets you access and configure your server remotely. firewalld-0.8.2/config/services/etcd-client.xml0000664007115300711530000000046013614563155022672 0ustar00egarveregarver00000000000000 etcd Client etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port. firewalld-0.8.2/config/services/bitcoin-testnet-rpc.xml0000664007115300711530000000046313341016621024363 0ustar00egarveregarver00000000000000 Bitcoin testnet RPC Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost. firewalld-0.8.2/config/services/ntp.xml0000664007115300711530000000060513341016621021265 0ustar00egarveregarver00000000000000 Network Time Protocol (NTP) Server The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful. firewalld-0.8.2/config/services/freeipa-ldap.xml0000664007115300711530000000075013620317435023025 0ustar00egarveregarver00000000000000 FreeIPA with LDAP (deprecated) This service is deprecated. Please use freeipa-4 service instead. firewalld-0.8.2/config/services/wsman.xml0000664007115300711530000000047413614563155021631 0ustar00egarveregarver00000000000000 wsman Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted firewalld-0.8.2/config/services/postgresql.xml0000664007115300711530000000026513341016621022671 0ustar00egarveregarver00000000000000 PostgreSQL PostgreSQL Database Server firewalld-0.8.2/config/services/dhcpv6.xml0000664007115300711530000000035213341016621021655 0ustar00egarveregarver00000000000000 DHCPv6 This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents. firewalld-0.8.2/config/services/smtp-submission.xml0000664007115300711530000000034713341016621023643 0ustar00egarveregarver00000000000000 Mail (SMTP-Submission) SMTP-Submission allows remote users to submit mail over port 587. firewalld-0.8.2/config/services/ldap.xml0000664007115300711530000000030713341016621021403 0ustar00egarveregarver00000000000000 LDAP Lightweight Directory Access Protocol (LDAP) server firewalld-0.8.2/config/services/bittorrent-lsd.xml0000664007115300711530000000063213620317435023447 0ustar00egarveregarver00000000000000 BitTorrent Local Peer Discovery (LSD) Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client. firewalld-0.8.2/config/services/spotify-sync.xml0000664007115300711530000000042313620317435023140 0ustar00egarveregarver00000000000000 Spotify Client Sync The Spotify Client allows you to sync local music files with your phone. firewalld-0.8.2/config/services/mountd.xml0000664007115300711530000000032313341016621021767 0ustar00egarveregarver00000000000000 mountd NFS Mount Lock Daemon firewalld-0.8.2/config/services/samba-dc.xml0000664007115300711530000000242213620317435022141 0ustar00egarveregarver00000000000000 Samba DC This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful. firewalld-0.8.2/config/services/gre.xml0000664007115300711530000000016713620317435021253 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/services/freeipa-replication.xml0000664007115300711530000000036213620317435024415 0ustar00egarveregarver00000000000000 FreeIPA replication (deprecated) This service is deprecated. Please use freeipa-4 service instead. firewalld-0.8.2/config/services/upnp-client.xml0000664007115300711530000000041013371036334022722 0ustar00egarveregarver00000000000000 UPnP Client Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones). firewalld-0.8.2/config/services/mongodb.xml0000664007115300711530000000035513406451571022124 0ustar00egarveregarver00000000000000 mongodb MongoDB is a free and open-source cross-platform document-oriented database program. firewalld-0.8.2/config/services/nut.xml0000664007115300711530000000056013614563155021306 0ustar00egarveregarver00000000000000 NUT Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies. firewalld-0.8.2/config/services/dropbox-lansync.xml0000664007115300711530000000034413341016621023606 0ustar00egarveregarver00000000000000 dropboxlansync Dropbox LAN sync firewalld-0.8.2/config/services/amqps.xml0000664007115300711530000000043313614563155021620 0ustar00egarveregarver00000000000000 amqps The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware. firewalld-0.8.2/config/services/wsmans.xml0000664007115300711530000000050313614563155022005 0ustar00egarveregarver00000000000000 wsmans Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption. firewalld-0.8.2/config/services/ceph-mon.xml0000664007115300711530000000044613341016621022175 0ustar00egarveregarver00000000000000 ceph-mon Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon. firewalld-0.8.2/config/services/etcd-server.xml0000664007115300711530000000046013614563155022722 0ustar00egarveregarver00000000000000 etcd Server etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port. firewalld-0.8.2/config/services/libvirt.xml0000664007115300711530000000060513341016621022137 0ustar00egarveregarver00000000000000 Virtual Machine Management Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful. firewalld-0.8.2/config/services/kube-apiserver.xml0000664007115300711530000000046413620317435023422 0ustar00egarveregarver00000000000000 Kubernetes Api Server The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others. firewalld-0.8.2/config/services/tftp.xml0000664007115300711530000000065013630022170021436 0ustar00egarveregarver00000000000000 TFTP The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE). firewalld-0.8.2/config/services/telnet.xml0000664007115300711530000000061113341016621021754 0ustar00egarveregarver00000000000000 Telnet Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful. firewalld-0.8.2/config/services/freeipa-4.xml0000664007115300711530000000130513620317435022245 0ustar00egarveregarver00000000000000 FreeIPA 4 server FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory. firewalld-0.8.2/config/services/plex.xml0000664007115300711530000000200013620317435021432 0ustar00egarveregarver00000000000000 PLEX Plex Media Server (PMS) is the back-end media server component of Plex. It organizes audio (music) and visual (photos and videos) content from personal media libraries and streams it to their player counterparts, either on the same machine, the same local area network, or over the Internet. firewalld-0.8.2/config/services/steam-streaming.xml0000664007115300711530000000116713617024231023572 0ustar00egarveregarver00000000000000 Steam In-Home Streaming Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer. firewalld-0.8.2/config/services/prometheus.xml0000664007115300711530000000032513620317435022665 0ustar00egarveregarver00000000000000 prometheus The Prometheus monitoring system and time series database. firewalld-0.8.2/config/services/ircs.xml0000664007115300711530000000037713341016621021432 0ustar00egarveregarver00000000000000 IRC TLS/SSL An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol. firewalld-0.8.2/config/services/imap.xml0000664007115300711530000000050713341016621021413 0ustar00egarveregarver00000000000000 IMAP The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option. firewalld-0.8.2/config/services/vdsm.xml0000664007115300711530000000112113341016621021427 0ustar00egarveregarver00000000000000 oVirt's Virtual Desktop and Server Manager The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. firewalld-0.8.2/config/services/elasticsearch.xml0000664007115300711530000000052213341016621023274 0ustar00egarveregarver00000000000000 Elasticsearch Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management. firewalld-0.8.2/config/services/ptp.xml0000664007115300711530000000065013341016621021267 0ustar00egarveregarver00000000000000 Precision Time Protocol (PTP) Master The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful. firewalld-0.8.2/config/services/dhcp.xml0000664007115300711530000000034313341016621021401 0ustar00egarveregarver00000000000000 DHCP This allows a DHCP server to accept messages from DHCP clients and relay agents. firewalld-0.8.2/config/services/syslog-tls.xml0000664007115300711530000000067413341016621022612 0ustar00egarveregarver00000000000000 syslog-tls Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport. firewalld-0.8.2/config/services/snmptrap.xml0000664007115300711530000000046413341016621022333 0ustar00egarveregarver00000000000000 SNMPTRAP SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. firewalld-0.8.2/config/services/kpasswd.xml0000664007115300711530000000033513341016621022140 0ustar00egarveregarver00000000000000 Kpasswd Kerberos password (Kpasswd) server firewalld-0.8.2/config/services/proxy-dhcp.xml0000664007115300711530000000040513341016621022557 0ustar00egarveregarver00000000000000 Proxy DHCP PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers. firewalld-0.8.2/config/services/ceph.xml0000664007115300711530000000051113341016621021377 0ustar00egarveregarver00000000000000 ceph Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR). firewalld-0.8.2/config/services/kibana.xml0000664007115300711530000000060013341016621021704 0ustar00egarveregarver00000000000000 Kibana Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide. firewalld-0.8.2/config/services/puppetmaster.xml0000664007115300711530000000045113341016621023214 0ustar00egarveregarver00000000000000 Puppet Master Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from. firewalld-0.8.2/config/services/xmpp-bosh.xml0000664007115300711530000000077513341016621022411 0ustar00egarveregarver00000000000000 XMPP (Jabber) web client Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server. firewalld-0.8.2/config/services/managesieve.xml0000664007115300711530000000053513341016621022752 0ustar00egarveregarver00000000000000 ManageSieve The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option. firewalld-0.8.2/config/services/xmpp-server.xml0000664007115300711530000000104113341016621022747 0ustar00egarveregarver00000000000000 XMPP (Jabber) server Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers. firewalld-0.8.2/config/services/vnc-server.xml0000664007115300711530000000073313341016621022560 0ustar00egarveregarver00000000000000 Virtual Network Computing Server (VNC) A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer. firewalld-0.8.2/config/services/ganglia-client.xml0000664007115300711530000000027013341016621023340 0ustar00egarveregarver00000000000000 ganglia-client Ganglia monitoring daemon firewalld-0.8.2/config/services/imaps.xml0000664007115300711530000000056413341016621021601 0ustar00egarveregarver00000000000000 IMAP over SSL The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option. firewalld-0.8.2/config/services/jenkins.xml0000664007115300711530000000032513406452305022131 0ustar00egarveregarver00000000000000 jenkins Jenkins is an open source automation server written in Java. firewalld-0.8.2/config/services/iscsi-target.xml0000664007115300711530000000041013341016621023054 0ustar00egarveregarver00000000000000 iSCSI target Internet SCSI target is a storage resource located on an iSCSI server. firewalld-0.8.2/config/services/mysql.xml0000664007115300711530000000025313341016621021630 0ustar00egarveregarver00000000000000 MySQL MySQL Database Server firewalld-0.8.2/config/services/kshell.xml0000664007115300711530000000036213341016621021746 0ustar00egarveregarver00000000000000 kshell Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5 firewalld-0.8.2/config/services/https.xml0000664007115300711530000000070013341016621021622 0ustar00egarveregarver00000000000000 Secure WWW (HTTPS) HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful. firewalld-0.8.2/config/services/finger.xml0000664007115300711530000000034013614563155021746 0ustar00egarveregarver00000000000000 finger Finger is a protocol for obtaining information about users on remote hosts. firewalld-0.8.2/config/services/bitcoin-rpc.xml0000664007115300711530000000042313341016621022673 0ustar00egarveregarver00000000000000 Bitcoin RPC Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost. firewalld-0.8.2/config/org.fedoraproject.FirewallConfig.gschema.xml.in0000664007115300711530000000177113341016621027170 0ustar00egarveregarver00000000000000 true Shows IPSets tab if true false Shows ICMP types tab if true false Shows direct chains and rules tab if true false Shows lockdown whitelist tab if true false Shows Helpers tab if true true Shows active zone bindings if true firewalld-0.8.2/config/org.fedoraproject.FirewallD1.desktop.policy.in0000664007115300711530000000751113614563155027002 0ustar00egarveregarver00000000000000 FirewallD http://firewalld.org Firewall System policy prevents inspecting and changing firewall auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.info org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.info org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.direct.info org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.policies.info General firewall information System policy prevents getting general firewall information yes yes yes Firewall configuration System policy prevents changing the firewall configuration auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.config.info Firewall configuration System policy prevents inspecting the firewall configuration yes yes yes Firewall direct interface System policy prevents using the firewall direct interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.direct.info Firewall direct interface System policy prevents inspecting the firewall direct interface yes yes yes Firewall policies interface System policy prevents using the firewall policies interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.policies.info Firewall policies interface System policy prevents inspecting the firewall policies interface yes yes yes firewalld-0.8.2/config/applet.conf0000664007115300711530000000016113341016621020250 0ustar00egarveregarver00000000000000[General] notifications=false show-inactive=false blink=false blink-count=5 shields-up=block shields-down=public firewalld-0.8.2/config/lockdown-whitelist.xml.in0000664007115300711530000000040413617024231023077 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/Makefile.in0000664007115300711530000010373113641123176020177 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : @USE_SYSTEMD_TRUE@am__append_1 = install-service @USE_SYSTEMD_TRUE@am__append_2 = uninstall-service @USE_SYSTEMD_FALSE@am__append_3 = install-init @USE_SYSTEMD_FALSE@am__append_4 = uninstall-init @INSTALL_SYSCONFIG_TRUE@am__append_5 = install-sysconfig @INSTALL_SYSCONFIG_TRUE@am__append_6 = uninstall-sysconfig @INSTALL_RPMMACROS_TRUE@am__append_7 = install-rpmmacros @INSTALL_RPMMACROS_TRUE@am__append_8 = uninstall-rpmmacros subdir = config DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(srcdir)/lockdown-whitelist.xml.in $(dist_conf_DATA) \ $(dist_dbus_policy_DATA) $(dist_sconf_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = lockdown-whitelist.xml CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(appdatadir)" \ "$(DESTDIR)$(applet_desktopdir)" "$(DESTDIR)$(desktopdir)" \ "$(DESTDIR)$(confdir)" "$(DESTDIR)$(dbus_policydir)" \ "$(DESTDIR)$(sconfdir)" "$(DESTDIR)$(polkit1_actiondir)" DATA = $(appdata_DATA) $(applet_desktop_DATA) $(desktop_DATA) \ $(dist_conf_DATA) $(dist_dbus_policy_DATA) $(dist_sconf_DATA) \ $(polkit1_action_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ sconfdir = $(sysconfdir)/firewalld prefixlibdir = ${prefix}/lib/firewalld dist_sconf_DATA = firewalld.conf lockdown-whitelist.xml desktop_FILES = firewall-config.desktop.in desktopdir = $(datadir)/applications desktop_DATA = $(desktop_FILES:.in=) appdata_FILES = firewall-config.appdata.xml.in appdatadir = $(datadir)/metainfo/ appdata_DATA = $(appdata_FILES:.in=) applet_desktop_FILES = firewall-applet.desktop.in applet_desktopdir = $(sysconfdir)/xdg/autostart applet_desktop_DATA = $(applet_desktop_FILES:.in=) confdir = $(sysconfdir)/firewall dist_conf_DATA = applet.conf polkit1_action_FILES = org.fedoraproject.FirewallD1.server.policy.in \ org.fedoraproject.FirewallD1.desktop.policy.in polkit1_actiondir = $(datadir)/polkit-1/actions polkit1_action_DATA = $(polkit1_action_FILES:.in=) dbus_policydir = $(datadir)/dbus-1/system.d dist_dbus_policy_DATA = FirewallD.conf gsettings_in_file = org.fedoraproject.FirewallConfig.gschema.xml.in gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml) BUILT_SOURCES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) \ firewalld-sysctls.conf \ firewalld.logrotate \ firewalld.service CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf firewalld.logrotate DISTCLEANFILES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) CONFIG_FILES = \ helpers/amanda.xml \ helpers/ftp.xml \ helpers/h323.xml \ helpers/irc.xml \ helpers/netbios-ns.xml \ helpers/pptp.xml \ helpers/proto-gre.xml \ helpers/Q.931.xml \ helpers/RAS.xml \ helpers/sane.xml \ helpers/sip.xml \ helpers/snmp.xml \ helpers/tftp.xml \ icmptypes/address-unreachable.xml \ icmptypes/bad-header.xml \ icmptypes/beyond-scope.xml \ icmptypes/communication-prohibited.xml \ icmptypes/destination-unreachable.xml \ icmptypes/echo-reply.xml \ icmptypes/echo-request.xml \ icmptypes/failed-policy.xml \ icmptypes/fragmentation-needed.xml \ icmptypes/host-precedence-violation.xml \ icmptypes/host-prohibited.xml \ icmptypes/host-redirect.xml \ icmptypes/host-unknown.xml \ icmptypes/host-unreachable.xml \ icmptypes/ip-header-bad.xml \ icmptypes/neighbour-advertisement.xml \ icmptypes/neighbour-solicitation.xml \ icmptypes/network-prohibited.xml \ icmptypes/network-redirect.xml \ icmptypes/network-unknown.xml \ icmptypes/network-unreachable.xml \ icmptypes/no-route.xml \ icmptypes/packet-too-big.xml \ icmptypes/parameter-problem.xml \ icmptypes/port-unreachable.xml \ icmptypes/precedence-cutoff.xml \ icmptypes/protocol-unreachable.xml \ icmptypes/redirect.xml \ icmptypes/reject-route.xml \ icmptypes/required-option-missing.xml \ icmptypes/router-advertisement.xml \ icmptypes/router-solicitation.xml \ icmptypes/source-quench.xml \ icmptypes/source-route-failed.xml \ icmptypes/time-exceeded.xml \ icmptypes/timestamp-reply.xml \ icmptypes/timestamp-request.xml \ icmptypes/tos-host-redirect.xml \ icmptypes/tos-host-unreachable.xml \ icmptypes/tos-network-redirect.xml \ icmptypes/tos-network-unreachable.xml \ icmptypes/ttl-zero-during-reassembly.xml \ icmptypes/ttl-zero-during-transit.xml \ icmptypes/unknown-header-type.xml \ icmptypes/unknown-option.xml \ ipsets/README \ services/amanda-client.xml \ services/amanda-k5-client.xml \ services/amqp.xml \ services/amqps.xml \ services/apcupsd.xml \ services/audit.xml \ services/bacula-client.xml \ services/bacula.xml \ services/bb.xml \ services/bgp.xml \ services/bitcoin-rpc.xml \ services/bitcoin-testnet-rpc.xml \ services/bitcoin-testnet.xml \ services/bitcoin.xml \ services/bittorrent-lsd.xml \ services/lightning-network.xml \ services/ceph-mon.xml \ services/ceph.xml \ services/cfengine.xml \ services/cockpit.xml \ services/condor-collector.xml \ services/ctdb.xml \ services/dhcpv6-client.xml \ services/dhcpv6.xml \ services/dhcp.xml \ services/distcc.xml \ services/dns-over-tls.xml \ services/dns.xml \ services/docker-registry.xml \ services/docker-swarm.xml \ services/dropbox-lansync.xml \ services/elasticsearch.xml \ services/etcd-client.xml \ services/etcd-server.xml \ services/finger.xml \ services/freeipa-4.xml \ services/freeipa-ldaps.xml \ services/freeipa-ldap.xml \ services/freeipa-replication.xml \ services/freeipa-trust.xml \ services/ftp.xml \ services/ganglia-client.xml \ services/ganglia-master.xml \ services/git.xml \ services/grafana.xml \ services/gre.xml \ services/high-availability.xml \ services/https.xml \ services/http.xml \ services/imaps.xml \ services/imap.xml \ services/ipp-client.xml \ services/ipp.xml \ services/ipsec.xml \ services/ircs.xml \ services/irc.xml \ services/iscsi-target.xml \ services/isns.xml \ services/jenkins.xml \ services/kadmin.xml \ services/kdeconnect.xml \ services/kerberos.xml \ services/kibana.xml \ services/klogin.xml \ services/kpasswd.xml \ services/kprop.xml \ services/kshell.xml \ services/kube-apiserver.xml \ services/ldaps.xml \ services/ldap.xml \ services/libvirt-tls.xml \ services/libvirt.xml \ services/llmnr.xml \ services/managesieve.xml \ services/matrix.xml \ services/mdns.xml \ services/memcache.xml \ services/minidlna.xml \ services/mongodb.xml \ services/mosh.xml \ services/mountd.xml \ services/mqtt.xml \ services/mqtt-tls.xml \ services/mssql.xml \ services/ms-wbt.xml \ services/murmur.xml \ services/mysql.xml \ services/nfs.xml \ services/nfs3.xml \ services/nmea-0183.xml \ services/nrpe.xml \ services/ntp.xml \ services/nut.xml \ services/openvpn.xml \ services/ovirt-imageio.xml \ services/ovirt-storageconsole.xml \ services/ovirt-vmconsole.xml \ services/pmcd.xml \ services/pmproxy.xml \ services/pmwebapis.xml \ services/pmwebapi.xml \ services/plex.xml \ services/pop3s.xml \ services/pop3.xml \ services/postgresql.xml \ services/privoxy.xml \ services/prometheus.xml \ services/proxy-dhcp.xml \ services/ptp.xml \ services/pulseaudio.xml \ services/puppetmaster.xml \ services/quassel.xml \ services/radius.xml \ services/rdp.xml \ services/redis-sentinel.xml \ services/redis.xml \ services/RH-Satellite-6.xml \ services/rpc-bind.xml \ services/rsh.xml \ services/rsyncd.xml \ services/rtsp.xml \ services/salt-master.xml \ services/samba-client.xml \ services/samba-dc.xml \ services/samba.xml \ services/sane.xml \ services/sips.xml \ services/sip.xml \ services/slp.xml \ services/smtp-submission.xml \ services/smtps.xml \ services/smtp.xml \ services/snmptrap.xml \ services/snmp.xml \ services/spideroak-lansync.xml \ services/spotify-sync.xml \ services/squid.xml \ services/ssdp.xml \ services/ssh.xml \ services/steam-streaming.xml \ services/svdrp.xml \ services/svn.xml \ services/syncthing.xml \ services/syncthing-gui.xml \ services/synergy.xml \ services/syslog-tls.xml \ services/syslog.xml \ services/telnet.xml \ services/tentacle.xml \ services/tftp-client.xml \ services/tftp.xml \ services/tile38.xml \ services/tinc.xml \ services/tor-socks.xml \ services/transmission-client.xml \ services/upnp-client.xml \ services/vdsm.xml \ services/vnc-server.xml \ services/wbem-http.xml \ services/wbem-https.xml \ services/wsman.xml \ services/wsmans.xml \ services/xdmcp.xml \ services/xmpp-bosh.xml \ services/xmpp-client.xml \ services/xmpp-local.xml \ services/xmpp-server.xml \ services/zabbix-agent.xml \ services/zabbix-server.xml \ zones/block.xml \ zones/dmz.xml \ zones/drop.xml \ zones/external.xml \ zones/home.xml \ zones/internal.xml \ zones/public.xml \ zones/trusted.xml \ zones/work.xml EXTRA_DIST = \ $(desktop_FILES) \ $(appdata_FILES) \ $(applet_desktop_FILES) \ $(polkit1_action_FILES) \ $(gsettings_in_file) \ $(CONFIG_FILES) \ lockdown-whitelist.xml.in \ firewalld.init \ firewalld.logrotate.in \ firewalld-sysctls.conf.in \ firewalld.service.in \ firewalld.sysconfig \ macros.firewalld INSTALL_TARGETS = install-config install-modprobe.d \ install-logrotate.d $(am__append_1) $(am__append_3) \ $(am__append_5) $(am__append_7) UNINSTALL_TARGETS = uninstall-config uninstall-modprobe.d \ uninstall-logrotate.d $(am__append_2) $(am__append_4) \ $(am__append_6) $(am__append_8) edit = sed \ -e 's|@bindir[@]|$(bindir)|g' \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@MODPROBE[@]|$(MODPROBE)|g' \ -e 's|@SYSCTL[@]|$(SYSCTL)|g' all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign config/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign config/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): lockdown-whitelist.xml: $(top_builddir)/config.status $(srcdir)/lockdown-whitelist.xml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-appdataDATA: $(appdata_DATA) @$(NORMAL_INSTALL) @list='$(appdata_DATA)'; test -n "$(appdatadir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(appdatadir)'"; \ $(MKDIR_P) "$(DESTDIR)$(appdatadir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(appdatadir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(appdatadir)" || exit $$?; \ done uninstall-appdataDATA: @$(NORMAL_UNINSTALL) @list='$(appdata_DATA)'; test -n "$(appdatadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(appdatadir)'; $(am__uninstall_files_from_dir) install-applet_desktopDATA: $(applet_desktop_DATA) @$(NORMAL_INSTALL) @list='$(applet_desktop_DATA)'; test -n "$(applet_desktopdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(applet_desktopdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(applet_desktopdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(applet_desktopdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(applet_desktopdir)" || exit $$?; \ done uninstall-applet_desktopDATA: @$(NORMAL_UNINSTALL) @list='$(applet_desktop_DATA)'; test -n "$(applet_desktopdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(applet_desktopdir)'; $(am__uninstall_files_from_dir) install-desktopDATA: $(desktop_DATA) @$(NORMAL_INSTALL) @list='$(desktop_DATA)'; test -n "$(desktopdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(desktopdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(desktopdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(desktopdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(desktopdir)" || exit $$?; \ done uninstall-desktopDATA: @$(NORMAL_UNINSTALL) @list='$(desktop_DATA)'; test -n "$(desktopdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(desktopdir)'; $(am__uninstall_files_from_dir) install-dist_confDATA: $(dist_conf_DATA) @$(NORMAL_INSTALL) @list='$(dist_conf_DATA)'; test -n "$(confdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(confdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(confdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(confdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(confdir)" || exit $$?; \ done uninstall-dist_confDATA: @$(NORMAL_UNINSTALL) @list='$(dist_conf_DATA)'; test -n "$(confdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(confdir)'; $(am__uninstall_files_from_dir) install-dist_dbus_policyDATA: $(dist_dbus_policy_DATA) @$(NORMAL_INSTALL) @list='$(dist_dbus_policy_DATA)'; test -n "$(dbus_policydir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(dbus_policydir)'"; \ $(MKDIR_P) "$(DESTDIR)$(dbus_policydir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbus_policydir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(dbus_policydir)" || exit $$?; \ done uninstall-dist_dbus_policyDATA: @$(NORMAL_UNINSTALL) @list='$(dist_dbus_policy_DATA)'; test -n "$(dbus_policydir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(dbus_policydir)'; $(am__uninstall_files_from_dir) install-dist_sconfDATA: $(dist_sconf_DATA) @$(NORMAL_INSTALL) @list='$(dist_sconf_DATA)'; test -n "$(sconfdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sconfdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sconfdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(sconfdir)" || exit $$?; \ done uninstall-dist_sconfDATA: @$(NORMAL_UNINSTALL) @list='$(dist_sconf_DATA)'; test -n "$(sconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(sconfdir)'; $(am__uninstall_files_from_dir) install-polkit1_actionDATA: $(polkit1_action_DATA) @$(NORMAL_INSTALL) @list='$(polkit1_action_DATA)'; test -n "$(polkit1_actiondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(polkit1_actiondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(polkit1_actiondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(polkit1_actiondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(polkit1_actiondir)" || exit $$?; \ done uninstall-polkit1_actionDATA: @$(NORMAL_UNINSTALL) @list='$(polkit1_action_DATA)'; test -n "$(polkit1_actiondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(polkit1_actiondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(appdatadir)" "$(DESTDIR)$(applet_desktopdir)" "$(DESTDIR)$(desktopdir)" "$(DESTDIR)$(confdir)" "$(DESTDIR)$(dbus_policydir)" "$(DESTDIR)$(sconfdir)" "$(DESTDIR)$(polkit1_actiondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-appdataDATA install-applet_desktopDATA \ install-data-local install-desktopDATA install-dist_confDATA \ install-dist_dbus_policyDATA install-dist_sconfDATA \ install-polkit1_actionDATA @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-appdataDATA uninstall-applet_desktopDATA \ uninstall-desktopDATA uninstall-dist_confDATA \ uninstall-dist_dbus_policyDATA uninstall-dist_sconfDATA \ uninstall-local uninstall-polkit1_actionDATA .MAKE: all check check-am install install-am install-data-am \ install-strip .PHONY: all all-am check check-am check-local clean clean-generic \ cscopelist-am ctags-am distclean distclean-generic distdir dvi \ dvi-am html html-am info info-am install install-am \ install-appdataDATA install-applet_desktopDATA install-data \ install-data-am install-data-hook install-data-local \ install-desktopDATA install-dist_confDATA \ install-dist_dbus_policyDATA install-dist_sconfDATA \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am \ install-polkit1_actionDATA install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-appdataDATA \ uninstall-applet_desktopDATA uninstall-desktopDATA \ uninstall-dist_confDATA uninstall-dist_dbus_policyDATA \ uninstall-dist_sconfDATA uninstall-local \ uninstall-polkit1_actionDATA @INTLTOOL_DESKTOP_RULE@ @INTLTOOL_POLICY_RULE@ @INTLTOOL_XML_NOMERGE_RULE@ @GSETTINGS_RULES@ all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS) firewalld.service: firewalld.service.in $(edit) $< >$@ firewalld-sysctls.conf: firewalld-sysctls.conf.in $(edit) $< >$@ firewalld.logrotate: firewalld.logrotate.in $(edit) $< >$@ install-sysconfig: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig $(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld uninstall-sysconfig: rm -f $(DESTDIR)$(sysconfdir)/sysconfig/firewalld rmdir $(DESTDIR)$(sysconfdir)/sysconfig || : install-rpmmacros: $(MKDIR_P) $(DESTDIR)$(prefix)/lib/rpm/macros.d $(INSTALL_DATA) $(srcdir)/macros.firewalld $(DESTDIR)$(prefix)/lib/rpm/macros.d uninstall-rpmmacros: rm -f $(DESTDIR)$(prefix)/lib/rpm/macros.d/macros.firewalld rmdir $(DESTDIR)$(prefix)/lib/rpm/macros.d || : install-init: install-sysconfig $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d $(INSTALL_SCRIPT) $(srcdir)/firewalld.init $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld uninstall-init: uninstall-sysconfig rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : install-service: install-sysconfig $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNITDIR) $(INSTALL_DATA) firewalld.service $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service uninstall-service: uninstall-sysconfig rm -f $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service rmdir $(DESTDIR)$(SYSTEMD_UNITDIR) || : install-modprobe.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/modprobe.d $(INSTALL_DATA) firewalld-sysctls.conf $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf uninstall-modprobe.d: rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || : install-logrotate.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/logrotate.d $(INSTALL_DATA) firewalld.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld uninstall-logrotate.d: rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || : install-config: $(MKDIR_P) $(DESTDIR)$(sconfdir) $(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes $(MKDIR_P) $(DESTDIR)$(sconfdir)/ipsets $(MKDIR_P) $(DESTDIR)$(sconfdir)/services $(MKDIR_P) $(DESTDIR)$(sconfdir)/zones $(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers $(MKDIR_P) $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir) uninstall-config: rmdir $(DESTDIR)$(sconfdir)/icmptypes rmdir $(DESTDIR)$(sconfdir)/ipsets rmdir $(DESTDIR)$(sconfdir)/services rmdir $(DESTDIR)$(sconfdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/icmptypes/* rmdir $(DESTDIR)$(prefixlibdir)/icmptypes rm -f $(DESTDIR)$(prefixlibdir)/ipsets/* rmdir $(DESTDIR)$(prefixlibdir)/ipsets rm -f $(DESTDIR)$(prefixlibdir)/services/* rmdir $(DESTDIR)$(prefixlibdir)/services rm -f $(DESTDIR)$(prefixlibdir)/zones/* rmdir $(DESTDIR)$(prefixlibdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/helpers/* rmdir $(DESTDIR)$(prefixlibdir)/helpers install-data-local: $(INSTALL_TARGETS) uninstall-local: $(UNINSTALL_TARGETS) install-data-hook: cd $(DESTDIR)$(polkit1_actiondir) && \ mv org.fedoraproject.FirewallD1.server.policy org.fedoraproject.FirewallD1.server.policy.choice && \ mv org.fedoraproject.FirewallD1.desktop.policy org.fedoraproject.FirewallD1.desktop.policy.choice && \ rm -f org.fedoraproject.FirewallD1.policy && \ $(LN_S) org.fedoraproject.FirewallD1.server.policy.choice org.fedoraproject.FirewallD1.policy # make sure CONFIG_FILES are also in POTFILES check-local: @for file in $(filter-out helpers/% %/README,$(CONFIG_FILES)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/config/firewall-config.desktop.in0000664007115300711530000000052313341016621023166 0ustar00egarveregarver00000000000000[Desktop Entry] _Name=Firewall _Comment=Firewall Configuration Icon=firewall-config Categories=System;Settings;Security; # Translators: These are searchable keywords for the firewall configuration tool _Keywords=firewall;network;security;iptables;netfilter; Exec=/usr/bin/firewall-config Type=Application StartupNotify=true Terminal=false firewalld-0.8.2/config/macros.firewalld0000664007115300711530000000035713341016621021302 0ustar00egarveregarver00000000000000# RPM macros for packages installing firewalld services/zones # put this into %post otherwise firewalld won't load new service/zone file %firewalld_reload() \ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || : \ %{nil} firewalld-0.8.2/config/firewalld.service.in0000664007115300711530000000122113341016621022052 0ustar00egarveregarver00000000000000[Unit] Description=firewalld - dynamic firewall daemon Before=network-pre.target Wants=network-pre.target After=dbus.service After=polkit.service Conflicts=iptables.service ip6tables.service ebtables.service ipset.service Documentation=man:firewalld(1) [Service] EnvironmentFile=-/etc/sysconfig/firewalld ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS ExecReload=/bin/kill -HUP $MAINPID # supress to log debug and error output also to /var/log/messages StandardOutput=null StandardError=null Type=dbus BusName=org.fedoraproject.FirewallD1 KillMode=mixed [Install] WantedBy=multi-user.target Alias=dbus-org.fedoraproject.FirewallD1.service firewalld-0.8.2/config/firewalld.init0000775007115300711530000000425113341016621020761 0ustar00egarveregarver00000000000000#!/bin/sh # # firewalld Startup script for the firewall daemon # # chkconfig: - 08 92 # description: The firewall deamon manages the firewall and handles dynamic # firewall changes. # # config: /etc/firewalld # pidfile: /var/run/firewalld.pid # ### BEGIN INIT INFO # Provides: firewalld # Required-Start: $syslog $local_fs messagebus # Required-Stop: # Should-Start: # Should-Stop: # Default-Start: # Default-Stop: # Short-Description: # Description: ### END INIT INFO # Source function library. . /etc/init.d/functions exec="/usr/sbin/firewalld" prog="firewalld" #config="/etc/firewalld/firewalld.conf" [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog lockfile=/var/lock/subsys/$prog user_check() { if [ $UID -ne 0 ] ; then echo "User has insufficient privilege." exit 4 fi } start() { user_check [ -x $exec ] || exit 5 # [ -f $config ] || exit 6 echo -n $"Starting $prog: " daemon $exec $FIREWALLD_ARGS retval=$? echo [ $retval -eq 0 ] && touch $lockfile } stop() { user_check echo -n $"Stopping $prog: " killproc $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile } restart() { stop start } reload() { user_check echo -n $"Reloading firewall: " firewall-cmd --reload retval=$? [ $retval -eq 0 ] && success || failure echo } force_reload() { restart } rh_status() { user_check # run checks to determine if the service is running or use generic status status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } usage() { echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; usage) usage exit 0 ;; *) usage exit 2 esac exit $? firewalld-0.8.2/config/org.fedoraproject.FirewallD1.server.policy.in0000664007115300711530000000766513614563155026651 0ustar00egarveregarver00000000000000 FirewallD http://firewalld.org Firewall System policy prevents inspecting and changing firewall auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.info org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.info org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.direct.info org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.policies.info General firewall information System policy prevents getting general firewall information yes yes yes Firewall configuration System policy prevents changing the firewall configuration auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.config.info Firewall configuration System policy prevents inspecting the firewall configuration auth_admin_keep auth_admin_keep auth_admin_keep Firewall direct interface System policy prevents using the firewall direct interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.direct.info Firewall direct interface System policy prevents inspecting the firewall direct interface auth_admin_keep auth_admin_keep auth_admin_keep Firewall policies interface System policy prevents using the firewall policies interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.policies.info Firewall policies interface System policy prevents inspecting the firewall policies interface auth_admin_keep auth_admin_keep auth_admin_keep firewalld-0.8.2/config/firewalld.sysconfig0000664007115300711530000000011113341016621022006 0ustar00egarveregarver00000000000000# firewalld command line args # possible values: --debug FIREWALLD_ARGS= firewalld-0.8.2/config/lockdown-whitelist.xml0000664007115300711530000000040713641123204022472 0ustar00egarveregarver00000000000000 firewalld-0.8.2/config/firewalld.conf0000664007115300711530000000527113630022170020740 0ustar00egarveregarver00000000000000# firewalld config file # default zone # The default zone used if an empty zone string is used. # Default: public DefaultZone=public # Clean up on exit # If set to no or false the firewall configuration will not get cleaned up # on exit or stop of firewalld # Default: yes CleanupOnExit=yes # Lockdown # If set to enabled, firewall changes with the D-Bus interface will be limited # to applications that are listed in the lockdown whitelist. # The lockdown whitelist file is lockdown-whitelist.xml # Default: no Lockdown=no # IPv6_rpfilter # Performs a reverse path filter test on a packet for IPv6. If a reply to the # packet would be sent via the same interface that the packet arrived on, the # packet will match and be accepted, otherwise dropped. # The rp_filter for IPv4 is controlled using sysctl. # Default: yes IPv6_rpfilter=yes # IndividualCalls # Do not use combined -restore calls, but individual calls. This increases the # time that is needed to apply changes and to start the daemon, but is good for # debugging. # Default: no IndividualCalls=no # LogDenied # Add logging rules right before reject and drop rules in the INPUT, FORWARD # and OUTPUT chains for the default rules and also final reject and drop rules # in zones. Possible values are: all, unicast, broadcast, multicast and off. # Default: off LogDenied=off # FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) FirewallBackend=nftables # FlushAllOnReload # Flush all runtime rules on a reload. In previous releases some runtime # configuration was retained during a reload, namely; interface to zone # assignment, and direct rules. This was confusing to users. To get the old # behavior set this to "no". # Default: yes FlushAllOnReload=yes # RFC3964_IPv4 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that # correspond to IPv4 addresses that should not be routed over the public # internet. # Defaults to "yes". RFC3964_IPv4=yes # AllowZoneDrifting # Older versions of firewalld had undocumented behavior known as "zone # drifting". This allowed packets to ingress multiple zones - this is a # violation of zone based firewalls. However, some users rely on this behavior # to have a "catch-all" zone, e.g. the default zone. You can enable this if you # desire such behavior. It's disabled by default for security reasons. # Note: If "yes" packets will only drift from source based zones to interface # based zones (including the default zone). Packets never drift from interface # based zones to other interfaces based zones (including the default zone). # Possible values; "yes", "no". Defaults to "no". AllowZoneDrifting=no firewalld-0.8.2/config/Makefile.am0000664007115300711530000003123113630022170020147 0ustar00egarveregarver00000000000000sconfdir = $(sysconfdir)/firewalld prefixlibdir = ${prefix}/lib/firewalld dist_sconf_DATA = firewalld.conf lockdown-whitelist.xml desktop_FILES = firewall-config.desktop.in desktopdir = $(datadir)/applications desktop_DATA = $(desktop_FILES:.in=) appdata_FILES = firewall-config.appdata.xml.in appdatadir = $(datadir)/metainfo/ appdata_DATA = $(appdata_FILES:.in=) applet_desktop_FILES = firewall-applet.desktop.in applet_desktopdir = $(sysconfdir)/xdg/autostart applet_desktop_DATA = $(applet_desktop_FILES:.in=) confdir = $(sysconfdir)/firewall dist_conf_DATA = applet.conf polkit1_action_FILES = org.fedoraproject.FirewallD1.server.policy.in \ org.fedoraproject.FirewallD1.desktop.policy.in polkit1_actiondir = $(datadir)/polkit-1/actions polkit1_action_DATA = $(polkit1_action_FILES:.in=) dbus_policydir = $(datadir)/dbus-1/system.d dist_dbus_policy_DATA = FirewallD.conf gsettings_in_file = org.fedoraproject.FirewallConfig.gschema.xml.in gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml) BUILT_SOURCES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) \ firewalld-sysctls.conf \ firewalld.logrotate \ firewalld.service @INTLTOOL_DESKTOP_RULE@ @INTLTOOL_POLICY_RULE@ @INTLTOOL_XML_NOMERGE_RULE@ @GSETTINGS_RULES@ all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS) CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf firewalld.logrotate DISTCLEANFILES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) CONFIG_FILES = \ helpers/amanda.xml \ helpers/ftp.xml \ helpers/h323.xml \ helpers/irc.xml \ helpers/netbios-ns.xml \ helpers/pptp.xml \ helpers/proto-gre.xml \ helpers/Q.931.xml \ helpers/RAS.xml \ helpers/sane.xml \ helpers/sip.xml \ helpers/snmp.xml \ helpers/tftp.xml \ icmptypes/address-unreachable.xml \ icmptypes/bad-header.xml \ icmptypes/beyond-scope.xml \ icmptypes/communication-prohibited.xml \ icmptypes/destination-unreachable.xml \ icmptypes/echo-reply.xml \ icmptypes/echo-request.xml \ icmptypes/failed-policy.xml \ icmptypes/fragmentation-needed.xml \ icmptypes/host-precedence-violation.xml \ icmptypes/host-prohibited.xml \ icmptypes/host-redirect.xml \ icmptypes/host-unknown.xml \ icmptypes/host-unreachable.xml \ icmptypes/ip-header-bad.xml \ icmptypes/neighbour-advertisement.xml \ icmptypes/neighbour-solicitation.xml \ icmptypes/network-prohibited.xml \ icmptypes/network-redirect.xml \ icmptypes/network-unknown.xml \ icmptypes/network-unreachable.xml \ icmptypes/no-route.xml \ icmptypes/packet-too-big.xml \ icmptypes/parameter-problem.xml \ icmptypes/port-unreachable.xml \ icmptypes/precedence-cutoff.xml \ icmptypes/protocol-unreachable.xml \ icmptypes/redirect.xml \ icmptypes/reject-route.xml \ icmptypes/required-option-missing.xml \ icmptypes/router-advertisement.xml \ icmptypes/router-solicitation.xml \ icmptypes/source-quench.xml \ icmptypes/source-route-failed.xml \ icmptypes/time-exceeded.xml \ icmptypes/timestamp-reply.xml \ icmptypes/timestamp-request.xml \ icmptypes/tos-host-redirect.xml \ icmptypes/tos-host-unreachable.xml \ icmptypes/tos-network-redirect.xml \ icmptypes/tos-network-unreachable.xml \ icmptypes/ttl-zero-during-reassembly.xml \ icmptypes/ttl-zero-during-transit.xml \ icmptypes/unknown-header-type.xml \ icmptypes/unknown-option.xml \ ipsets/README \ services/amanda-client.xml \ services/amanda-k5-client.xml \ services/amqp.xml \ services/amqps.xml \ services/apcupsd.xml \ services/audit.xml \ services/bacula-client.xml \ services/bacula.xml \ services/bb.xml \ services/bgp.xml \ services/bitcoin-rpc.xml \ services/bitcoin-testnet-rpc.xml \ services/bitcoin-testnet.xml \ services/bitcoin.xml \ services/bittorrent-lsd.xml \ services/lightning-network.xml \ services/ceph-mon.xml \ services/ceph.xml \ services/cfengine.xml \ services/cockpit.xml \ services/condor-collector.xml \ services/ctdb.xml \ services/dhcpv6-client.xml \ services/dhcpv6.xml \ services/dhcp.xml \ services/distcc.xml \ services/dns-over-tls.xml \ services/dns.xml \ services/docker-registry.xml \ services/docker-swarm.xml \ services/dropbox-lansync.xml \ services/elasticsearch.xml \ services/etcd-client.xml \ services/etcd-server.xml \ services/finger.xml \ services/freeipa-4.xml \ services/freeipa-ldaps.xml \ services/freeipa-ldap.xml \ services/freeipa-replication.xml \ services/freeipa-trust.xml \ services/ftp.xml \ services/ganglia-client.xml \ services/ganglia-master.xml \ services/git.xml \ services/grafana.xml \ services/gre.xml \ services/high-availability.xml \ services/https.xml \ services/http.xml \ services/imaps.xml \ services/imap.xml \ services/ipp-client.xml \ services/ipp.xml \ services/ipsec.xml \ services/ircs.xml \ services/irc.xml \ services/iscsi-target.xml \ services/isns.xml \ services/jenkins.xml \ services/kadmin.xml \ services/kdeconnect.xml \ services/kerberos.xml \ services/kibana.xml \ services/klogin.xml \ services/kpasswd.xml \ services/kprop.xml \ services/kshell.xml \ services/kube-apiserver.xml \ services/ldaps.xml \ services/ldap.xml \ services/libvirt-tls.xml \ services/libvirt.xml \ services/llmnr.xml \ services/managesieve.xml \ services/matrix.xml \ services/mdns.xml \ services/memcache.xml \ services/minidlna.xml \ services/mongodb.xml \ services/mosh.xml \ services/mountd.xml \ services/mqtt.xml \ services/mqtt-tls.xml \ services/mssql.xml \ services/ms-wbt.xml \ services/murmur.xml \ services/mysql.xml \ services/nfs.xml \ services/nfs3.xml \ services/nmea-0183.xml \ services/nrpe.xml \ services/ntp.xml \ services/nut.xml \ services/openvpn.xml \ services/ovirt-imageio.xml \ services/ovirt-storageconsole.xml \ services/ovirt-vmconsole.xml \ services/pmcd.xml \ services/pmproxy.xml \ services/pmwebapis.xml \ services/pmwebapi.xml \ services/plex.xml \ services/pop3s.xml \ services/pop3.xml \ services/postgresql.xml \ services/privoxy.xml \ services/prometheus.xml \ services/proxy-dhcp.xml \ services/ptp.xml \ services/pulseaudio.xml \ services/puppetmaster.xml \ services/quassel.xml \ services/radius.xml \ services/rdp.xml \ services/redis-sentinel.xml \ services/redis.xml \ services/RH-Satellite-6.xml \ services/rpc-bind.xml \ services/rsh.xml \ services/rsyncd.xml \ services/rtsp.xml \ services/salt-master.xml \ services/samba-client.xml \ services/samba-dc.xml \ services/samba.xml \ services/sane.xml \ services/sips.xml \ services/sip.xml \ services/slp.xml \ services/smtp-submission.xml \ services/smtps.xml \ services/smtp.xml \ services/snmptrap.xml \ services/snmp.xml \ services/spideroak-lansync.xml \ services/spotify-sync.xml \ services/squid.xml \ services/ssdp.xml \ services/ssh.xml \ services/steam-streaming.xml \ services/svdrp.xml \ services/svn.xml \ services/syncthing.xml \ services/syncthing-gui.xml \ services/synergy.xml \ services/syslog-tls.xml \ services/syslog.xml \ services/telnet.xml \ services/tentacle.xml \ services/tftp-client.xml \ services/tftp.xml \ services/tile38.xml \ services/tinc.xml \ services/tor-socks.xml \ services/transmission-client.xml \ services/upnp-client.xml \ services/vdsm.xml \ services/vnc-server.xml \ services/wbem-http.xml \ services/wbem-https.xml \ services/wsman.xml \ services/wsmans.xml \ services/xdmcp.xml \ services/xmpp-bosh.xml \ services/xmpp-client.xml \ services/xmpp-local.xml \ services/xmpp-server.xml \ services/zabbix-agent.xml \ services/zabbix-server.xml \ zones/block.xml \ zones/dmz.xml \ zones/drop.xml \ zones/external.xml \ zones/home.xml \ zones/internal.xml \ zones/public.xml \ zones/trusted.xml \ zones/work.xml EXTRA_DIST = \ $(desktop_FILES) \ $(appdata_FILES) \ $(applet_desktop_FILES) \ $(polkit1_action_FILES) \ $(gsettings_in_file) \ $(CONFIG_FILES) \ lockdown-whitelist.xml.in \ firewalld.init \ firewalld.logrotate.in \ firewalld-sysctls.conf.in \ firewalld.service.in \ firewalld.sysconfig \ macros.firewalld INSTALL_TARGETS = install-config UNINSTALL_TARGETS = uninstall-config INSTALL_TARGETS += install-modprobe.d UNINSTALL_TARGETS += uninstall-modprobe.d INSTALL_TARGETS += install-logrotate.d UNINSTALL_TARGETS += uninstall-logrotate.d if USE_SYSTEMD INSTALL_TARGETS += install-service UNINSTALL_TARGETS += uninstall-service else INSTALL_TARGETS += install-init UNINSTALL_TARGETS += uninstall-init endif if INSTALL_SYSCONFIG INSTALL_TARGETS += install-sysconfig UNINSTALL_TARGETS += uninstall-sysconfig endif if INSTALL_RPMMACROS INSTALL_TARGETS += install-rpmmacros UNINSTALL_TARGETS += uninstall-rpmmacros endif edit = sed \ -e 's|@bindir[@]|$(bindir)|g' \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@MODPROBE[@]|$(MODPROBE)|g' \ -e 's|@SYSCTL[@]|$(SYSCTL)|g' firewalld.service: firewalld.service.in $(edit) $< >$@ firewalld-sysctls.conf: firewalld-sysctls.conf.in $(edit) $< >$@ firewalld.logrotate: firewalld.logrotate.in $(edit) $< >$@ install-sysconfig: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig $(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld uninstall-sysconfig: rm -f $(DESTDIR)$(sysconfdir)/sysconfig/firewalld rmdir $(DESTDIR)$(sysconfdir)/sysconfig || : install-rpmmacros: $(MKDIR_P) $(DESTDIR)$(prefix)/lib/rpm/macros.d $(INSTALL_DATA) $(srcdir)/macros.firewalld $(DESTDIR)$(prefix)/lib/rpm/macros.d uninstall-rpmmacros: rm -f $(DESTDIR)$(prefix)/lib/rpm/macros.d/macros.firewalld rmdir $(DESTDIR)$(prefix)/lib/rpm/macros.d || : install-init: install-sysconfig $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d $(INSTALL_SCRIPT) $(srcdir)/firewalld.init $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld uninstall-init: uninstall-sysconfig rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : install-service: install-sysconfig $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNITDIR) $(INSTALL_DATA) firewalld.service $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service uninstall-service: uninstall-sysconfig rm -f $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service rmdir $(DESTDIR)$(SYSTEMD_UNITDIR) || : install-modprobe.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/modprobe.d $(INSTALL_DATA) firewalld-sysctls.conf $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf uninstall-modprobe.d: rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || : install-logrotate.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/logrotate.d $(INSTALL_DATA) firewalld.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld uninstall-logrotate.d: rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || : install-config: $(MKDIR_P) $(DESTDIR)$(sconfdir) $(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes $(MKDIR_P) $(DESTDIR)$(sconfdir)/ipsets $(MKDIR_P) $(DESTDIR)$(sconfdir)/services $(MKDIR_P) $(DESTDIR)$(sconfdir)/zones $(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers $(MKDIR_P) $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir) uninstall-config: rmdir $(DESTDIR)$(sconfdir)/icmptypes rmdir $(DESTDIR)$(sconfdir)/ipsets rmdir $(DESTDIR)$(sconfdir)/services rmdir $(DESTDIR)$(sconfdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/icmptypes/* rmdir $(DESTDIR)$(prefixlibdir)/icmptypes rm -f $(DESTDIR)$(prefixlibdir)/ipsets/* rmdir $(DESTDIR)$(prefixlibdir)/ipsets rm -f $(DESTDIR)$(prefixlibdir)/services/* rmdir $(DESTDIR)$(prefixlibdir)/services rm -f $(DESTDIR)$(prefixlibdir)/zones/* rmdir $(DESTDIR)$(prefixlibdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/helpers/* rmdir $(DESTDIR)$(prefixlibdir)/helpers install-data-local: $(INSTALL_TARGETS) uninstall-local: $(UNINSTALL_TARGETS) install-data-hook: cd $(DESTDIR)$(polkit1_actiondir) && \ mv org.fedoraproject.FirewallD1.server.policy org.fedoraproject.FirewallD1.server.policy.choice && \ mv org.fedoraproject.FirewallD1.desktop.policy org.fedoraproject.FirewallD1.desktop.policy.choice && \ rm -f org.fedoraproject.FirewallD1.policy && \ $(LN_S) org.fedoraproject.FirewallD1.server.policy.choice org.fedoraproject.FirewallD1.policy # make sure CONFIG_FILES are also in POTFILES check-local: @for file in $(filter-out helpers/% %/README,$(CONFIG_FILES)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done firewalld-0.8.2/config/firewalld.logrotate.in0000664007115300711530000000015013630022170022407 0ustar00egarveregarver00000000000000@localstatedir@/log/firewalld { weekly missingok rotate 4 copytruncate minsize 1M } firewalld-0.8.2/config/firewall-config.appdata.xml.in0000664007115300711530000000241013614563155023737 0ustar00egarveregarver00000000000000 firewall-config.desktop CC0-1.0 GPL-2.0+

Firewall Configuration provides a graphical tool for administering firewall.

Allows to inspect and set:

  • Runtime and permanent firewall configuration
  • Predefined zones (levels of trust for network connections)
  • Predefined services (port/protocol, netfilter helper module)
  • Port forwarding, masquerading, ICMP blocking
  • Complex firewall rules a.k.a. Rich Language
  • Iptables rules a.k.a. Direct Interface
 https://raw.githubusercontent.com/firewalld/firewalld/master/doc/firewall-config.png http://firewalld.org https://github.com/firewalld/firewalld/issues https://fedora.zanata.org/project/view/firewalld twoerner_at_redhat.com firewalld-0.8.2/config/firewall-applet.desktop.in0000664007115300711530000000031213341016621023202 0ustar00egarveregarver00000000000000[Desktop Entry] _Name=Firewall Applet _Comment=Firewall Applet Icon=firewall-applet Categories=System;Settings;Security; Exec=/usr/bin/firewall-applet Type=Application StartupNotify=true Terminal=false firewalld-0.8.2/src/0000775007115300711530000000000013641123257015447 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall-applet0000775007115300711530000012210413641123204020455 0ustar00egarveregarver00000000000000#!/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2010-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys from PyQt5 import QtGui, QtCore, QtWidgets import gi gi.require_version('Notify', '0.7') from gi.repository import Notify import os from dbus.mainloop.pyqt5 import DBusQtMainLoop import functools from firewall import config from firewall.core.fw_nm import nm_is_imported, nm_get_zone_of_connection, \ nm_set_zone_of_connection, \ nm_get_dbus_interface, \ nm_get_connections from firewall.core.watcher import Watcher from firewall.client import FirewallClient import slip.dbus import dbus import signal import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext PATH = [ ] for p in os.getenv("PATH").split(":"): if p not in PATH: PATH.append(p) def search_app(app): for p in PATH: _app = "%s/%s" % (p, app) if os.path.exists(_app): return _app return None NM_CONNECTION_EDITOR = "" for binary in [ "/usr/bin/nm-connection-editor", "/bin/nm-connection-editor", "/usr/bin/kde5-nm-connection-editor", "/bin/kde5-nm-connection-editor", "/usr/bin/kde-nm-connection-editor", "/bin/kde-nm-connection-editor" ]: if os.path.exists(binary): NM_CONNECTION_EDITOR = binary break PY2 = sys.version < '3' def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text def fromUTF8(text): if PY2 and QtCore.QT_VERSION < 0x050000: return QtCore.QString.fromUtf8(text) return text # ZoneInterfaceEditor ######################################################### class ZoneInterfaceEditor(QtWidgets.QDialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface QtWidgets.QDialog.__init__(self) self.create_ui(zone) def create_ui(self, zone): self.setWindowTitle(fromUTF8(escape(self.title))) self.rejected.connect(self.hide) self.resize(100, 50) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(fromUTF8(escape(self.title))) vbox.addWidget(label) self.combo = QtWidgets.QComboBox() self.fill_zone_combo() vbox.addWidget(self.combo) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.combo.activated.connect(self.combo_changed) self.setLayout(vbox) self.set_zone(zone) def combo_changed(self): self.ok_button.setDisabled(self.get_zone() == self.zone) def set_zone(self, zone): self.zone = zone if zone == "": self.combo.setCurrentIndex(self.combo.findText( escape(_("Default Zone")))) else: self.combo.setCurrentIndex(self.combo.findText(self.zone)) self.combo_changed() def get_zone(self): text = str(self.combo.currentText()) if text == escape(_("Default Zone")): text = "" return text def fill_zone_combo(self): self.combo.clear() self.combo.addItem(fromUTF8(escape(_("Default Zone")))) for z in self.fw.getZones(): self.combo.addItem(z) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def ok(self): self.fw.changeZoneOfInterface(self.get_zone(), self.interface) self.hide() # ZoneConnectionEditor ######################################################## class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): # apply changes try: nm_set_zone_of_connection(self.get_zone(), self.connection) except Exception: text = _("Failed to set zone {zone} for connection {connection_name}") QtWidgets.QMessageBox.warning(None, fromUTF8(escape(self.title)), escape(text.format( zone=self.get_zone(), connection_name=self.connection_name))) self.hide() # ZoneSourceEditor ############################################################ class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source '%s'") % self.source QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): self.fw.changeZoneOfSource(self.get_zone(), self.source) self.hide() # ShieldsEditor ######################################################### class ShieldsEditor(QtWidgets.QDialog): def __init__(self, fw, settings, shields_up, shields_down): self.fw = fw self.settings = settings self.shields_up = shields_up self.shields_down = shields_down self.title = _("Configure Shields Up/Down Zones") QtWidgets.QDialog.__init__(self) self.create_ui() def create_ui(self): self.setWindowTitle(fromUTF8(escape(self.title))) self.rejected.connect(self.hide) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(fromUTF8(escape( _("Here you can select the zones used for Shields Up and " "Shields Down.")))) label.setWordWrap(True) vbox.addWidget(label) label = QtWidgets.QLabel(fromUTF8(escape( _("This feature is useful for people using the default zones " "mostly. For users, that are changing zones of connections, it " "might be of limited use.")))) label.setWordWrap(True) vbox.addWidget(label) grid = QtWidgets.QGridLayout() grid.setSpacing(6) label = QtWidgets.QLabel(fromUTF8(escape(_("Shields Up Zone:")))) label.setWordWrap(True) grid.addWidget(label, 0, 0, 1, 1) self.shields_up_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_up_combo) #self.set_shields_up(self.shields_up) grid.addWidget(self.shields_up_combo, 0, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_up) grid.addWidget(button, 0, 2, 1, 1) label = QtWidgets.QLabel(fromUTF8(escape(_("Shields Down Zone:")))) label.setWordWrap(True) grid.addWidget(label, 1, 0, 1, 1) self.shields_down_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_down_combo) #self.set_shields_down(self.shields_down) grid.addWidget(self.shields_down_combo, 1, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_down) grid.addWidget(button, 1, 2, 1, 1) vbox.addLayout(grid) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.shields_up_combo.activated.connect(self.shields_combo_changed) self.shields_down_combo.activated.connect(self.shields_combo_changed) self.setLayout(vbox) def shields_combo_changed(self): self.ok_button.setDisabled( self.get_shields_up() == self.shields_up and \ self.get_shields_down() == self.shields_down) def set_shields_up(self, zone): self.shields_up = zone if self.shields_up_combo.count() > 0: self.shields_up_combo.setCurrentIndex( self.shields_up_combo.findText(self.shields_up)) self.shields_combo_changed() def set_shields_down(self, zone): self.shields_down = zone if self.shields_down_combo.count() > 0: self.shields_down_combo.setCurrentIndex( self.shields_down_combo.findText(self.shields_down)) self.shields_combo_changed() def reset_shields_up(self): self.set_shields_up(self.shields_up) # remove user key to get fallback again self.settings.remove("shields-up") def reset_shields_down(self): self.set_shields_down(self.shields_down) # remove user key to get fallback again self.settings.remove("shields-down") def get_shields_up(self): return str(self.shields_up_combo.currentText()) def get_shields_down(self): return str(self.shields_down_combo.currentText()) def zones_changed(self): up_zone = self.shields_up if self.get_shields_up(): up_zone = self.get_shields_up() down_zone = self.shields_down if self.get_shields_down(): down_zone = self.get_shields_down() for z in self.fw.getZones(): self.shields_up_combo.addItem(z) self.shields_down_combo.addItem(z) self.set_shields_up(up_zone) self.set_shields_down(down_zone) def ok(self): if self.shields_up != self.get_shields_up(): self.settings.setValue("shields-up", self.get_shields_up()) if self.shields_down != self.get_shields_down(): self.settings.setValue("shields-down", self.get_shields_down()) self.settings.sync() self.hide() # AboutDialog ################################################################# class AboutDialog(QtWidgets.QDialog): def __init__(self, name, icon, version, url, copyright, authors, license): QtWidgets.QDialog.__init__(self) self.setWindowIcon(icon) self.setWindowTitle(fromUTF8(escape(_("About %s" % name)))) self.resize(500, 250) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) hbox = QtWidgets.QHBoxLayout() hbox.setSpacing(24) label = QtWidgets.QLabel() label.setPixmap(icon.pixmap(96)) label.setMinimumSize(96, 96) label.setMaximumSize(96, 96) hbox.addWidget(label) vbox2 = QtWidgets.QVBoxLayout() vbox2.setSpacing(3) label = QtWidgets.QLabel(name) font = label.font() font.setPointSize(font.pointSize()*2) font.setBold(True) label.setFont(font) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(version)) label = QtWidgets.QLabel("%s" % (url, url)) label.setTextFormat(QtCore.Qt.RichText) label.setTextInteractionFlags(QtCore.Qt.TextBrowserInteraction) label.setOpenExternalLinks(True) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(copyright)) hbox.addLayout(vbox2) vbox.addLayout(hbox) tabs = QtWidgets.QTabWidget() tabs.setStyleSheet("QTabWidget::tab { padding: 1px 1px 1px 1px; }") tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText(fromUTF8("\n".join(authors))) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, fromUTF8(escape(_("Authors")))) tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText(license) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, fromUTF8(escape(_("License")))) vbox.addWidget(tabs) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Close) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.setLayout(vbox) # TrayApplet ################################################################## class TrayApplet(QtWidgets.QSystemTrayIcon): def __init__(self): super(TrayApplet, self).__init__() self.name = _("Firewall Applet") self.prog = "firewall-applet" self.icon_name = "firewall-applet" self.icons = { "normal": QtGui.QIcon.fromTheme(self.icon_name), "error": QtGui.QIcon.fromTheme(self.icon_name+"-error"), "panic": QtGui.QIcon.fromTheme(self.icon_name+"-panic"), "normal-shields_up": QtGui.QIcon.fromTheme(self.icon_name+"-shields_up"), "normal-shields_down": QtGui.QIcon.fromTheme(self.icon_name+"-shields_down"), } self.timer = None self.mode = None self.blink = False self.blink_count = 0 self._blink = False self._blink_count = 0 self.show_inactive = False self.tooltip_messages = [ ] self.active_zones = { } self.connections = { } self.connections_name = { } self.default_zone = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } # settings self.settings = QtCore.QSettings("firewall", "applet") # file system watcher self.watcher = Watcher(self.load_settings, 2) self.watcher.add_watch_file("/etc/firewall/applet.conf") self.watcher.add_watch_file(str(self.settings.fileName())) # about dialog self.about_dialog = AboutDialog(self.name, self.icons["normal"], config.VERSION, config.WEBSITE, config.COPYRIGHT, config.AUTHORS, config.LICENSE) # urgencies self.urgencies = { "noicon": QtWidgets.QSystemTrayIcon.NoIcon, "information": QtWidgets.QSystemTrayIcon.Information, "warning": QtWidgets.QSystemTrayIcon.Warning, "critical": QtWidgets.QSystemTrayIcon.Critical } # actions self.shieldsupAction = QtWidgets.QAction(fromUTF8(escape(_("Shields Up"))), self) self.shieldsupAction.setCheckable(True) self.shieldsupAction.setChecked(False) self.shieldsupAction.triggered.connect(self.shieldsup_changed_cb) self.notificationsAction = QtWidgets.QAction( fromUTF8(escape(_("Enable Notifications"))), self) self.notificationsAction.setCheckable(True) self.notificationsAction.setChecked(False) self.notificationsAction.triggered.connect(self.notification_changed_cb) self.settingsAction = QtWidgets.QAction( fromUTF8(escape(_("Edit Firewall Settings..."))), self) self.settingsAction.triggered.connect(self.configure_cb) self.changeZonesAction = QtWidgets.QAction( fromUTF8(escape(_("Change Zones of Connections..."))), self) self.changeZonesAction.triggered.connect(self.nm_connection_editor) self.shieldsAction = QtWidgets.QAction( fromUTF8(escape(_("Configure Shields UP/Down Zones..."))), self) self.shieldsAction.triggered.connect(self.configure_shields) self.panicAction = QtWidgets.QAction( fromUTF8(escape(_("Block all network traffic"))), self) self.panicAction.setCheckable(True) self.panicAction.setChecked(False) self.panicAction.triggered.connect(self.panic_mode_cb) self.aboutAction = QtWidgets.QAction(fromUTF8(escape(_("About"))), self) self.aboutAction.triggered.connect(self.about_dialog.exec_) #self.quitAction = QtWidgets.QAction(fromUTF8(escape(_("Quit"))), self, # triggered=self.quit) self.connectionsAction = QtWidgets.QWidgetAction(self) self.connectionsAction.setDefaultWidget(QtWidgets.QLabel( fromUTF8(""+escape(_("Connections"))+" "))) self.interfacesAction = QtWidgets.QWidgetAction(self) self.interfacesAction.setDefaultWidget(QtWidgets.QLabel( fromUTF8(""+escape(_("Interfaces"))+" "))) self.sourcesAction = QtWidgets.QWidgetAction(self) self.sourcesAction.setDefaultWidget(QtWidgets.QLabel( fromUTF8(""+escape(_("Sources"))+" "))) # init self.left_menu = QtWidgets.QMenu() self.left_menu.setStyleSheet('QMenu { margin: 5px; }') self.right_menu = QtWidgets.QMenu() self.right_menu.addAction(self.shieldsupAction) self.right_menu.addAction(self.notificationsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.settingsAction) self.right_menu.addAction(self.changeZonesAction) self.right_menu.addAction(self.shieldsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.panicAction) self.right_menu.addSeparator() self.right_menu.addAction(self.aboutAction) #self.right_menu.addSeparator() #self.right_menu.addAction(self.quitAction) self.setContextMenu(self.right_menu) self.activated.connect(self.activated_cb) self.set_mode("error") self.set_icon() self.setVisible(self.show_inactive) # init notification Notify.init(self.prog) # connect to firewalld DBusQtMainLoop(set_as_default=True) try: self.bus = slip.dbus.SystemBus() self.bus.default_timeout = None except Exception as msg: print("Not using slip", msg) self.bus = dbus.SystemBus() if nm_is_imported(): self.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') self.nm_signal_receiver() self.fw = FirewallClient(self.bus, wait=1) self.fw.setExceptionHandler(self._exception_handler) self.fw.connect("connection-established", self.connection_established) self.fw.connect("connection-lost", self.connection_lost) self.fw.connect("reloaded", self.reloaded), self.fw.connect("default-zone-changed", self.default_zone_changed) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled) self.fw.connect("interface-added", self.interface_added) self.fw.connect("interface-removed", self.interface_removed) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed) self.fw.connect("source-added", self.source_added) self.fw.connect("source-removed", self.source_removed) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed) self.shields_editor = ShieldsEditor(self.fw, self.settings, None, None) self.load_settings() def _exception_handler(self, exception_message): if "NotAuthorizedException" in exception_message: self.error(fromUTF8(escape(_("Authorization failed.")))) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", _("Invalid name")) self.warning(fromUTF8(escape(msg))) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace("NAME_CONFLICT", _("Name already exists")) self.warning(fromUTF8(escape(msg))) elif "NO_DEFAULTS" in exception_message: pass else: self.error(fromUTF8(exception_message)) def quit(self): sys.exit(1) def set_icon(self, mode=None): if mode is not None: self.setIcon(self.icons[mode]) elif self.mode != "normal": self.setIcon(self.icons[self.mode]) elif self.default_zone == self.shields_up: self.setIcon(self.icons["normal-shields_up"]) else: self.setIcon(self.icons["normal-shields_down"]) def load_settings(self, name=None): self.settings.sync() notifications = self.settings.value("notifications", False, type=bool) self.notificationsAction.setChecked(notifications) self.show_inactive = self.settings.value("show-inactive", False, type=bool) self.blink = self.settings.value("blink", False, type=bool) self.blink_count = self.settings.value("blink-count", 5, type=int) self.shields_up = self.settings.value("shields-up", "block", type=str) if self.default_zone: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.shields_editor.set_shields_up(self.shields_up) self.shields_down = self.settings.value("shields-down", "public", type=str) self.shields_editor.set_shields_down(self.shields_down) #print("shields-up=%s" % self.shields_up) #print("notifications=%s" % notifications) #print("blink=%s" % self.blink) #print("blink-count=%s" % self.blink_count) #print("show-inactive=%s" % self.show_inactive) if not self.fw.connected: self.setVisible(self.show_inactive) else: self.setVisible(True) def activated_cb(self, reason): if reason == QtWidgets.QSystemTrayIcon.Trigger: self.left_menu.popup(QtGui.QCursor.pos()) def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu self.left_menu.clear() # add connections entry self.left_menu.addAction(self.connectionsAction) if not self.fw.connected: return active_zones = self.fw.getActiveZones() if active_zones: self.active_zones = active_zones # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in self.connections_name: connection_name = None else: connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, connection_name ] binding = _("{entry} (Zone: {zone})") # add NM controlled bindings for connection in sorted(connections): zone = connections[connection][0] connection_name = connections[connection][1] if zone == "": _binding = _("{entry} (Default Zone: {default_zone})") action = QtWidgets.QAction( fromUTF8(escape( _binding.format(default_zone=self.default_zone, entry=connection_name))), self) else: action = QtWidgets.QAction( fromUTF8(escape(binding.format(zone=zone, entry=connection_name))), self) action.triggered.connect(functools.partial( self.zone_connection_editor, connection, connection_name, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.interfacesAction) # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] action = QtWidgets.QAction( fromUTF8(escape(binding.format(zone=zone, entry=interface))), self) action.triggered.connect(functools.partial( self.zone_interface_editor, interface, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.sourcesAction) for source in sorted(sources): zone = sources[source] action = QtWidgets.QAction( fromUTF8(escape(binding.format(zone=zone, entry=source))), self) action.triggered.connect(functools.partial( self.zone_source_editor, source, zone)) self.left_menu.addAction(action) def zone_interface_editor(self, interface, zone): if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.zone_interface_editors[interface].show() return self.zone_interface_editors[interface].raise_() editor = ZoneInterfaceEditor(self.fw, interface, zone) self.zone_interface_editors[interface] = editor editor.show() editor.raise_() editor.show() def zone_connection_editor(self, connection, connection_name, zone): if connection in self.zone_connection_editors: self.zone_connection_editors[connection].set_zone(zone) self.zone_connection_editors[connection].show() return self.zone_connection_editors[connection].raise_() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) self.zone_connection_editors[connection] = editor editor.show() editor.raise_() editor.show() def zone_source_editor(self, source, zone): if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) self.zone_source_editors[source].show() return self.zone_source_editors[source].raise_() editor = ZoneSourceEditor(self.fw, source, zone) self.zone_source_editors[source] = editor editor.show() editor.raise_() editor.show() def nm_signal_receiver(self, *args, **kwargs): self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): text = _("Failed to get connections from NetworkManager") try: nm_get_connections(self.connections, self.connections_name) except Exception: self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) else: if text in self.tooltip_messages: self.tooltip_messages.remove(text) else: text = _("No NetworkManager imports available") self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) self.update_tooltip() def notify(self, msg, urgency="noicon", timeout=5): #self.showMessage(fromUTF8(escape(self.name)), msg, self.urgencies[urgency], timeout*1000) n = Notify.Notification.new(escape(self.name), msg, self.icon_name) n.set_urgency(Notify.Urgency.NORMAL) try: n.show() except: return def shieldsup_changed_cb(self): if self.shieldsupAction.isChecked(): zone = str(self.shields_up) else: zone = str(self.shields_down) if self.fw.connected and self.default_zone != zone: try: self.fw.setDefaultZone(zone) except dbus.exceptions.DBusException as e: print("Error: %s" % e.get_dbus_message()) def notification_changed_cb(self): self.settings.setValue("notifications", self.notificationsAction.isChecked()) self.settings.sync() def __blink(self, arg=None): if self._blink_count != 0: if self._blink_count > 0 and self._blink: self._blink_count -= 1 self._blink = not self._blink if not self.timer: self.timer = QtCore.QTimer(self) self.timer.timeout.connect(self.__blink) self.timer.setInterval(1000) self.timer.start() if not self._blink: self.set_icon() else: self.set_icon("normal") def get_mode(self): return self.mode def set_mode(self, mode): if self.mode != mode: if self.timer and self.timer.isActive(): self.timer.stop() self._blink = False self.mode = mode elif self.mode == mode and self.timer: if self._blink_count == 0: self._blink_count += 1 return if mode == "normal": self.set_icon() return if self.blink: if self.blink_count != 0: self._blink = True self._blink_count = self.blink_count self.__blink() else: self.set_icon() def update_tooltip(self): if self.get_mode() == "error": self.setToolTip(fromUTF8("" + \ _("No connection to firewall daemon") + \ "")) return messages = [ ] if self.panicAction.isChecked(): messages.append("" + \ _("All network traffic is blocked.") + \ "") if self.default_zone: messages.append(_("Default Zone: '%s'") % self.default_zone) for interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default Zone '{default_zone}' active for connection " "'{connection}' on interface '{interface}'") else: text = _("Zone '{zone}' active for connection " "'{connection}' on interface '{interface}'") messages.append(text.format(zone=zone, default_zone=self.default_zone, connection=connection, interface=interface)) if len(self.active_zones) > 0: for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: text = _("Zone '{zone}' active for interface " "'{interface}'") connection = None messages.append(text.format(zone=zone, connection=connection, interface=interface)) if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): text = _("Zone '{zone}' active for source {source}") connection = None messages.append(text.format(zone=zone, source=source)) else: messages.append(_("No Active Zones.")) messages.extend(self.tooltip_messages) tooltip = ""+"
".join(messages)+"" self.setToolTip(fromUTF8(""+tooltip+"")) self.set_icon() def show(self): # do not automatically show the applet pass def panic_mode_cb(self): if not self.fw or not self.fw.connected: return if self.panicAction.isChecked(): self.fw.enablePanicMode() else: self.fw.disablePanicMode() self.panicAction.setChecked(not self.panicAction.isChecked()) def configure_shields(self): self.shields_editor.show() self.shields_editor.raise_() def nm_connection_editor(self, item, uuid=None): if NM_CONNECTION_EDITOR == "": self.warning("NetworkManager connection editor is missing.") return if uuid: if "kde-" in NM_CONNECTION_EDITOR: os.system("%s %s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s --edit=%s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s &" % NM_CONNECTION_EDITOR) def warning(self, text): QtWidgets.QMessageBox.warning(None, fromUTF8(escape(self.name)), text) def error(self, text): QtWidgets.QMessageBox.critical(None, fromUTF8(escape(self.name)), text) def configure_cb(self, widget): os.system("firewall-config &") # firewallClient signal receivers def connection_established(self, first=False): self.default_zone = self.fw.getDefaultZone() self.panicAction.setChecked(self.fw.queryPanicMode()) self.update_active_zones() self.shields_editor.zones_changed() if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD established."))) self.setVisible(True) self.set_mode("normal") self.update_tooltip() def connection_lost(self): self.default_zone = None self.set_mode("error") self.update_active_zones() self.update_tooltip() self.panicAction.setChecked(False) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD lost."))) self.setVisible(self.show_inactive) def reloaded(self): if self.notificationsAction.isChecked(): self.notify(escape(_("FirewallD has been reloaded."))) self.update_active_zones() self.update_tooltip() def default_zone_changed(self, zone): self.default_zone = zone if self.notificationsAction.isChecked(): self.notify(escape(_("Default zone changed to '%s'.") % zone)) if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.update_active_zones() self.update_tooltip() def _panic_mode(self, enable): self.panicAction.setChecked(enable) self.update_tooltip() if enable: self.set_mode("panic") else: self.set_mode("normal") if self.notificationsAction.isChecked(): ed = { 1: _("All network traffic is blocked."), 0: _("Network traffic is not blocked anymore.") } self.notify(escape(ed[enable])) def panic_mode_enabled(self): self._panic_mode(True) def panic_mode_disabled(self): self._panic_mode(False) def _interface(self, zone, interface, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed interface if not enable: if interface in self.connections: connection = self.connections[interface] if connection in self.zone_connection_editors: self.zone_connection_editors[connection].hide() del self.zone_connection_editors[connection] elif interface in self.zone_interface_editors: self.zone_interface_editors[interface].hide() del self.zone_interface_editors[interface] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } if interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default zone '{default_zone}' " "{activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: text = _("Zone '{zone}' {activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: connection = None text = _("Zone '{zone}' {activated_deactivated} for " "interface '{interface}'") self.notify(escape(text.format( zone=zone, default_zone=self.default_zone, activated_deactivated=ed[enable], connection=connection, interface=interface))) def interface_added(self, zone, interface): self._interface(zone, interface, True) def interface_removed(self, zone, interface): self._interface(zone, interface, False) def zone_of_interface_changed(self, zone, interface): # update zone editor if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for interface '%s'") % \ (zone, interface))) def _source(self, zone, source, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed source if not enable: if source in self.zone_source_editors: self.zone_source_editors[source].hide() del self.zone_source_editors[source] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } text = _("Zone '{zone}' {activated_deactivated} for " "source '{source}'") self.notify(escape(text.format( zone=zone, activated_deactivated=ed[enable], source=source))) def source_added(self, zone, source): self._source(zone, source, True) def source_removed(self, zone, source): self._source(zone, source, False) def zone_of_source_changed(self, zone, source): index = source if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) # update zone editor if index in self.zone_interface_editors: self.zone_interface_editors[index].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for source '%s'") % \ (zone, source))) # MAIN ######################################################################## if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) # reset SIGINT signal to default signal.signal(signal.SIGINT, signal.SIG_DFL) app = QtWidgets.QApplication(sys.argv) app.setQuitOnLastWindowClosed(False) applet = TrayApplet() applet.show() sys.exit(app.exec_()) firewalld-0.8.2/src/icons/0000775007115300711530000000000013641123257016562 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/48x48/0000775007115300711530000000000013641123257017361 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/48x48/apps/0000775007115300711530000000000013641123257020324 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/48x48/apps/firewall-applet.png0000664007115300711530000000621513341016621024117 0ustar00egarveregarver00000000000000PNG  IHDR00WsBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<tEXtTitleFirewalltEXtAuthorLapo Calamandreiߑ* IDATh\U?7N`;NB툖$4?0LiҔ*R RR%HHD@ZQpۻ]x׻3޻xofw3j;QBww=sbY[w*?6;O n5 %K+D^ua.uz m0nTTAQETP(*CD\UU "]wPQ8D$%7+;_\oelALfb9J^0 sd3v;6@ŵ`P js(ԧو!J5X PE1j՞DL&y@\2&[Ho)빮hL\l hiV}hySF# ܶM_:֭;7a\]˳8cl/_rl+AM2K~p7+OV+sQ81 nڹ00";Dq׬Ve=OWΠaHA0;K0?60%?]śaJӨۇ5YYőE` p^2׾gPwetl7S(" 3Ln07ރFuHj40?Ś#G|^SرNd. 0$CPPb Ję1#gf 1{vdt~jLLPlp{Ovx|R">DR/RO;RNOMQ7H$fXOchS3g Cy2ANq.9ȴ! ҃Nl#Dv}.Wo/xV.E1t{>~8ӛKUuiF glW34*]=GKs'3=|c/TZt1UUw>[ģ ǹs!dl,FԺ9o J:"1Qf ]]< *_vP 8;y)ڜRcWcNwp~,Wܑ#r<yk+VٌfsYen Vɜ*g"RI8}li>e]םK$VMU*G󼇶hX,^9 u]V߳\8g95<(0d2V^rn Pc3T+[ߗm0=;thZ^|;M(6NWe#8E=Q&Uss)2bЛ|{_=M k7L|3LF ]W}X24;vc6HۅG`R\R&3gfq?eϯT_3[nm~_~*{T c28U0bQ;b VRs @ⴵԝK űηbEƬf'')39_uL&n#ۍ1VZYFrŀ0!0?GwO/SSgᅵFAoOgr 5^*ƀ|y 8gaa:>cH0(J8ا=M9sb(.@ZEW^Ih- )gK]]\Ci- ZJ|>>q帾yܳlp*`{b"`6H.2\&nWbN琖0/<;xgzJ/Iګ@H((ɋX,KdGBery䒿R~dBEIENDB`firewalld-0.8.2/src/icons/48x48/apps/firewall-applet-error.png0000664007115300711530000000612213341016621025243 0ustar00egarveregarver00000000000000PNG  IHDR00WsBIT|d pHYs^tEXtSoftwarewww.inkscape.org< IDAThUG?5` D#Ѹ?PXY`UBH  ֚?vZ?[h'#qE 0 Xbai`QfI#5aǽ͛#Jݧ|>t?aL௥xkaG}k \m|ɤ\&75Zxz? eq6Ν;Jn/ח7  ϝga9npK|eqyݼV$L6ʹ,ݹsaO4)Y,BFL'OsiQ?c"w0[B:h *N7s 6TH>PR/[2*@^mu+PJ'L&Si |h~h/^Q?=fv`Bľ}?=wbcl^ul˲2*bFG`7AGHҁ]8" *:A `{4}n %K0b kEA d.&j m^& 1aZɓcNʕ _hR"vBsO]#$4m`>AEk3&F2(1;>V\ov"^F|kbEraQ*511&u? C֣%֐<@pua+ +UJR*Z>Ԁt]y8PJ{m&P;X[qpS)Sp,LI&VT°zŽnJakl*jQEZX{"!%V0l3{ョΚ5H)?F 㤕E&2¥?vLT<윔eV6l}[6S[Q,f.JC^dsm;Ǫۦ*vWTpF]75"jvW6H)IR~@2Ay?%;۟:e2e۟:1?.acEJ"JxA xyiuTݨÇvS!޺H$XBh°P\Fzӧ?Xĉ?>UJױ,{A];kג caYR[, Le-]{_Y63o֫~uRE`uu!>ro'HP*yquIbfR& C˒!*7@QQkM Xu- )D{›GaǎȮc~i 0wV$kb[m!E/^570Ɣ^:!U,NN8׋ #Q̖-ycR/~1XĊ$4tL:C:ikϟwOJfY@9rK$x?v ccVtI{0l8[)b6>&5R>|!k0r&CxƍQZ*B3\cࡇH|X5L W܋(z6m g( }׿>Q)> P@>* +iBJQ{<oF ]ݽBW3yrMTSN6{-CoGg),[X={0'NljrHM'[nB[P$}zjh /;{ Ǻ.!%X1"/=S*A2 RӧO"l(&{z$IJmL?Nxx HA99x}wz_0Sc0^JKx]x# eEmc$k2(󏀯NBv` P*S",a$P _@Y]Yc?Y!0M&S[H$6cPaTX8FkW8XM5J_=G.c  E@}koL?™^TYDW4 0q,8K=AM0_ըu x~37ey fogBr,ji3% eW;3}m5]cލoi?2IENDB`firewalld-0.8.2/src/icons/48x48/apps/firewall-applet-panic.png0000664007115300711530000000517413341016621025212 0ustar00egarveregarver00000000000000PNG  IHDR00WsBIT|d pHYs^tEXtSoftwarewww.inkscape.org< IDAThk]{ܛyIcLbLDXh,ԖmlAB?BmKK@JcS QF!!ZyN:&:5Ν8<3N&#FܻZk־JD,9O܏3Gqneu"JA,zX;&~dhۃBGGpwD '6PSs\׼}۶m nG~=ڧZ+NqiVwǘ煎˖1b9{ ܺSI22ɴ ۶msc'|IE)(P_晼^Ow7c`Xc ֚iرT*۷?g x{{-YTT3 T R$Z廟טx`+kHhB10$4_t (śob7sԝ^҅ 0Ydxx8:i4.! q"Ptݵl}>!䓩~ܩD4}֘Y/Պld3UAep!%HR ZkxSf~jc aR5K՜9sGFX `<Nu R 5.FT:m|qұJk6 qdb" Lxf#qU6ܶ1TGaHZ-Ɠ],D/oI[%V@D"psK)MG"8A1OxMVg `,`nDi -½gx=_R#3CZۀ 猵 jahb.jDyt'd|T1C],[Ӗ-y睷֚0`Gn 6Y ڂUVx x׮] iߧZRfqqTGgL)*Z>ua`H9r{JǦ -IN䓟xw*-y㕇?@uh~w#{BjAԲ}o2^UT"r;辤ÛrWͶ ?ogV֦{ BP.#aݽP*ubSg ?N|T L;4؜Y֊7TYQ[۳--PК ~YڬňRXZ09HOVk-a$7 q"'1&-;q5Teqֹy(oA=yxF ]]x˖8A%p\?_d" Cϛ7mi\T'&p\/% b-U^ߊ=3p|g:tJ ZTq"~үu8S*NjiAhx/]byI)Įrp¨lԘz kd6Q*kȵ~V}}Ux۝P= q8Jd, 3My>^|Ư266·p-` J0214ZJuZۚi=PVxir,7^\P.V ʼn jX3:mR&t88'VXTjjŎE:V{x]]ڸ[.c֭0$D{^CTIȆ!AQ)(ىVma8Q*͎}gɮvu*}a-(P%H 1O; |5.j%;ǿl:=M-Wȼ+y̏DQ5-PYֆ:SbRkXn%J㳐htI(Tp2nbޡ4nHۆTmɏC *]"VxB 턧s+i[D7+ rJcԉEԋ Z p𤈴P -O;j9`X&S_ @ _}U\ÞX ۰o]mˠOG-ɂ9Co_$/"o@ b ;r^Xp)twE7&`#;}m>NHmH_?i:YEhIENDB`firewalld-0.8.2/src/icons/48x48/apps/firewall-config.png0000664007115300711530000000621513341016621024077 0ustar00egarveregarver00000000000000PNG  IHDR00WsBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<tEXtTitleFirewalltEXtAuthorLapo Calamandreiߑ* IDATh\U?7N`;NB툖$4?0LiҔ*R RR%HHD@ZQpۻ]x׻3޻xofw3j;QBww=sbY[w*?6;O n5 %K+D^ua.uz m0nTTAQETP(*CD\UU "]wPQ8D$%7+;_\oelALfb9J^0 sd3v;6@ŵ`P js(ԧو!J5X PE1j՞DL&y@\2&[Ho)빮hL\l hiV}hySF# ܶM_:֭;7a\]˳8cl/_rl+AM2K~p7+OV+sQ81 nڹ00";Dq׬Ve=OWΠaHA0;K0?60%?]śaJӨۇ5YYőE` p^2׾gPwetl7S(" 3Ln07ރFuHj40?Ś#G|^SرNd. 0$CPPb Ję1#gf 1{vdt~jLLPlp{Ovx|R">DR/RO;RNOMQ7H$fXOchS3g Cy2ANq.9ȴ! ҃Nl#Dv}.Wo/xV.E1t{>~8ӛKUuiF glW34*]=GKs'3=|c/TZt1UUw>[ģ ǹs!dl,FԺ9o J:"1Qf ]]< *_vP 8;y)ڜRcWcNwp~,Wܑ#r<yk+VٌfsYen Vɜ*g"RI8}li>e]םK$VMU*G󼇶hX,^9 u]V߳\8g95<(0d2V^rn Pc3T+[ߗm0=;thZ^|;M(6NWe#8E=Q&Uss)2bЛ|{_=M k7L|3LF ]W}X24;vc6HۅG`R\R&3gfq?eϯT_3[nm~_~*{T c28U0bQ;b VRs @ⴵԝK űηbEƬf'')39_uL&n#ۍ1VZYFrŀ0!0?GwO/SSgᅵFAoOgr 5^*ƀ|y 8gaa:>cH0(J8ا=M9sb(.@ZEW^Ih- )gK]]\Ci- ZJ|>>q帾yܳlp*`{b"`6H.2\&nWbN琖0/<;xgzJ/Iګ@H((ɋX,KdGBery䒿R~dBEIENDB`firewalld-0.8.2/src/icons/Makefile.in0000664007115300711530000003560013641123177020634 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = src/icons DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(nobase_dist_icon_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(icondir)" DATA = $(nobase_dist_icon_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ icondir = $(datadir)/icons/hicolor nobase_dist_icon_DATA = $(wildcard */apps/*) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/icons/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/icons/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-nobase_dist_iconDATA: $(nobase_dist_icon_DATA) @$(NORMAL_INSTALL) @list='$(nobase_dist_icon_DATA)'; test -n "$(icondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(icondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(icondir)" || exit 1; \ fi; \ $(am__nobase_list) | while read dir files; do \ xfiles=; for file in $$files; do \ if test -f "$$file"; then xfiles="$$xfiles $$file"; \ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ test -z "$$xfiles" || { \ test "x$$dir" = x. || { \ echo " $(MKDIR_P) '$(DESTDIR)$(icondir)/$$dir'"; \ $(MKDIR_P) "$(DESTDIR)$(icondir)/$$dir"; }; \ echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(icondir)/$$dir'"; \ $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(icondir)/$$dir" || exit $$?; }; \ done uninstall-nobase_dist_iconDATA: @$(NORMAL_UNINSTALL) @list='$(nobase_dist_icon_DATA)'; test -n "$(icondir)" || list=; \ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ dir='$(DESTDIR)$(icondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(icondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-nobase_dist_iconDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-nobase_dist_iconDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-nobase_dist_iconDATA \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-nobase_dist_iconDATA # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/src/icons/16x16/0000775007115300711530000000000013641123257017347 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/16x16/apps/0000775007115300711530000000000013641123257020312 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/16x16/apps/firewall-applet.png0000664007115300711530000000142613341016621024104 0ustar00egarveregarver00000000000000PNG  IHDRasBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<tEXtTitleFirewalltEXtAuthorLapo Calamandreiߑ*VIDAT8MHTQ;3 ȍ.ՠF -$Dp뢕n2Hi3"78#I$n \4 un\uW#2 sˍׇ} CXk"#ȋ @T}ܫTոRO*u1b셖~ :8ԯn?+vf (%s<)qI <{-&׳uCM&#֔´uuɪ\6ݾlnGGͿb*ZXkiF)rDKIENDB`firewalld-0.8.2/src/icons/16x16/apps/firewall-applet-error.png0000664007115300711530000000153713341016621025236 0ustar00egarveregarver00000000000000PNG  IHDRasBIT|d pHYs : :dJtEXtSoftwarewww.inkscape.org<IDAT8Qhediwiʺt]q,Ee"Xbz ^Zi p M2l6[֖4M?z x^x98Q"ӌ?hpJu?JNow#s!V0mͅ WU0ƎB) x7 esksmy z畓/kVQJ>ZT=|lU]`8@52+0*z31[ZBg0߹\+ 9zSE$PZci>-J:w|v;m< =VLCՊ][x1s FgzuD}G ᦈl=?ecI.IENDB`firewalld-0.8.2/src/icons/16x16/apps/firewall-applet-panic.png0000664007115300711530000000143113341016621025170 0ustar00egarveregarver00000000000000PNG  IHDRasBIT|d pHYs : :dJtEXtSoftwarewww.inkscape.org<IDAT8OUew3zut;b !KlFA65hUQ- wn mf) RRf )ؽw#2csϹ;wTf /ûyy,e6Z;3suw&nh5(Q! ^p3߫_W 4 R6]-B,,o<@m/۷Gv(0GD=?_O2[fCi<ظ|1$hH6ջǥm[A*iFcu=UQ`q/g9*KEDt.8xr8C@8F{XY%q{u5b=3Ct$xn gị c1fÏnXR+yݝ7n*גB" QZAµ?_H5:|5E)sZ,)jyh˚;Zޫs<'xOy,K*2޽K:pzzJY;:z9|e-q4e@mԖtXzp[>ZB3ܼvV+~ݶsr DG?β.O*u1b셖~ :8ԯn?+vf (%s<)qI <{-&׳uCM&#֔´uuɪ\6ݾlnGGͿb*ZXkiF)rDKIENDB`firewalld-0.8.2/src/icons/scalable/0000775007115300711530000000000013641123257020330 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/scalable/apps/0000775007115300711530000000000013641123257021273 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/scalable/apps/firewall-config.svg0000664007115300711530000021043613341016621025063 0ustar00egarveregarver00000000000000 Firewall image/svg+xml Lapo Calamandrei Firewall image/svg+xml firewalld-0.8.2/src/icons/scalable/apps/firewall-applet-panic.svg0000664007115300711530000011574713341016621026204 0ustar00egarveregarver00000000000000 image/svg+xml firewalld-0.8.2/src/icons/scalable/apps/firewall-applet.svg0000664007115300711530000021043613341016621025103 0ustar00egarveregarver00000000000000 Firewall image/svg+xml Lapo Calamandrei Firewall image/svg+xml firewalld-0.8.2/src/icons/scalable/apps/firewall-applet-error.svg0000664007115300711530000014030113341016621026223 0ustar00egarveregarver00000000000000 image/svg+xml firewalld-0.8.2/src/icons/22x22/0000775007115300711530000000000013641123257017341 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/22x22/apps/0000775007115300711530000000000013641123257020304 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/icons/22x22/apps/firewall-applet.png0000664007115300711530000000236313341016621024077 0ustar00egarveregarver00000000000000PNG  IHDRĴl;sBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<tEXtTitleFirewalltEXtAuthorLapo Calamandreiߑ*3IDAT8kW?眝ً &j|KM!UZ(TiH}(ESlR Pn Pid ]lwzK[s>3{sF$IHTZOpk 5T*eGlgk h]n՚~_N v,};h4if01 ۶۶ٲ-l◓'ۧcVWW$7hMԌg) ~71C]]USg9ٳ}Y#dHˋ;umNZON'%So,G}551@@.Y60|cpFy[ڽ[4[N0SkBplVN6-u,@QkP4) GzbσYt@׃֌[&9l^:gi0Mvw7B})n>\ČA!_AJxRRTp`?\q\ax8 0cD;8DLH,Fϙ3M$%q q+G}B:qk4__P:x5kH:U+otdAր38RBV v!%ݻZb}c DVՂ xƍrBef2^.Dp+0W9L-sySx<^+^ͅ7n 6!H8@Ma*.Oskkyg+)"ˋ53͑ujh%ÏZ02J! 6(5ϋcGE.uwd0q.=cYXµ,"xKKËU S Rw/-۶={^kG6o]L&se[s4GDPU1\_"m-A&Ìiooߞ BqB~wΡxE|smDZ6;c"'D^ +W.|If&97z<1$&9NlȄcF*27̣WuĔ㕗S# /Y~3OX F݈uyLz^<.>LtnrK͉ɖXgX?Џ! bL 8ULK ՍxkH";vA{6m@)zVxof2Z65Rq]@`6) #I%X;BFCk0$U\S"woVp2[47Dځ{'OؼCY`?/D#"/CDE"8K{tܞq*s1HUf54YXnd|?jsxӟ/Nb(Ʃ*+1޲Yp9x' -)NWT |՝;9Bjp?@jkH44|ҭ' 䒘lRYZ:VAmM As36Uƒ55ʟ{hģsj_v1ϓ tvBc#ؓ' &L`< BK&1n@L֡3_K"ѵId =bE.]]%Ja"Pe)SZlbTI%𙁍>qQ0r&SRb IkFU%ׇZ;rT 3=ހWΪIUED_ '6g@|6z~oc-z1mS_O?No"vTIENDB`firewalld-0.8.2/src/icons/22x22/apps/firewall-applet-panic.png0000664007115300711530000000214313341016621025163 0ustar00egarveregarver00000000000000PNG  IHDRĴl;sBIT|d pHYs 8ytEXtSoftwarewww.inkscape.org<IDAT8MlUsu:i[( $5T@,a@ EÏF\"!Ш+ M˴a:߽Ŕ$Ƴ:7'7}ϹSQDdpp0 .CCC@w]wm־\qrc=>ne_)ȊezgWux`{7X|.ٝ#"*xq3#ѡ#8Y"Ox9x4ݺB+B#Q*b>*w|u__xbP^tҮ.|´b& YFHR d`! 5kX>:vsQDX,B*Y ha:RpƠ ߮E2)01Wń!xBA5uQD0:KRܚ+@86&]K{7 T;76ւ*m,7+surp؝;16daffVnW&znX֮94፵wA#-ϼʉS{瀣vE- {i&U0/q~}W/}ߌc'On0[KVQ#}x'jO8cu\s4U""zOTTFm!2Үn9/f:s ը㒄,281xPAlHevΜ=4 $+WrR!?65QDc4P@!ySrr\- ֯~ÇGQ˳9r82\5ǵb[nvIpno&F,QEUU9PEUɒDOwUEDťPŽ ]p/8 ߁C5E/[__7fIENDB`firewalld-0.8.2/src/icons/22x22/apps/firewall-config.png0000664007115300711530000000236313341016621024057 0ustar00egarveregarver00000000000000PNG  IHDRĴl;sBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<tEXtTitleFirewalltEXtAuthorLapo Calamandreiߑ*3IDAT8kW?眝ً &j|KM!UZ(TiH}(ESlR Pn Pid ]lwzK[s>3{sF$IHTZOpk 5T*eGlgk h]n՚~_N v,};h4if01 ۶۶ٲ-l◓'ۧcVWW$7hMԌg) ~71C]]USg9ٳ}Y#dHˋ;umNZON'%So,G}551@@.Y60|cpFy[ڽ[4[N0SkBplVN6-u,@QkP4) GzbσYt@׃֌[&9l^:gi0Mvw7B})n>\ČA!_AJxRRTp`?\q\ax8 0cD;8DLH,Fϙ3M$%q q+G}B:qk4__P:x5kH:U+otdAր38RBV v!%ݻZb}c DVՂ xƍrBef2^.Dp+0W9L-sySx<^+^ͅ7n 6!H8@Ma*.Oskkyg+)"ˋ53͑ujh%ÏZ02J! 6(5ϋcGE.uwd0q.=cYXµ,"xKKËU S Rw/-۶={^kG6o]L&;5vw"gʿu]t]R~aLLڠ@I+o@ -}MWTa3DkVpBjF1?Ɛ}~>0n[$Z!?$o- BQ2 ءR)j`΢ zh ]FR)ȟdV :d2z8KPJ J)"߯rIƏΟGG1<Âu| ϣg/3!XQpu J;h壵A <]IIqr^:g YcAӚ1 6@ @# pD,Ǐ˅]73mEe$63gOW٥e!XuLg'&'y땟ᝃ78r嗨0q]Կ'yt Aox2 k׮a­ c.{zb{ooQ׺z{v9-ҢE,Gew5ǰ>@gǕŻwbc3JǏ_pWAOvPf||qtz'1tEBP9g|`}^bzZAα1]=_c빾>)К!!Xnc Ξ[98J@ZqH{blU]INAc4?-8RY}KWoޤDwёQ֮]éS3掋it<ƿLdh߾Ɩ.e7m"&)!HF׮/ڰr~ `I@z`$^8=CC~O)ilTRR`[`HD (NW!Nb1`ٙ~k_.V;;3ߞs]av6y[/&{'FGoۿy#WV\qϿj:\?K}{Q14yd(P"A|p.Tc-B_Jwy6m OxVϧRJ#68 ͛G߃MCZkӚKttta˖mn!f6ua˗nHBAW91[}1TWcy|6 @uCÊD!,cXsL^厉y{_{c!3gN,t_=.i.Zkr 3gQrjtx"Z{!0bkvGapIsC7t+' "<(@g!T rzμǾD%ZPc­ ӧI ,X#v--q#Dҥ>HS`{ZF&UM}‰Qin&z5 D]TZs!ԧSf`J ى5tuaB)3@Cֈŋ۶5\y|$X1< 1~1`K0t*cyK/!yؾYO? JiҡC+AXk+HU*c[[YBv@;QO]m;JmQwX8d7__!ftF Z[%2 1V ?^k+*ׂ-$'Od09xk-\|nLZKtϞrq'ԄikZSE_jk-+Pk#0D!x(7jRJD/!M<N/L.=2f5?l۳k_0gRB K(D8rIzWUjJ n\~PfCCCId2Y<^uMAk2k֐il,KVݻa#|yd:YQL劵e.uJFĪ75ݽL__ ^h!f\INR{2k-fF)ԩ2q~=ȑђֆ}2֭Dg D=}Ԑ/D݂KNIb\ł|yyQ_hQ_yJ̽r Rۢ?;%AhgVT?| AКLSh%2Ag^\ Y,ǽƥ HmBȜѺ-9pxE3fmo']_Oxo0XWgÍil|GGg27|R=z!Dů`qi i[oٳgqt`+q)OHoڔ+|n8 CdR$/^d&7mWzLń ʫϭ ~6}v!{`ϤcףV 1?vkmϭ87·;}&̅`z*p4S0|-Ӈπzk!pJs<['O6:&"ϔff,==dcddcL}g#˖^` "$w-]{ {cǀ/Ϣ("Isi)< ˗q.CDA "qA)' ODL "$ˀC6!TE1Ж=^@'{>y >Mb-e D(.\Hh4:ڷdIOQL嚫|T{{gWY"! BZ`#U Af֬G_xy6I4o- zqǩ|7>S[E +Wns?+֪[;a*8n{#bdDlHua^zɄҪ_km۶]SKStNjݒʲ*XBUW.v & e ,_N)8&:YN2rl{Omz}}HB1YJ${pΑ$ DpM *aݺ&(´ 1>H 2ZKEs9|፟ӧNM{6=vz@pjxЄWCୱYD6͔6F޽lwvI!ȿϝ^*32BTu T_hP`rrz8OIsy)$Q-[p>H<4DSS[Eir(#sfd{}}d؀scx~oA:]"RܳZ;ӨV0IԶE$$I' MX$U b۷X:ӵrYʗ/C Α^k''rǙfy ރsMZEӇۻTws.m8 Q>_3ͱDQ 8o [Xn1XIX,Bo F<\j\]"bHy~՛9Sv E3IENDB`firewalld-0.8.2/src/icons/32x32/apps/firewall-config.png0000664007115300711530000000355513341016621024065 0ustar00egarveregarver00000000000000PNG  IHDR szzsBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<tEXtTitleFirewalltEXtAuthorLapo Calamandreiߑ*IDATX͗[lf sShԆT(%ؾHzѕڤ'Q mUEQ6"VI(JP&iDBMKMem1]Ŭwqe,!OZ~}yofWb1eY 83iF~ߧF+5ZFi5eʗ;Νfd ի[h HȀ /~64<\} 6=#~6;oA.]Rjc: ض{lpVbL `;5vw"gʿu]t]R~aLLڠ@I+o@ -}MWTa3DkVpBjF1?Ɛ}~>0n[$Z!?$o- BQ2 ءR)j`΢ zh ]FR)ȟdV :d2z8KPJ J)"߯rIƏΟGG1<Âu| ϣg/3!XQpu J;h壵A <]IIqr^:g YcAӚ1 6@ @# pD,Ǐ˅]73mEe$63gOW٥e!XuLg'&'y땟ᝃ78r嗨0q]Կ'yt Aox2 k׮a­ c.{zb{ooQ׺z{v9-ҢE,Gew5ǰ>@gǕŻwbc3JǏ_pWAOvPf||qtz'1tEBP9g|`}^bzZAα1]=_c빾>)К!!Xnc Ξ[98J@ZqH{blU]INAc4?-8RY}KWoޤDwёQ֮]éS3掋it<ƿLdh߾Ɩ.e7m"&)!HF׮/ڰr~ `I@z`$^8=CC~O)ilTRR`[B]]]]?ƧR~{~ Ơ7t%p] t1o{o9"'2V55]Le Ks=QK!gF.ݻ)@/0 ׅ Њ)_=@]s"!@JnV0wvՉ\ NJVBg2 %BJm`@"%²PÈxf|sryWyHɥd~hRs,"C91Fԭߴ ]S3gr)6d$'ߺ.6o~טoN8 "_KeFFHaA:`ۣ{}r>ts KH_HIn`g|g|$ׇd %Sp{he1-{‘ehy(-[;(ǏӰkWXtG wDV`^yefffg[.ZPOO."|l7}$LU6*ahA6/>Ę=I[~_ '©Rq }(:Z^X˲-CT* 777nDHI1 >'vֵ0Ls38{6| !5¶!%Q_\6qƚhٌ4WaXTrgWƅ'3t*"ãPldVG9eQC'yX ɺCu3ܡ!@RcaȨͥm|'=^}" ,UEUqq}xY-Qo/ƍ1U[NhZK)'JqY'&&Haob" 7IrՀʻpY3kV5J4jiw R[ْ6yssٹe޷/fU4ELE "yEf2@kQo䳳f 9w${r8uS7 km $|ڵSSF|tv6uc㏊uN5\8ޮx\OI5jl\"f}}ThB=ovv=~b4YUL L1Dɂ _Oh-^G/>y=nC{mmx_g`01 R.7}-:ɆÇau 3m]__" +Wb >2RI"AV">C!=]3lxeeYoəEZs_Zu ""JPʏ"G4#:xfDك!TuKaM0{̮Iz78%ǁ#Z"jUUUzh IENDB`firewalld-0.8.2/src/icons/24x24/apps/firewall-applet-panic.png0000664007115300711530000000223113341016621025165 0ustar00egarveregarver00000000000000PNG  IHDRw=sBIT|d pHYs B(xtEXtSoftwarewww.inkscape.org<IDATH]UUks{gtjH' 4$Cy($2{5!^$ |!JA0)ǑΝg~{^=qf{f?{_{#RY}|@! ?l[̷J^0ܼ[[l%*R CAAjc?C/NAD10XDE=^etK:0$/-"mr\l "\|REXz]Gù]Gv p"]=Uc<1A@:Ƙxi:a{&46mbph#B|.77dWYI<[ass(EABCg`$f"I;;;SSYVU0EF(|igR D;A 28kc@$g.L"ŠΡNx\P"W*}}D$C#TH|<XuEH>O%֭@ by==;C8gk3sY빽{?Nx7ء_ 'dR x3QksLYk=zϏqu0d};3[ͅ<SKNMQmmADHg;[!ɒ5/\^}hD*7GGiL&iy山ҨRwD0A/WFߞ.ƙ>$Jdݸ N&,I75I:1APŵIlp|B]]]]?ƧR~{~ Ơ7t%p] t1o{o9"'2V55]Le Ks=QK!gF.ݻ)@/0 ׅ Њ)_=@]s"!@JnV0wvՉ\ NJVBg2 %BJm`@"%²PÈxf|sryWyHɥd~hRs,"C91Fԭߴ ]S3gr)6d$'ߺ.6o~טoN8 "_KeFFHaA:`ۣ{}r>ts KH_HIn`g|g|$ׇd %Sp{he1-{‘ehy(-[;(ǏӰkWXtG wDV`^yefffg[.ZPOO."|l7}$LU6*ahA6/>Ę=I[~_ '©Rq }(:Z^X˲-CT* 777nDHI1 >'vֵ0Ls38{6| !5¶!%Q_\ # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings from firewall.errors import FirewallError from firewall import config from firewall.core.fw import Firewall from firewall.functions import joinArgs, splitArgs from firewall.core.io.functions import check_config from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand # check for root user def assert_root(): if os.getuid() != 0: sys.stderr.write("You need to be root to run %s.\n" % sys.argv[0]) sys.exit(-1) SYSTEM_CONFIG_FIREWALL = config.SYSCONFIGDIR + '/system-config-firewall' def __usage(): sys.stdout.write(""" Usage: firewall-offline-cmd [OPTIONS...] If no options are given, configuration from '%s' will be migrated. General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages --system-config Path to firewalld system configuration --default-config Path to firewalld default configuration --check-config Check system and default configuration Lokkit Compatibility Options --migrate-system-config-firewall= Import configuration data from the given configuration file. --enabled Enable firewall (default) --disabled Disable firewall --addmodule= Ignored option, was used to enable an iptables module --removemodule= Ignored option, was used to disable an iptables module -s , --service= Enable a service in the default zone (example: ssh) --remove-service= Disable a service in the default zone (example: ssh) -p [-]:, --port=[-]: Enable a port in the default zone (example: ssh:tcp) -t , --trust= Bind an interface to the trusted zone -m , --masq= Enables masquerading in the default zone, interface argument is ignored. This is IPv4 only. --custom-rules=[:][:] Ignored option. Was used to add custom rules to the firewall (Example: ipv4:filter:%s/ipv4_filter_addon) --forward-port=if=:port=:proto=[:toport=][:toaddr=] Forward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This will be added to the default zone. This is IPv4 only. --block-icmp= Block this ICMP type in the default zone. The default is to accept all ICMP types. Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Automatic Helpers Options --get-automatic-helpers Print the automatic helpers value --set-automatic-helpers= Set automatic helpers value Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-zones Print predefined zones --get-services Print predefined services --get-icmptypes Print predefined icmptypes --get-zone-of-interface= Print name of the zone the interface is bound to --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to --list-all-zones List everything added for or enabled in all zones --new-zone= Add a new empty zone --new-zone-from-file= [--name=] Add a new zone from file with optional name override [P only] --delete-zone= Delete an existing zone --load-zone-defaults= Load zone default settings [Z] --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --set-description= Set new description to zone --get-description Print description for zone --get-target Get the zone target --set-target= Set the zone target --info-zone= Print information about a zone --path-zone= Print file path of a zone IPSet Options --new-ipset= --type= [--option=[=]].. Add a new empty ipset --new-ipset-from-file= [--name=] Add a new ipset from file with optional name override [P only] --delete-ipset= Delete an existing ipset --load-ipset-defaults= Load ipset default settings --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset --ipset= --get-description Print description for ipset --ipset= --set-short= Set new short description to ipset --ipset= --get-short Print short description for ipset --ipset= --add-entry= Add a new entry to an ipset --ipset= --remove-entry= Remove an entry from an ipset --ipset= --query-entry= Return whether ipset has an entry --ipset= --get-entries List entries of an ipset --ipset= --add-entries-from-file= Add a new entries to an ipset [P] --ipset= --remove-entries-from-file= Remove entries from an ipset [P] IcmpType Options --new-icmptype= Add a new empty icmptype --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name override [P only] --delete-icmptype= Delete an existing icmptype --load-icmptype-defaults= Load icmptype default settings --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype --icmptype= --set-description= Set new description to icmptype --icmptype= --get-description Print description for icmptype --icmptype= --set-short= Set new short description to icmptype --icmptype= --get-short Print short description for icmptype --icmptype= --add-destination= Enable destination for ipv in icmptype --icmptype= --remove-destination= Disable destination for ipv in icmptype --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype --icmptype= --get-destinations List destinations in icmptype Service Options --new-service= Add a new empty service --new-service-from-file= [--name=] Add a new service from file with optional name override [P only] --delete-service= Delete an existing service --load-service-defaults= Load icmptype default settings --info-service= Print information about a service --path-service= Print file path of a service --service= --set-description= Set new description to service --service= --get-description Print description for service --service= --set-short= Set new short description to service --service= --get-short Print short description for service --service= --add-port=[-]/ Add a new port to service --service= --remove-port=[-]/ Remove a port from service --service= --query-port=[-]/ Return whether the port has been added for service --service= --get-ports List ports of service --service= --add-protocol= Add a new protocol to service --service= --remove-protocol= Remove a protocol from service --service= --query-protocol= Return whether the protocol has been added for service --service= --get-protocols List protocols of service --service= --add-source-port=[-]/ Add a new source port to service --service= --remove-source-port=[-]/ Remove a source port from service --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service --service= --add-helper= Add a new helper to service --service= --remove-helper= Remove a helper from service --service= --query-helper= Return whether the helper has been added for service --service= --get-service-helpers List helpers of service --service= --set-destination=:
[/] Set destination for ipv to address in service --service= --remove-destination= Disable destination for ipv i service --service= --query-destination=:
[/] Return whether destination ipv is set for service --service= --get-destinations List destinations in service --service= --add-include= Add a new include to service --service= --remove-include= Remove a include from service --service= --query-include= Return whether the include has been added for service --service= --get-includes List includes of service Options to Adapt and Query Zones --list-all List everything added for or enabled in a zone [Z] --list-services List services added for a zone [Z] --add-service= Add a service for a zone [Z] --remove-service-from-zone= Remove a service from a zone [Z] --query-service= Return whether service has been added for a zone [Z] --list-ports List ports added for a zone [Z] --add-port=[-]/ Add the port for a zone [Z] --remove-port=[-]/ Remove the port from a zone [Z] --query-port=[-]/ Return whether the port has been added for zone [Z] --list-protocols List protocols added for a zone [Z] --add-protocol= Add the protocol for a zone [Z] --remove-protocol= Remove the protocol from a zone [Z] --query-protocol= Return whether the protocol has been added for zone [Z] --list-source-ports List source ports added for a zone [Z] --add-source-port=[-]/ Add the source port for a zone [Z] --remove-source-port=[-]/ Remove the source port from a zone [Z] --query-source-port=[-]/ Return whether the source port has been added for zone [Z] --list-icmp-blocks List Internet ICMP type blocks added for a zone [Z] --add-icmp-block= Add an ICMP block for a zone [Z] --remove-icmp-block= Remove the ICMP block from a zone [Z] --query-icmp-block= Return whether an ICMP block has been added for a zone [Z] --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [Z] --list-forward-ports List IPv4 forward ports added for a zone [Z] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port for a zone [Z] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port from a zone [Z] --query-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Return whether the IPv4 forward port has been added for a zone [Z] --add-masquerade Enable IPv4 masquerade for a zone [Z] --remove-masquerade Disable IPv4 masquerade for a zone [Z] --query-masquerade Return whether IPv4 masquerading has been enabled for a zone [Z] --list-rich-rules List rich language rules added for a zone [Z] --add-rich-rule= Add rich language rule 'rule' for a zone [Z] --remove-rich-rule= Remove rich language rule 'rule' from a zone [Z] --query-rich-rule= Return whether a rich language rule 'rule' has been added for a zone [Z] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [Z] --add-interface= Bind the to a zone [Z] --change-interface= Change zone the is bound to [Z] --query-interface= Query whether is bound to a zone [Z] --remove-interface= Remove binding of from a zone [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [Z] --add-source=[/]||ipset: Bind the source to a zone [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [Z] Helper Options --new-helper= --module= [--family=] Add a new helper --new-helper-from-file= [--name=] Add a new helper from file with optional name --delete-helper= Delete an existing helper --load-helper-defaults= Load helper default settings --info-helper= Print information about an helper --path-helper= Print file path of an helper --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper --helper= --get-description Print description for helper --helper= --set-short= Set new short description to helper --helper= --get-short Print short description for helper --helper= --add-port=[-]/ Add a new port to helper --helper= --remove-port=[-]/ Remove a port from helper --helper= --query-port=[-]/ Return whether the port has been added for helper --helper= --get-ports List ports of helper --helper= --set-module= Set module to helper --helper= --get-module Get module from helper --helper= --set-family={ipv4|ipv6|} Set family for helper --helper= --get-family Get module from helper Direct Options --direct First option for all direct options --get-all-chains Get all chains --get-chains {ipv4|ipv6|eb}
Get all chains added to the table --add-chain {ipv4|ipv6|eb}
Add a new chain to the table --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table --get-all-rules Get all rules --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table --get-all-passthroughs Get all passthrough rules --get-passthroughs {ipv4|ipv6|eb} ... Get passthrough rules --add-passthrough {ipv4|ipv6|eb} ... Add a new passthrough rule --remove-passthrough {ipv4|ipv6|eb} ... Remove a passthrough rule --query-passthrough {ipv4|ipv6|eb} ... Return whether the passthrough rule has been added Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist --add-lockdown-whitelist-command= Add the command to the whitelist --remove-lockdown-whitelist-command= Remove the command from the whitelist --query-lockdown-whitelist-command= Query whether the command is on the whitelist --list-lockdown-whitelist-contexts List all contexts that are on the whitelist --add-lockdown-whitelist-context= Add the context context to the whitelist --remove-lockdown-whitelist-context= Remove the context from the whitelist --query-lockdown-whitelist-context= Query whether the context is on the whitelist --list-lockdown-whitelist-uids List all user ids that are on the whitelist --add-lockdown-whitelist-uid= Add the user id uid to the whitelist --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist --list-lockdown-whitelist-users List all user names that are on the whitelist --add-lockdown-whitelist-user= Add the user name user to the whitelist --remove-lockdown-whitelist-user= Remove the user name user from the whitelist --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist Polkit Options --policy-server Change Polkit actions to 'server' (more restricted) --policy-desktop Change Polkit actions to 'desktop' (less restricted) """ % (SYSTEM_CONFIG_FIREWALL, config.SYSCONFIGDIR)) def parse_port_lokkit(value): try: (port, proto) = value.split(":") except Exception: cmd.fail("bad port (most likely missing protocol), correct syntax is portid[-portid]:protocol") return (port, proto) def pk_symlink(product='server'): _PK_DIR = '/usr/share/polkit-1/actions/' _PK_NAME = 'org.fedoraproject.FirewallD1.' os.chdir(_PK_DIR) if os.path.isfile(_PK_NAME+product+'.policy.choice'): if os.path.isfile(_PK_NAME+'policy'): os.remove(_PK_NAME+'policy') os.symlink(_PK_NAME+product+'.policy.choice', _PK_NAME+'policy') cmd.print_and_exit('symlink '+_PK_DIR+_PK_NAME+product+'.policy.choice -> '+_PK_NAME+'policy') else: cmd.fail('no such file '+_PK_DIR+_PK_NAME+product+'.policy.choice') # system-config-firewall def read_sysconfig_args(config_file=SYSTEM_CONFIG_FIREWALL): filename = None if os.path.exists(config_file) and os.path.isfile(config_file): filename = config_file try: f = open(filename, 'r') except Exception: return None argv = [ ] for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] == '#': continue argv.append(line) f.close() return argv parser = argparse.ArgumentParser(usage="see firewall-offline-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_lokkit = parser.add_argument_group() parser_group_lokkit.add_argument("--enabled", action="store_true") parser_group_lokkit.add_argument("--disabled", action="store_true") parser_group_lokkit.add_argument("--addmodule", metavar="", action='append') parser_group_lokkit.add_argument("--removemodule", metavar="", action='append') parser_group_lokkit.add_argument("--service", "-s", metavar="", action='append') parser_group_lokkit.add_argument("--remove-service", metavar="", action='append') parser_group_lokkit.add_argument("--port", "-p", metavar="", action='append') parser_group_lokkit.add_argument("--trust", "-t", metavar="", action='append') parser_group_lokkit.add_argument("--masq", "-m", metavar="", action='append') parser_group_lokkit.add_argument("--custom-rules", metavar="", action='append') parser_group_lokkit.add_argument("--forward-port", metavar="", action='append') parser_group_lokkit.add_argument("--block-icmp", metavar="", action='append') parser.add_argument("--system-config", metavar="path") parser.add_argument("--default-config", metavar="path") parser.add_argument("--check-config", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--policy-server", action="store_true") parser_group_standalone.add_argument("--policy-desktop", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--zone", default="", metavar="") parser_group_zone = parser.add_mutually_exclusive_group() parser_group_zone.add_argument("--add-interface", metavar="", action='append') parser_group_zone.add_argument("--remove-interface", metavar="", action='append') parser_group_zone.add_argument("--query-interface", metavar="", action='append') parser_group_zone.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone.add_argument("--list-interfaces", action="store_true") parser_group_zone.add_argument("--add-source", metavar="", action='append') parser_group_zone.add_argument("--remove-source", metavar="", action='append') parser_group_zone.add_argument("--query-source", metavar="", action='append') parser_group_zone.add_argument("--change-source", metavar="", action='append') parser_group_zone.add_argument("--list-sources", action="store_true") parser_group_zone.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--add-service", metavar="", action='append') parser_group_zone.add_argument("--remove-service-from-zone", metavar="", action='append') parser_group_zone.add_argument("--query-service", metavar="", action='append') parser_group_zone.add_argument("--add-port", metavar="", action='append') parser_group_zone.add_argument("--remove-port", metavar="", action='append') parser_group_zone.add_argument("--query-port", metavar="", action='append') parser_group_zone.add_argument("--add-protocol", metavar="", action='append') parser_group_zone.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone.add_argument("--query-protocol", metavar="", action='append') parser_group_zone.add_argument("--add-source-port", metavar="", action='append') parser_group_zone.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone.add_argument("--query-source-port", metavar="", action='append') parser_group_zone.add_argument("--add-masquerade", action="store_true") parser_group_zone.add_argument("--remove-masquerade", action="store_true") parser_group_zone.add_argument("--query-masquerade", action="store_true") parser_group_zone.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone.add_argument("--list-rich-rules", action="store_true") parser_group_zone.add_argument("--list-services", action="store_true") parser_group_zone.add_argument("--list-ports", action="store_true") parser_group_zone.add_argument("--list-protocols", action="store_true") parser_group_zone.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone.add_argument("--list-forward-ports", action="store_true") parser_group_zone.add_argument("--list-source-ports", action="store_true") parser_group_zone.add_argument("--list-all", action="store_true") parser_group_zone.add_argument("--get-target", action="store_true") parser_group_zone.add_argument("--set-target", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## cmd = FirewallCommand() def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook if len(sys.argv) > 1 and \ any('--migrate-system-config-firewall' in arg for arg in sys.argv): args = sys.argv[1:] migration_parser = argparse.ArgumentParser( usage="see firewall-offline-cmd man page", add_help=False) migration_parser.add_argument("-h", "--help", action="store_true") migration_parser.add_argument("-v", "--verbose", action="store_true") migration_parser.add_argument("-q", "--quiet", action="store_true") migration_parser.add_argument("--migrate-system-config-firewall", metavar="", action='store') a,unknown = migration_parser.parse_known_args(args) cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) if a.help: __usage() sys.exit(0) else: assert_root() if a.quiet: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.migrate_system_config_firewall: args = read_sysconfig_args(a.migrate_system_config_firewall) if not args: cmd.fail("Opening of '%s' failed, exiting." % \ a.migrate_system_config_firewall) args += unknown elif len(sys.argv) > 1: i = -1 args = sys.argv[1:] if '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg else: assert_root() # migrate configuration from SYSTEM_CONFIG_FIREWALL args = read_sysconfig_args() if not args: cmd.fail("Opening of '%s' failed, exiting." % SYSTEM_CONFIG_FIREWALL) a = parser.parse_args(args) options_lokkit = a.enabled or a.disabled or a.addmodule or a.removemodule or \ a.trust or a.masq or a.custom_rules or \ a.service or a.remove_service or a.port or \ a.trust or a.masq or a.forward_port or a.block_icmp options_standalone = a.help or a.version or \ a.policy_server or a.policy_desktop or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.info_helper or \ a.get_helpers options_zone_action_action = \ a.add_service or a.remove_service_from_zone or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port options_zone_interfaces_sources = \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_adapt_query = \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.list_all or a.get_target or a.set_target options_zone_ops = options_zone_interfaces_sources or \ options_zone_action_action or options_zone_adapt_query options_zone = a.zone or options_zone_ops or options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = options_config or options_zone or \ a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.ipset or options_ipset or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper options_direct = \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description # Set quiet and verbose cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_lokkit or \ options_icmptype or options_service or options_helper or \ options_permanent or options_direct or options_desc_xml_file or \ a.check_config): cmd.fail(parser.format_usage() + "No option specified.") if options_lokkit and (options_standalone or \ options_permanent or options_direct) and \ not (options_service and a.service): cmd.fail(parser.format_usage() + "Can't use lokkit options with other options.") if options_standalone and (options_permanent or \ options_direct or options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if options_service and a.service and len(a.service) > 0: if len(a.service) > 1: cmd.fail(parser.format_usage() + "More than one service specified.") # use the first entry in the array only a.service = a.service[0] if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No helper specified.") if options_direct and options_zone: cmd.fail(parser.format_usage() + "Can't use 'direct' options with other options.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_config and options_zone: cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.help: __usage() sys.exit(0) assert_root() if a.system_config: config.set_system_config_paths(a.system_config) if a.default_config: config.set_default_config_paths(a.default_config) if a.check_config: try: fw = Firewall(offline=True) fw.start() check_config(fw) except FirewallError as error: cmd.print_and_exit("Configuration error: %s" % error, error.code) except Exception as msg: cmd.fail("Configuration error: %s" % msg) sys.exit(0) zone = a.zone fw = Firewall(offline=True) fw.start() try: # Lokkit Compatibility Options if options_lokkit and not (options_service and a.service): trusted_zone = "trusted" default_zone = fw.get_default_zone() fw_zone = fw.config.get_zone(default_zone) fw_settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(fw_zone))) if a.enabled: # Enable firewall (default) os.system("systemctl enable firewalld.service") if a.disabled: # Disable firewall os.system("systemctl disable firewalld.service") if a.addmodule: for m in a.addmodule: cmd.print_msg("Ignoring addmodule '%s'" % m) if a.removemodule: for m in a.removemodule: cmd.print_msg("Ignoring removemodule '%s'" % m) if a.custom_rules: for c in a.custom_rules: cmd.print_msg("Ignoring custom-rule '%s'" % c) if a.service: for s in a.service: cmd.print_msg("Adding service '%s' to default zone." % s) if not fw_settings.queryService(s): fw_settings.addService(s) else: cmd.print_msg("ALREADY_ENABLED: %s" % s) if a.remove_service: for s in a.remove_service: cmd.print_msg("Removing service '%s' from default zone." % s) if fw_settings.queryService(s): fw_settings.removeService(s) else: cmd.print_msg("NOT_ENABLED: %s" % s) if a.port: for port_proto in a.port: (port, proto) = parse_port_lokkit(port_proto) cmd.print_msg("Adding port '%s/%s' to default zone." % (port, proto)) if not fw_settings.queryPort(port, proto): fw_settings.addPort(port, proto) else: cmd.print_msg("ALREADY_ENABLED: %s" % port_proto) if a.trust: if default_zone != trusted_zone: fw_trusted = fw.config.get_zone("trusted") fw_trusted_settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(fw_trusted))) # Bind an interface to the trusted zone for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_trusted_settings.queryInterface(i): fw_trusted_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) fw.config.set_zone_config(fw_trusted, fw_trusted_settings.settings) else: for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_settings.queryInterface(i): fw_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) if a.masq: # Enables masquerading in the default zone, interface argument is ignored cmd.print_msg("Enabling masquerade for the default zone.") fw_settings.setMasquerade(True) if a.forward_port: for fp in a.forward_port: (port, protocol, toport, toaddr) = cmd.parse_forward_port( fp, compat=True) cmd.print_msg("Adding forward port %s:%s:%s:%s to default zone." % \ (port, protocol, toport, toaddr)) if not fw_settings.queryForwardPort(port, protocol, toport, toaddr): fw_settings.addForwardPort(port, protocol, toport, toaddr) else: cmd.print_msg("ALREADY_ENABLED: %s" % fp) if a.block_icmp: for ib in a.block_icmp: cmd.print_msg("Adding icmpblock '%s' to default zone." % ib) if not fw_settings.queryIcmpBlock(ib): fw_settings.addIcmpBlock(ib) else: cmd.print_msg("ALREADY_ENABLED: %s" % ib) fw.config.set_zone_config(fw_zone, fw_settings.settings) elif a.version: cmd.print_and_exit(config.VERSION) elif a.get_log_denied: cmd.print_and_exit(fw.get_log_denied()) elif a.set_log_denied: fw.set_log_denied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.get_automatic_helpers()) elif a.set_automatic_helpers: fw.set_automatic_helpers(a.set_automatic_helpers) elif a.policy_server: pk_symlink('server') elif a.policy_desktop: pk_symlink('desktop') # options from firewall-cmd elif a.get_default_zone: cmd.print_and_exit(fw.get_default_zone()) elif a.set_default_zone: fw.set_default_zone(a.set_default_zone) # lockdown elif a.lockdown_on: fw.enable_lockdown() elif a.lockdown_off: fw.disable_lockdown() elif a.query_lockdown: cmd.print_query_result(fw.policies.query_lockdown()) # zones elif a.get_zones: zones = fw.config.get_zones() cmd.print_and_exit(" ".join(zones)) elif a.new_zone: fw.config.new_zone(a.new_zone, FirewallClientZoneSettings().settings) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name fw.config.new_zone(obj.name, obj.export_config()) elif a.delete_zone: obj = fw.config.get_zone(a.delete_zone) fw.config.remove_zone(obj) elif a.load_zone_defaults: obj = fw.config.get_zone(a.load_zone_defaults) fw.config.load_zone_defaults(obj) elif a.info_zone: zone = fw.config.get_zone(a.info_zone) settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(zone))) cmd.print_zone_info(a.info_zone, settings, True) sys.exit(0) elif a.path_zone: obj = fw.config.get_zone(a.path_zone) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # services elif a.get_services: services = fw.config.get_services() cmd.print_and_exit(" ".join(services)) elif a.new_service: fw.config.new_service_dict(a.new_service, FirewallClientServiceSettings().getSettingsDict()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name fw.config.new_service(obj.name, obj.export_config()) elif a.delete_service: obj = fw.config.get_service(a.delete_service) fw.config.remove_service(obj) # remove service from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(_zone))) if _settings.queryService(a.delete_service): _settings.removeService(a.delete_service) fw.config.set_zone_config(_zone, _settings.settings) elif a.load_service_defaults: obj = fw.config.get_service(a.load_service_defaults) fw.config.load_service_defaults(obj) elif a.info_service: service = fw.config.get_service(a.info_service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) cmd.print_service_info(a.info_service, settings) sys.exit(0) elif a.path_service: obj = fw.config.get_service(a.path_service) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # icmptypes elif a.get_icmptypes: icmptypes = fw.config.get_icmptypes() cmd.print_and_exit(" ".join(icmptypes)) elif a.new_icmptype: fw.config.new_icmptype(a.new_icmptype, FirewallClientIcmpTypeSettings().settings) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name fw.config.new_icmptype(obj.name, obj.export_config()) elif a.delete_icmptype: obj = fw.config.get_icmptype(a.delete_icmptype) fw.config.remove_icmptype(obj) # remove icmpyte from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(_zone))) if _settings.queryIcmpBlock(a.delete_icmptype): _settings.removeIcmpBlock(a.delete_icmptype) fw.config.set_zone_config(_zone, _settings.settings) elif a.load_icmptype_defaults: obj = fw.config.get_icmptype(a.load_icmptype_defaults) fw.config.load_icmptype_defaults(obj) elif a.info_icmptype: icmptype = fw.config.get_icmptype(a.info_icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) cmd.print_icmptype_info(a.info_icmptype, settings) sys.exit(0) elif a.path_icmptype: obj = fw.config.get_icmptype(a.path_icmptype) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.icmptype and options_icmptype: icmptype = fw.config.get_icmptype(a.icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") elif a.service and options_service: service = fw.config.get_service(a.service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # ipsets if a.get_ipsets: ipsets = fw.config.get_ipsets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) fw.config.new_ipset(a.new_ipset, settings.settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name fw.config.new_ipset(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config.get_ipset(a.delete_ipset) fw.config.remove_ipset(ipset) elif a.load_ipset_defaults: obj = fw.config.get_ipset(a.load_ipset_defaults) fw.config.load_ipset_defaults(obj) elif a.info_ipset: ipset = fw.config.get_ipset(a.info_ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_ipset_info(a.info_ipset, settings) sys.exit(0) elif a.path_ipset: obj = fw.config.get_ipset(a.path_ipset) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.ipset: if a.add_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.query_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % \ entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.set_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setDescription(a.set_description) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getDescription()) elif a.set_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setShort(a.set_short) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # helper elif a.get_helpers: cmd.print_and_exit(" ".join(sorted(fw.config.get_helpers()))) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) fw.config.new_helper(a.new_helper, settings.settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name fw.config.new_helper(obj.name, obj.export_config()) elif a.delete_helper: obj = fw.config.get_helper(a.delete_helper) fw.config.remove_helper(obj) elif a.load_helper_defaults: obj = fw.config.get_helper(a.load_helper_defaults) fw.config.load_helper_defaults(obj) elif a.info_helper: obj = fw.config.get_helper(a.info_helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) cmd.print_helper_info(a.info_helper, settings) sys.exit(0) elif a.path_helper: obj = fw.config.get_helper(a.path_helper) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.helper: obj = fw.config.get_helper(a.helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) fw.config.set_helper_config(obj, settings.settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) fw.config.set_helper_config(obj, settings.settings) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_helper_config(obj, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_helper_config(obj, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: whitelist = fw.config.get_policies().lockdown_whitelist # commands if a.list_lockdown_whitelist_commands: l = whitelist.get_commands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, whitelist.add_command, whitelist.has_command, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, whitelist.remove_command, whitelist.has_command, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, whitelist.has_command, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = whitelist.get_contexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, whitelist.add_context, whitelist.has_context, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, whitelist.remove_context, whitelist.has_context, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, whitelist.has_context, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = whitelist.get_uids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid: cmd.add_sequence(a.add_lockdown_whitelist_uid, whitelist.add_uid, whitelist.has_uid, None, "'%s'") elif a.remove_lockdown_whitelist_uid: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, whitelist.remove_uid, whitelist.has_uid, None, "'%s'") elif a.query_lockdown_whitelist_uid: cmd.query_sequence(a.query_lockdown_whitelist_uid, whitelist.has_uid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = whitelist.get_users() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, whitelist.add_user, whitelist.has_user, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, whitelist.remove_user, whitelist.has_user, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, whitelist.has_user, None, "'%s'") # apply whitelist changes whitelist.write() elif options_direct: obj = fw.config.get_direct() if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg( obj.add_passthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") obj.remove_passthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( obj.query_passthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = obj.get_passthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: rules = obj.get_all_passthroughs() for ipv in rules: for rule in rules[ipv]: cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: obj.add_chain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: obj.remove_chain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( obj.query_chain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(obj.get_chains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = obj.get_all_chains() for (ipv, table) in chains: for chain in chains[(ipv, table)]: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("wrong priority\nusage: --direct --add-rule { ipv4 | ipv6 | eb }
") obj.add_rule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") obj.remove_rule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") obj.remove_rules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( obj.query_rule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = obj.get_rules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = obj.get_all_rules() for (ipv, table, chain) in rules: for (priority, rule) in rules[(ipv, table, chain)]: cmd.print_msg("%s %s %s %d %s" % \ (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) obj.write() else: if zone == "": zone = fw.get_default_zone() fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(fw_zone))) # convert to list, for setMasquerade # interface if a.list_interfaces: l = fw_settings.getInterfaces() cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if interface in obj.interfaces: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % (interface, len(ret))) if len(ret) == 1: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.print_and_exit("no zone", 2) elif a.change_interface: for interface in a.change_interface: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if interface in old_zone_obj.interfaces: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings( fw.config.get_zone_config(old_zone_obj)) old_zone_settings.removeInterface(interface) # remove from old fw.config.set_zone_config(old_zone_obj, old_zone_settings.settings) fw_settings.addInterface(interface) # add to new elif a.add_interface: cmd.add_sequence(a.add_interface, fw_settings.addInterface, fw_settings.queryInterface, None, "'%s'") elif a.remove_interface: cmd.remove_sequence(a.remove_interface, fw_settings.removeInterface, fw_settings.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_settings.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_settings.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if source in obj.sources: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % (source, len(ret))) if len(ret) == 1: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.print_and_exit("no zone", 2) elif a.change_source: for source in a.change_source: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if source in old_zone_obj.sources: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings( fw.config.get_zone_config(old_zone_obj)) old_zone_settings.removeSource(source) # remove from old fw.config.set_zone_config(old_zone_obj, old_zone_settings.settings) fw_settings.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_settings.addSource, fw_settings.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_settings.removeSource, fw_settings.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_settings.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_settings.addRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_settings.removeRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_settings.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_settings.addService, fw_settings.queryService, None, "'%s'") elif a.remove_service_from_zone: cmd.remove_sequence(a.remove_service_from_zone, fw_settings.removeService, fw_settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_settings.queryService, None, "'%s'") # port elif a.list_ports: l = fw_settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.add_sequence(a.add_port, fw_settings.addPort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_settings.removePort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_settings.getProtocols() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_settings.addProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_settings.removeProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_settings.addSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_settings.removeSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_settings.setMasquerade(True) elif a.remove_masquerade: fw_settings.setMasquerade(False) elif a.query_masquerade: cmd.print_query_result(fw_settings.getMasquerade()) # forward port elif a.list_forward_ports: l = fw_settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (_port, _protocol, _toport, _toaddr) for (_port, _protocol, _toport, _toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_settings.addForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_settings.removeForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_settings.addIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_settings.removeIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_settings.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_settings.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_settings.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_settings.queryIcmpBlockInversion()) # zone target elif a.get_target: cmd.print_and_exit(fw_settings.getTarget()) elif a.set_target: fw_settings.setTarget(a.set_target) # list all zone settings elif a.list_all: cmd.print_zone_info(zone if zone else fw.get_default_zone(), fw_settings) sys.exit(0) # list everything elif a.list_all_zones: zones = fw.config.get_zones() for zone in zones: fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings(list(fw.config.get_zone_config(fw_zone))) cmd.print_zone_info(zone, fw_settings) cmd.print_msg("") sys.exit(0) elif a.set_description: fw_settings.setDescription(a.set_description) elif a.get_description: cmd.print_and_exit(fw_settings.getDescription()) elif a.set_short: fw_settings.setShort(a.set_short) elif a.get_short: cmd.print_and_exit(fw_settings.getShort()) fw.config.set_zone_config(fw_zone, fw_settings.settings) cmd.print_and_exit("success") except FirewallError as msg: cmd.print_and_exit("%s" % msg, msg.code) except Exception as msg: cmd.fail("%s" % msg) else: cmd.print_and_exit("success") firewalld-0.8.2/src/firewall-cmd0000775007115300711530000034772213641123204017752 0ustar00egarveregarver00000000000000#!/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClient, FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings from firewall.errors import FirewallError from firewall import errors from firewall.functions import joinArgs, splitArgs from firewall.core.fw_nm import nm_is_imported, \ nm_get_connection_of_interface, nm_get_zone_of_connection, \ nm_set_zone_of_connection, nm_get_interfaces_in_zone from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand def __usage(): sys.stdout.write(""" Usage: firewall-cmd [OPTIONS...] General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Permanent Options --permanent Set an option permanently Usable for options marked with [P] Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-active-zones Print currently active zones --get-zones Print predefined zones [P] --get-services Print predefined services [P] --get-icmptypes Print predefined icmptypes [P] --get-zone-of-interface= Print name of the zone the interface is bound to [P] --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to [P] --list-all-zones List everything added for or enabled in all zones [P] --new-zone= Add a new zone [P only] --new-zone-from-file= [--name=] Add a new zone from file with optional name [P only] --delete-zone= Delete an existing zone [P only] --load-zone-defaults= Load zone default settings [P only] [Z] --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --get-target Get the zone target [P only] [Z] --set-target= Set the zone target [P only] [Z] --info-zone= Print information about a zone --path-zone= Print file path of a zone [P only] IPSet Options --get-ipset-types Print the supported ipset types --new-ipset= --type= [--option=[=]].. Add a new ipset [P only] --new-ipset-from-file= [--name=] Add a new ipset from file with optional name [P only] --delete-ipset= Delete an existing ipset [P only] --load-ipset-defaults= Load ipset default settings [P only] --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset [P only] --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset [P only] --ipset= --get-description Print description for ipset [P only] --ipset= --set-short= Set new short description to ipset [P only] --ipset= --get-short Print short description for ipset [P only] --ipset= --add-entry= Add a new entry to an ipset [P] --ipset= --remove-entry= Remove an entry from an ipset [P] --ipset= --query-entry= Return whether ipset has an entry [P] --ipset= --get-entries List entries of an ipset [P] --ipset= --add-entries-from-file= Add a new entries to an ipset [P] --ipset= --remove-entries-from-file= Remove entries from an ipset [P] IcmpType Options --new-icmptype= Add a new icmptype [P only] --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name [P only] --delete-icmptype= Delete an existing icmptype [P only] --load-icmptype-defaults= Load icmptype default settings [P only] --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype [P only] --icmptype= --set-description= Set new description to icmptype [P only] --icmptype= --get-description Print description for icmptype [P only] --icmptype= --set-short= Set new short description to icmptype [P only] --icmptype= --get-short Print short description for icmptype [P only] --icmptype= --add-destination= Enable destination for ipv in icmptype [P only] --icmptype= --remove-destination= Disable destination for ipv in icmptype [P only] --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype [P only] --icmptype= --get-destinations List destinations in icmptype [P only] Service Options --new-service= Add a new service [P only] --new-service-from-file= [--name=] Add a new service from file with optional name [P only] --delete-service= Delete an existing service [P only] --load-service-defaults= Load icmptype default settings [P only] --info-service= Print information about a service --path-service= Print file path of a service [P only] --service= --set-description= Set new description to service [P only] --service= --get-description Print description for service [P only] --service= --set-short= Set new short description to service [P only] --service= --get-short Print short description for service [P only] --service= --add-port=[-]/ Add a new port to service [P only] --service= --remove-port=[-]/ Remove a port from service [P only] --service= --query-port=[-]/ Return whether the port has been added for service [P only] --service= --get-ports List ports of service [P only] --service= --add-protocol= Add a new protocol to service [P only] --service= --remove-protocol= Remove a protocol from service [P only] --service= --query-protocol= Return whether the protocol has been added for service [P only] --service= --get-protocols List protocols of service [P only] --service= --add-source-port=[-]/ Add a new source port to service [P only] --service= --remove-source-port=[-]/ Remove a source port from service [P only] --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service [P only] --service= --add-helper= Add a new helper to service [P only] --service= --remove-helper= Remove a helper from service [P only] --service= --query-helper= Return whether the helper has been added for service [P only] --service= --get-service-helpers List helpers of service [P only] --service= --set-destination=:
[/] Set destination for ipv to address in service [P only] --service= --remove-destination= Disable destination for ipv i service [P only] --service= --query-destination=:
[/] Return whether destination ipv is set for service [P only] --service= --get-destinations List destinations in service [P only] --service= --add-include= Add a new include to service [P only] --service= --remove-include= Remove a include from service [P only] --service= --query-include= Return whether the include has been added for service [P only] --service= --get-includes List includes of service [P only] Options to Adapt and Query Zones --list-all List everything added for or enabled in a zone [P] [Z] --list-services List services added for a zone [P] [Z] --timeout= Enable an option for timeval time, where timeval is a number followed by one of letters 's' or 'm' or 'h' Usable for options marked with [T] --set-description= Set new description to zone [P only] [Z] --get-description Print description for zone [P only] [Z] --set-short= Set new short description to zone [P only] [Z] --get-short Print short description for zone [P only] [Z] --add-service= Add a service for a zone [P] [Z] [T] --remove-service= Remove a service from a zone [P] [Z] --query-service= Return whether service has been added for a zone [P] [Z] --list-ports List ports added for a zone [P] [Z] --add-port=[-]/ Add the port for a zone [P] [Z] [T] --remove-port=[-]/ Remove the port from a zone [P] [Z] --query-port=[-]/ Return whether the port has been added for zone [P] [Z] --list-protocols List protocols added for a zone [P] [Z] --add-protocol= Add the protocol for a zone [P] [Z] [T] --remove-protocol= Remove the protocol from a zone [P] [Z] --query-protocol= Return whether the protocol has been added for zone [P] [Z] --list-source-ports List source ports added for a zone [P] [Z] --add-source-port=[-]/ Add the source port for a zone [P] [Z] [T] --remove-source-port=[-]/ Remove the source port from a zone [P] [Z] --query-source-port=[-]/ Return whether the source port has been added for zone [P] [Z] --list-icmp-blocks List Internet ICMP type blocks added for a zone [P] [Z] --add-icmp-block= Add an ICMP block for a zone [P] [Z] [T] --remove-icmp-block= Remove the ICMP block from a zone [P] [Z] --query-icmp-block= Return whether an ICMP block has been added for a zone [P] [Z] --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [P] [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [P] [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [P] [Z] --list-forward-ports List IPv4 forward ports added for a zone [P] [Z] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port for a zone [P] [Z] [T] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port from a zone [P] [Z] --query-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Return whether the IPv4 forward port has been added for a zone [P] [Z] --add-masquerade Enable IPv4 masquerade for a zone [P] [Z] [T] --remove-masquerade Disable IPv4 masquerade for a zone [P] [Z] --query-masquerade Return whether IPv4 masquerading has been enabled for a zone [P] [Z] --list-rich-rules List rich language rules added for a zone [P] [Z] --add-rich-rule= Add rich language rule 'rule' for a zone [P] [Z] [T] --remove-rich-rule= Remove rich language rule 'rule' from a zone [P] [Z] --query-rich-rule= Return whether a rich language rule 'rule' has been added for a zone [P] [Z] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [P] [Z] --add-interface= Bind the to a zone [P] [Z] --change-interface= Change zone the is bound to [P] [Z] --query-interface= Query whether is bound to a zone [P] [Z] --remove-interface= Remove binding of from a zone [P] [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [P] [Z] --add-source=[/]||ipset: Bind the source to a zone [P] [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [P] [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [P] [Z] Helper Options --new-helper= --module= [--family=] Add a new helper [P only] --new-helper-from-file= [--name=] Add a new helper from file with optional name [P only] --delete-helper= Delete an existing helper [P only] --load-helper-defaults= Load helper default settings [P only] --info-helper= Print information about an helper --path-helper= Print file path of an helper [P only] --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper [P only] --helper= --get-description Print description for helper [P only] --helper= --set-short= Set new short description to helper [P only] --helper= --get-short Print short description for helper [P only] --helper= --add-port=[-]/ Add a new port to helper [P only] --helper= --remove-port=[-]/ Remove a port from helper [P only] --helper= --query-port=[-]/ Return whether the port has been added for helper [P only] --helper= --get-ports List ports of helper [P only] --helper= --set-module= Set module to helper [P only] --helper= --get-module Get module from helper [P only] --helper= --set-family={ipv4|ipv6|} Set family for helper [P only] --helper= --get-family Get module from helper [P only] Direct Options --direct First option for all direct options --get-all-chains Get all chains [P] --get-chains {ipv4|ipv6|eb}
Get all chains added to the table [P] --add-chain {ipv4|ipv6|eb}
Add a new chain to the table [P] --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table [P] --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table [P] --get-all-rules Get all rules [P] --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table [P] --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table [P] --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table [P] --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table [P] --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table [P] --passthrough {ipv4|ipv6|eb} ... Pass a command through (untracked by firewalld) --get-all-passthroughs Get all tracked passthrough rules [P] --get-passthroughs {ipv4|ipv6|eb} ... Get tracked passthrough rules [P] --add-passthrough {ipv4|ipv6|eb} ... Add a new tracked passthrough rule [P] --remove-passthrough {ipv4|ipv6|eb} ... Remove a tracked passthrough rule [P] --query-passthrough {ipv4|ipv6|eb} ... Return whether the tracked passthrough rule has been added [P] Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist [P] --add-lockdown-whitelist-command= Add the command to the whitelist [P] --remove-lockdown-whitelist-command= Remove the command from the whitelist [P] --query-lockdown-whitelist-command= Query whether the command is on the whitelist [P] --list-lockdown-whitelist-contexts List all contexts that are on the whitelist [P] --add-lockdown-whitelist-context= Add the context context to the whitelist [P] --remove-lockdown-whitelist-context= Remove the context from the whitelist [P] --query-lockdown-whitelist-context= Query whether the context is on the whitelist [P] --list-lockdown-whitelist-uids List all user ids that are on the whitelist [P] --add-lockdown-whitelist-uid= Add the user id uid to the whitelist [P] --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist [P] --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist [P] --list-lockdown-whitelist-users List all user names that are on the whitelist [P] --add-lockdown-whitelist-user= Add the user name user to the whitelist [P] --remove-lockdown-whitelist-user= Remove the user name user from the whitelist [P] --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist [P] Panic Options --panic-on Enable panic mode --panic-off Disable panic mode --query-panic Query whether panic mode is enabled """) def try_set_zone_of_interface(_zone, interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: if _zone == nm_get_zone_of_connection(connection): if _zone == "": cmd.print_warning("The interface is under control of NetworkManager and already bound to the default zone") else: cmd.print_warning("The interface is under control of NetworkManager and already bound to '%s'" % _zone) if _zone == "": cmd.print_msg("The interface is under control of NetworkManager, setting zone to default.") else: cmd.print_msg("The interface is under control of NetworkManager, setting zone to '%s'." % _zone) nm_set_zone_of_connection(_zone, connection) return True return False def try_get_zone_of_interface(interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: return nm_get_zone_of_connection(connection) return False def try_nm_get_interfaces_in_zone(zone): if nm_is_imported(): try: return nm_get_interfaces_in_zone(zone) except Exception: pass return [] parser = argparse.ArgumentParser(usage="see firewall-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--state", action="store_true") parser_group_standalone.add_argument("--reload", action="store_true") parser_group_standalone.add_argument("--complete-reload", action="store_true") parser_group_standalone.add_argument("--runtime-to-permanent", action="store_true") parser_group_standalone.add_argument("--check-config", action="store_true") parser_group_standalone.add_argument("--get-ipset-types", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--panic-on", action="store_true") parser_group_standalone.add_argument("--panic-off", action="store_true") parser_group_standalone.add_argument("--query-panic", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-active-zones", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--permanent", action="store_true") parser.add_argument("--zone", default="", metavar="") parser.add_argument("--timeout", default="0", metavar="") parser_group_zone = parser.add_mutually_exclusive_group() parser_group_zone.add_argument("--add-interface", metavar="", action='append') parser_group_zone.add_argument("--remove-interface", metavar="", action='append') parser_group_zone.add_argument("--query-interface", metavar="", action='append') parser_group_zone.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone.add_argument("--list-interfaces", action="store_true") parser_group_zone.add_argument("--add-source", metavar="", action='append') parser_group_zone.add_argument("--remove-source", metavar="", action='append') parser_group_zone.add_argument("--query-source", metavar="", action='append') parser_group_zone.add_argument("--change-source", metavar="", action='append') parser_group_zone.add_argument("--list-sources", action="store_true") parser_group_zone.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--add-service", metavar="", action='append') parser_group_zone.add_argument("--remove-service", metavar="", action='append') parser_group_zone.add_argument("--query-service", metavar="", action='append') parser_group_zone.add_argument("--add-port", metavar="", action='append') parser_group_zone.add_argument("--remove-port", metavar="", action='append') parser_group_zone.add_argument("--query-port", metavar="", action='append') parser_group_zone.add_argument("--add-protocol", metavar="", action='append') parser_group_zone.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone.add_argument("--query-protocol", metavar="", action='append') parser_group_zone.add_argument("--add-source-port", metavar="", action='append') parser_group_zone.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone.add_argument("--query-source-port", metavar="", action='append') parser_group_zone.add_argument("--add-masquerade", action="store_true") parser_group_zone.add_argument("--remove-masquerade", action="store_true") parser_group_zone.add_argument("--query-masquerade", action="store_true") parser_group_zone.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone.add_argument("--list-rich-rules", action="store_true") parser_group_zone.add_argument("--list-services", action="store_true") parser_group_zone.add_argument("--list-ports", action="store_true") parser_group_zone.add_argument("--list-protocols", action="store_true") parser_group_zone.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone.add_argument("--list-forward-ports", action="store_true") parser_group_zone.add_argument("--list-source-ports", action="store_true") parser_group_zone.add_argument("--list-all", action="store_true") parser_group_zone.add_argument("--get-target", action="store_true") parser_group_zone.add_argument("--set-target", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser.add_argument("--service", metavar="") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## args = sys.argv[1:] if len(sys.argv) > 1: i = -1 if '--passthrough' in args: i = args.index('--passthrough') + 1 elif '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg a = parser.parse_args(args) options_standalone = a.help or a.version or \ a.state or a.reload or a.complete_reload or a.runtime_to_permanent or \ a.panic_on or a.panic_off or a.query_panic or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_active_zones or a.get_ipset_types or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.info_helper or \ a.get_helpers options_zone_action_action = \ a.add_service or a.remove_service or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port options_zone_interfaces_sources = \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_adapt_query = \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.list_all or a.get_target or a.set_target options_zone_ops = options_zone_interfaces_sources or \ options_zone_action_action or options_zone_adapt_query options_zone = a.zone or a.timeout != "0" or options_zone_ops or \ options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = a.permanent or options_config or \ a.zone or options_zone_ops or \ a.ipset or options_ipset or \ a.helper or options_helper options_permanent_only = a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or options_desc_xml_file options_direct = a.passthrough or \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs options_require_permanent = options_permanent_only or \ a.get_target or a.set_target # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or a.get_active_zones or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description # Set quiet and verbose cmd = FirewallCommand(a.quiet, a.verbose) def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_icmptype or options_service or options_helper or \ options_config or options_zone_ops or \ options_direct or options_permanent_only): cmd.fail(parser.format_usage() + "No option specified.") if options_standalone and (options_zone or options_permanent or \ options_direct or options_permanent_only or\ options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No helper specified.") if (options_direct or options_permanent_only) and \ (options_zone and not a.zone) and (options_service and not a.service) and \ (options_icmptype and a.icmptype) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "Can't be used with --zone.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_require_permanent and not a.permanent: cmd.fail(parser.format_usage() + "Option can be used only with --permanent.") if options_config and options_zone: cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes.") if a.timeout != "0": value = 0 unit = 's' if len(a.timeout) < 1: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) == 1: if a.timeout.isdigit(): value = int (a.timeout[0]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) > 1: if a.timeout.isdigit(): value = int(a.timeout) unit = 's' else: if a.timeout[:-1].isdigit(): value = int (a.timeout[:-1]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) unit = a.timeout[-1:].lower() if unit == 's': a.timeout = value elif unit == 'm': a.timeout = value * 60 elif unit == 'h': a.timeout = value * 60 * 60 else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) else: a.timeout = 0 if a.timeout and not (a.add_service or a.add_port or a.add_protocol or \ a.add_icmp_block or a.add_forward_port or \ a.add_source_port or a.add_masquerade or a.add_rich_rule): cmd.fail(parser.format_usage() + "Wrong --timeout usage") if a.permanent: if a.timeout: cmd.fail(parser.format_usage() + "Can't specify timeout for permanent action.") if options_config and not a.zone: pass elif options_permanent: pass else: cmd.fail(parser.format_usage() + "Wrong --permanent usage.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.help: __usage() sys.exit(0) zone = a.zone try: fw = FirewallClient() except FirewallError as msg: code = FirewallError.get_code(str(msg)) cmd.print_and_exit("Error: %s" % msg, code) fw.setExceptionHandler(cmd.exception_handler) if not fw.connected: if a.state: cmd.print_and_exit ("not running", errors.NOT_RUNNING) else: cmd.print_and_exit ("FirewallD is not running", errors.NOT_RUNNING) cmd.set_fw(fw) if options_zone_ops and not zone and not \ (a.service and options_service) and not \ (a.helper and options_helper): default = fw.getDefaultZone() cmd.print_if_verbose("No zone specified, using default zone, i.e. '%s'" % default) active = list(fw.getActiveZones().keys()) if active and default not in active: cmd.print_msg("""You're performing an operation over default zone ('%s'), but your connections/interfaces are in zone '%s' (see --get-active-zones) You most likely need to use --zone=%s option.\n""" % (default, ",".join(active), active[0])) if a.permanent: if a.get_ipsets: cmd.print_and_exit(" ".join(fw.config().getIPSetNames())) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) if a.family: settings.addOption("family", a.family) config = fw.config() config.addIPSet(a.new_ipset, settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg)) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIPSet(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config().getIPSetByName(a.delete_ipset) ipset.remove() elif a.load_ipset_defaults: ipset = fw.config().getIPSetByName(a.load_ipset_defaults) ipset.loadDefaults() elif a.info_ipset: ipset = fw.config().getIPSetByName(a.info_ipset) cmd.print_ipset_info(a.info_ipset, ipset.getSettings()) sys.exit(0) elif a.path_ipset: ipset = fw.config().getIPSetByName(a.path_ipset) cmd.print_and_exit("%s/%s" % (ipset.get_property("path"), ipset.get_property("filename"))) elif a.ipset: ipset = fw.config().getIPSetByName(a.ipset) settings = ipset.getSettings() if a.add_entry: cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.remove_entry: cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.query_entry: cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.remove_entries_from_file: changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.set_description: settings.setDescription(a.set_description) ipset.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) ipset.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_zones: cmd.print_and_exit(" ".join(fw.config().getZoneNames())) elif a.new_zone: config = fw.config() config.addZone(a.new_zone, FirewallClientZoneSettings()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg)) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addZone(obj.name, obj.export_config()) elif a.delete_zone: zone = fw.config().getZoneByName(a.delete_zone) zone.remove() elif a.load_zone_defaults: zone = fw.config().getZoneByName(a.load_zone_defaults) zone.loadDefaults() elif a.info_zone: zone = fw.config().getZoneByName(a.info_zone) cmd.print_zone_info(a.info_zone, zone.getSettings(), True) sys.exit(0) elif a.path_zone: zone = fw.config().getZoneByName(a.path_zone) cmd.print_and_exit("%s/%s" % (zone.get_property("path"), zone.get_property("filename"))) elif a.get_services: cmd.print_and_exit(" ".join(fw.config().getServiceNames())) elif a.new_service: config = fw.config() config.addService(a.new_service, FirewallClientServiceSettings()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg)) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addService(obj.name, obj.export_config()) elif a.delete_service: service = fw.config().getServiceByName(a.delete_service) service.remove() elif a.load_service_defaults: service = fw.config().getServiceByName(a.load_service_defaults) service.loadDefaults() elif a.info_service: service = fw.config().getServiceByName(a.info_service) cmd.print_service_info(a.info_service, service.getSettings()) sys.exit(0) elif a.path_service: service = fw.config().getServiceByName(a.path_service) cmd.print_and_exit("%s/%s" % (service.get_property("path"), service.get_property("filename"))) elif a.get_helpers: cmd.print_and_exit(" ".join(fw.config().getHelperNames())) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) config = fw.config() config.addHelper(a.new_helper, settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg)) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addHelper(obj.name, obj.export_config()) elif a.delete_helper: helper = fw.config().getHelperByName(a.delete_helper) helper.remove() elif a.load_helper_defaults: helper = fw.config().getHelperByName(a.load_helper_defaults) helper.loadDefaults() elif a.info_helper: helper = fw.config().getHelperByName(a.info_helper) cmd.print_helper_info(a.info_helper, helper.getSettings()) sys.exit(0) elif a.path_helper: helper = fw.config().getHelperByName(a.path_helper) cmd.print_and_exit("%s/%s" % (helper.get_property("path"), helper.get_property("filename"))) elif a.helper: helper = fw.config().getHelperByName(a.helper) settings = helper.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = helper.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) helper.update(settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) helper.update(settings) elif a.set_description: settings.setDescription(a.set_description) helper.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) helper.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_icmptypes: cmd.print_and_exit(" ".join(fw.config().getIcmpTypeNames())) elif a.new_icmptype: config = fw.config() config.addIcmpType(a.new_icmptype, FirewallClientIcmpTypeSettings()) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg)) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIcmpType(obj.name, obj.export_config()) elif a.delete_icmptype: icmptype = fw.config().getIcmpTypeByName(a.delete_icmptype) icmptype.remove() elif a.load_icmptype_defaults: icmptype = fw.config().getIcmpTypeByName(a.load_icmptype_defaults) icmptype.loadDefaults() elif a.info_icmptype: icmptype = fw.config().getIcmpTypeByName(a.info_icmptype) cmd.print_icmptype_info(a.info_icmptype, icmptype.getSettings()) sys.exit(0) elif a.path_icmptype: icmptype = fw.config().getIcmpTypeByName(a.path_icmptype) cmd.print_and_exit("%s/%s" % (icmptype.get_property("path"), icmptype.get_property("filename"))) elif a.icmptype: icmptype = fw.config().getIcmpTypeByName(a.icmptype) settings = icmptype.getSettings() if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) icmptype.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) icmptype.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.service: service = fw.config().getServiceByName(a.service) settings = service.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") service.update(settings) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) service.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) service.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) service.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: policies = fw.config().policies() # commands if a.list_lockdown_whitelist_commands: l = policies.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, policies.addLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, policies.removeLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, policies.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = policies.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, policies.addLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, policies.removeLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, policies.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = policies.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, policies.addLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, policies.removeLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, policies.queryLockdownWhitelistUid, None, "%s") # users elif a.list_lockdown_whitelist_users: l = policies.getLockdownWhitelistUsers() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, policies.addLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, policies.removeLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, policies.queryLockdownWhitelistUser, None, "'%s'") elif options_direct: direct = fw.config().direct() if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --permanent --direct --passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1]))) if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --permanent --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --permanent --direct --remove-passthrough { ipv4 | ipv6 | eb } ") direct.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --permanent --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( direct.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = direct.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in direct.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: direct.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: direct.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( direct.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(direct.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = direct.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") direct.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") direct.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --permanent --direct --remove-rules { ipv4 | ipv6 | eb }
") direct.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( direct.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = direct.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = direct.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) else: if zone == "": zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) # interface if a.list_interfaces: interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone)) | set(fw_zone.getInterfaces())) cmd.print_and_exit(" ".join(interfaces)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: # ask NM before checking our config zone = try_get_zone_of_interface(interface) if not zone: zone = fw.config().getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: if not try_set_zone_of_interface(zone, interface): interfaces.append(interface) for interface in interfaces: old_zone_name = fw.config().getZoneOfInterface(interface) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeInterface(interface)# remove from old fw_zone.addInterface(interface) # add to new elif a.add_interface: interfaces = [ ] for interface in a.add_interface: if not try_set_zone_of_interface(a.zone, interface): interfaces.append(interface) cmd.add_sequence(interfaces, fw_zone.addInterface, fw_zone.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: if not try_set_zone_of_interface("", interface): interfaces.append(interface) cmd.remove_sequence(interfaces, fw_zone.removeInterface, fw_zone.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_zone.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_zone.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.config().getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") elif a.change_source: for source in a.change_source: old_zone_name = fw.config().getZoneOfSource(source) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeSource(source) # remove from old fw_zone.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_zone.addSource, fw_zone.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_zone.removeSource, fw_zone.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_zone.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_zone.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_zone.addRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_zone.removeRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_zone.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_zone.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_zone.addService, fw_zone.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, fw_zone.removeService, fw_zone.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_zone.queryService, None, "'%s'") # port elif a.list_ports: l = fw_zone.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.add_sequence(a.add_port, fw_zone.addPort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_zone.removePort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_zone.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_zone.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_zone.addProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_zone.removeProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_zone.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_zone.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_zone.addSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_zone.removeSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_zone.addMasquerade() elif a.remove_masquerade: fw_zone.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(fw_zone.queryMasquerade()) # forward port elif a.list_forward_ports: l = fw_zone.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_zone.addForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_zone.removeForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_zone.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_zone.addIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_zone.removeIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_zone.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_zone.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_zone.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_zone.queryIcmpBlockInversion()) # zone target elif a.get_target: target = fw_zone.getTarget() cmd.print_and_exit(target if target != "%%REJECT%%" else "REJECT") elif a.set_target: fw_zone.setTarget(a.set_target if a.set_target != "REJECT" else "%%REJECT%%") # list all zone settings elif a.list_all: interfaces = try_nm_get_interfaces_in_zone(zone) cmd.print_zone_info(zone, fw_zone.getSettings(), extra_interfaces=interfaces) sys.exit(0) # list everything elif a.list_all_zones: names = fw.config().getZoneNames() for zone in sorted(names): interfaces = try_nm_get_interfaces_in_zone(zone) settings = fw.config().getZoneByName(zone).getSettings() cmd.print_zone_info(zone, settings, extra_interfaces=interfaces) cmd.print_msg("") sys.exit(0) # set zone description elif a.set_description: settings = fw.config().getZoneByName(zone).getSettings() settings.setDescription(a.set_description) fw_zone.update(settings) # get zone description elif a.get_description: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getDescription()) # set zone short description elif a.set_short: settings = fw.config().getZoneByName(zone).getSettings() settings.setShort(a.set_short) fw_zone.update(settings) # get zone short description elif a.get_short: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getShort()) elif a.version: cmd.print_and_exit(fw.get_property("version")) elif a.state: state = fw.get_property("state") if state == "RUNNING": cmd.print_and_exit ("running") elif state == "FAILED": cmd.print_and_exit("failed", errors.RUNNING_BUT_FAILED) else: cmd.print_and_exit ("not running", errors.NOT_RUNNING) elif a.get_log_denied: cmd.print_and_exit(fw.getLogDenied()) elif a.set_log_denied: fw.setLogDenied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.getAutomaticHelpers()) elif a.set_automatic_helpers: fw.setAutomaticHelpers(a.set_automatic_helpers) elif a.get_ipset_types: types = fw.get_property("IPSetTypes") cmd.print_and_exit(" ".join(sorted(types))) elif a.reload: fw.reload() elif a.complete_reload: fw.complete_reload() elif a.runtime_to_permanent: fw.runtimeToPermanent() elif a.check_config: fw.checkPermanentConfig() elif a.direct: if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --direct --passthrough { ipv4 | ipv6 | eb } ") msg = fw.passthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1])) if msg: sys.stdout.write(msg + "\n") elif a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") fw.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1])) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") fw.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( fw.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) elif a.get_passthroughs: rules = fw.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in fw.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: fw.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: fw.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result(fw.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) elif a.get_chains: cmd.print_and_exit(" ".join(fw.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) elif a.get_all_chains: chains = fw.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") fw.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") fw.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") fw.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( fw.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) elif a.get_rules: rules = fw.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = fw.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.get_default_zone: cmd.print_and_exit(fw.getDefaultZone()) elif a.set_default_zone: fw.setDefaultZone(a.set_default_zone) elif a.get_zones: cmd.print_and_exit(" ".join(fw.getZones())) elif a.get_active_zones: zones = fw.getActiveZones() for zone in zones: cmd.print_msg("%s" % zone) for x in [ "interfaces", "sources" ]: if x in zones[zone]: cmd.print_msg(" %s: %s" % (x, " ".join(zones[zone][x]))) sys.exit(0) elif a.get_services: l = fw.listServices() cmd.print_and_exit(" ".join(l)) elif a.get_icmptypes: l = fw.listIcmpTypes() cmd.print_and_exit(" ".join(l)) # panic elif a.panic_on: fw.enablePanicMode() elif a.panic_off: fw.disablePanicMode() elif a.query_panic: cmd.print_query_result(fw.queryPanicMode()) # ipset elif a.get_ipsets: ipsets = fw.getIPSets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.info_ipset: cmd.print_ipset_info(a.info_ipset, fw.getIPSetSettings(a.info_ipset)) sys.exit(0) elif a.add_entry: cmd.x_add_sequence(a.ipset, a.add_entry, fw.addEntry, fw.queryEntry, None, "'%s'") elif a.remove_entry: cmd.x_remove_sequence(a.ipset, a.remove_entry, fw.removeEntry, fw.queryEntry, None, "'%s'") elif a.query_entry: cmd.x_query_sequence(a.ipset, a.query_entry, fw.queryEntry, None, "'%s'") elif a.get_entries: l = fw.getEntries(a.ipset) cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose("Warning: ALREADY_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) elif a.remove_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) # helper elif a.get_helpers: helpers = fw.getHelpers() cmd.print_and_exit(" ".join(sorted(helpers))) elif a.info_helper: cmd.print_helper_info(a.info_helper, fw.getHelperSettings(a.info_helper)) sys.exit(0) # lockdown elif a.lockdown_on: fw.config().set_property("Lockdown", "yes") # permanent fw.enableLockdown() # runtime elif a.lockdown_off: fw.config().set_property("Lockdown", "no") # permanent fw.disableLockdown() # runtime elif a.query_lockdown: cmd.print_query_result(fw.queryLockdown()) # runtime #lockdown = fw.config().get_property("Lockdown") #cmd.print_query_result(lockdown.lower() in [ "yes", "true" ]) # lockdown whitelist # commands elif a.list_lockdown_whitelist_commands: l = fw.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, fw.addLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, fw.removeLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, fw.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = fw.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, fw.addLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, fw.removeLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, fw.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = fw.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, fw.addLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, fw.removeLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, fw.queryLockdownWhitelistUid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = fw.getLockdownWhitelistUsers() cmd.print_and_exit(" ".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, fw.addLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, fw.removeLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, fw.queryLockdownWhitelistUser, None, "'%s'") # interface elif a.list_interfaces: l = fw.getInterfaces(zone) cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: zone = fw.getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.add_interface: interfaces = [ ] for interface in a.add_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.addInterface, fw.queryInterface, None, "'%s'") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.changeZoneOfInterface, fw.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: interfaces.append(interface) cmd.x_remove_sequence(zone, interfaces, fw.removeInterface, fw.queryInterface, None, "'%s'") elif a.query_interface: cmd.x_query_sequence(zone, a.query_interface, fw.queryInterface, None, "'%s'") # source elif a.list_sources: sources = fw.getSources(zone) cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") sys.exit(0) elif a.add_source: cmd.x_add_sequence(zone, a.add_source, fw.addSource, fw.querySource, None, "'%s'") elif a.change_source: cmd.x_add_sequence(zone, a.change_source, fw.changeZoneOfSource, fw.querySource, None, "'%s'") elif a.remove_source: cmd.x_remove_sequence(zone, a.remove_source, fw.removeSource, fw.querySource, None, "'%s'") elif a.query_source: cmd.x_query_sequence(zone, a.query_source, fw.querySource, None, "'%s'") # rich rules elif a.list_rich_rules: l = fw.getRichRules(zone) cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.zone_add_timeout_sequence(zone, a.add_rich_rule, fw.addRichRule, fw.queryRichRule, None, "'%s'", a.timeout) elif a.remove_rich_rule: cmd.x_remove_sequence(zone, a.remove_rich_rule, fw.removeRichRule, fw.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.x_query_sequence(zone, a.query_rich_rule, fw.queryRichRule, None, "'%s'") # service elif a.list_services: l = fw.getServices(zone) cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.zone_add_timeout_sequence(zone, a.add_service, fw.addService, fw.queryService, None, "'%s'", a.timeout) elif a.remove_service: cmd.x_remove_sequence(zone, a.remove_service, fw.removeService, fw.queryService, None, "'%s'") elif a.query_service: cmd.x_query_sequence(zone, a.query_service, fw.queryService, None, "'%s'") # port elif a.list_ports: l = fw.getPorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.zone_add_timeout_sequence(zone, a.add_port, fw.addPort, fw.queryPort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_port: cmd.x_remove_sequence(zone, a.remove_port, fw.removePort, fw.queryPort, cmd.parse_port, "'%s/%s'") elif a.query_port: cmd.x_query_sequence(zone, a.query_port, fw.queryPort, cmd.parse_port, "'%s/%s'") # protocol elif a.list_protocols: l = fw.getProtocols(zone) cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.zone_add_timeout_sequence(zone, a.add_protocol, fw.addProtocol, fw.queryProtocol, None, "'%s'", a.timeout) elif a.remove_protocol: cmd.x_remove_sequence(zone, a.remove_protocol, fw.removeProtocol, fw.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.x_query_sequence(zone, a.query_protocol, fw.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw.getSourcePorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.zone_add_timeout_sequence(zone, a.add_source_port, fw.addSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_source_port: cmd.x_remove_sequence(zone, a.remove_source_port, fw.removeSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'") elif a.query_source_port: cmd.x_query_sequence(zone, a.query_source_port, fw.querySourcePort, cmd.parse_port, "'%s/%s'") # masquerade elif a.add_masquerade: fw.addMasquerade(zone, a.timeout) elif a.remove_masquerade: fw.removeMasquerade(zone) elif a.query_masquerade: cmd.print_query_result(fw.queryMasquerade(zone)) # forward port elif a.list_forward_ports: l = fw.getForwardPorts(zone) cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.zone_add_timeout_sequence(zone, a.add_forward_port, fw.addForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'", a.timeout) elif a.remove_forward_port: cmd.x_remove_sequence(zone, a.remove_forward_port, fw.removeForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") elif a.query_forward_port: cmd.x_query_sequence(zone, a.query_forward_port, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") # block icmp elif a.list_icmp_blocks: l = fw.getIcmpBlocks(zone) cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.zone_add_timeout_sequence(zone, a.add_icmp_block, fw.addIcmpBlock, fw.queryIcmpBlock, None, "'%s'", a.timeout) elif a.remove_icmp_block: cmd.x_remove_sequence(zone, a.remove_icmp_block, fw.removeIcmpBlock, fw.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.x_query_sequence(zone, a.query_icmp_block, fw.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw.addIcmpBlockInversion(zone) elif a.remove_icmp_block_inversion: fw.removeIcmpBlockInversion(zone) elif a.query_icmp_block_inversion: cmd.print_query_result(fw.queryIcmpBlockInversion(zone)) # list all elif a.list_all: z = zone if zone else fw.getDefaultZone() cmd.print_zone_info(z, fw.getZoneSettings(z)) sys.exit(0) # list everything elif a.list_all_zones: for zone in fw.getZones(): cmd.print_zone_info(zone, fw.getZoneSettings(zone)) cmd.print_msg("") sys.exit(0) elif a.info_zone: cmd.print_zone_info(a.info_zone, fw.getZoneSettings(a.info_zone), True) sys.exit(0) elif a.info_service: cmd.print_service_info(a.info_service, fw.getServiceSettings(a.info_service)) sys.exit(0) elif a.info_icmptype: cmd.print_icmptype_info(a.info_icmptype, fw.getIcmpTypeSettings(a.info_icmptype)) sys.exit(0) cmd.print_and_exit("success") firewalld-0.8.2/src/firewall-offline-cmd0000775007115300711530000032030213641123204021353 0ustar00egarveregarver00000000000000#!/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings from firewall.errors import FirewallError from firewall import config from firewall.core.fw import Firewall from firewall.functions import joinArgs, splitArgs from firewall.core.io.functions import check_config from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand # check for root user def assert_root(): if os.getuid() != 0: sys.stderr.write("You need to be root to run %s.\n" % sys.argv[0]) sys.exit(-1) SYSTEM_CONFIG_FIREWALL = config.SYSCONFIGDIR + '/system-config-firewall' def __usage(): sys.stdout.write(""" Usage: firewall-offline-cmd [OPTIONS...] If no options are given, configuration from '%s' will be migrated. General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages --system-config Path to firewalld system configuration --default-config Path to firewalld default configuration --check-config Check system and default configuration Lokkit Compatibility Options --migrate-system-config-firewall= Import configuration data from the given configuration file. --enabled Enable firewall (default) --disabled Disable firewall --addmodule= Ignored option, was used to enable an iptables module --removemodule= Ignored option, was used to disable an iptables module -s , --service= Enable a service in the default zone (example: ssh) --remove-service= Disable a service in the default zone (example: ssh) -p [-]:, --port=[-]: Enable a port in the default zone (example: ssh:tcp) -t , --trust= Bind an interface to the trusted zone -m , --masq= Enables masquerading in the default zone, interface argument is ignored. This is IPv4 only. --custom-rules=[:][
:] Ignored option. Was used to add custom rules to the firewall (Example: ipv4:filter:%s/ipv4_filter_addon) --forward-port=if=:port=:proto=[:toport=][:toaddr=] Forward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This will be added to the default zone. This is IPv4 only. --block-icmp= Block this ICMP type in the default zone. The default is to accept all ICMP types. Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Automatic Helpers Options --get-automatic-helpers Print the automatic helpers value --set-automatic-helpers= Set automatic helpers value Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-zones Print predefined zones --get-services Print predefined services --get-icmptypes Print predefined icmptypes --get-zone-of-interface= Print name of the zone the interface is bound to --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to --list-all-zones List everything added for or enabled in all zones --new-zone= Add a new empty zone --new-zone-from-file= [--name=] Add a new zone from file with optional name override [P only] --delete-zone= Delete an existing zone --load-zone-defaults= Load zone default settings [Z] --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --set-description= Set new description to zone --get-description Print description for zone --get-target Get the zone target --set-target= Set the zone target --info-zone= Print information about a zone --path-zone= Print file path of a zone IPSet Options --new-ipset= --type= [--option=[=]].. Add a new empty ipset --new-ipset-from-file= [--name=] Add a new ipset from file with optional name override [P only] --delete-ipset= Delete an existing ipset --load-ipset-defaults= Load ipset default settings --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset --ipset= --get-description Print description for ipset --ipset= --set-short= Set new short description to ipset --ipset= --get-short Print short description for ipset --ipset= --add-entry= Add a new entry to an ipset --ipset= --remove-entry= Remove an entry from an ipset --ipset= --query-entry= Return whether ipset has an entry --ipset= --get-entries List entries of an ipset --ipset= --add-entries-from-file= Add a new entries to an ipset [P] --ipset= --remove-entries-from-file= Remove entries from an ipset [P] IcmpType Options --new-icmptype= Add a new empty icmptype --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name override [P only] --delete-icmptype= Delete an existing icmptype --load-icmptype-defaults= Load icmptype default settings --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype --icmptype= --set-description= Set new description to icmptype --icmptype= --get-description Print description for icmptype --icmptype= --set-short= Set new short description to icmptype --icmptype= --get-short Print short description for icmptype --icmptype= --add-destination= Enable destination for ipv in icmptype --icmptype= --remove-destination= Disable destination for ipv in icmptype --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype --icmptype= --get-destinations List destinations in icmptype Service Options --new-service= Add a new empty service --new-service-from-file= [--name=] Add a new service from file with optional name override [P only] --delete-service= Delete an existing service --load-service-defaults= Load icmptype default settings --info-service= Print information about a service --path-service= Print file path of a service --service= --set-description= Set new description to service --service= --get-description Print description for service --service= --set-short= Set new short description to service --service= --get-short Print short description for service --service= --add-port=[-]/ Add a new port to service --service= --remove-port=[-]/ Remove a port from service --service= --query-port=[-]/ Return whether the port has been added for service --service= --get-ports List ports of service --service= --add-protocol= Add a new protocol to service --service= --remove-protocol= Remove a protocol from service --service= --query-protocol= Return whether the protocol has been added for service --service= --get-protocols List protocols of service --service= --add-source-port=[-]/ Add a new source port to service --service= --remove-source-port=[-]/ Remove a source port from service --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service --service= --add-helper= Add a new helper to service --service= --remove-helper= Remove a helper from service --service= --query-helper= Return whether the helper has been added for service --service= --get-service-helpers List helpers of service --service= --set-destination=:
[/] Set destination for ipv to address in service --service= --remove-destination= Disable destination for ipv i service --service= --query-destination=:
[/] Return whether destination ipv is set for service --service= --get-destinations List destinations in service --service= --add-include= Add a new include to service --service= --remove-include= Remove a include from service --service= --query-include= Return whether the include has been added for service --service= --get-includes List includes of service Options to Adapt and Query Zones --list-all List everything added for or enabled in a zone [Z] --list-services List services added for a zone [Z] --add-service= Add a service for a zone [Z] --remove-service-from-zone= Remove a service from a zone [Z] --query-service= Return whether service has been added for a zone [Z] --list-ports List ports added for a zone [Z] --add-port=[-]/ Add the port for a zone [Z] --remove-port=[-]/ Remove the port from a zone [Z] --query-port=[-]/ Return whether the port has been added for zone [Z] --list-protocols List protocols added for a zone [Z] --add-protocol= Add the protocol for a zone [Z] --remove-protocol= Remove the protocol from a zone [Z] --query-protocol= Return whether the protocol has been added for zone [Z] --list-source-ports List source ports added for a zone [Z] --add-source-port=[-]/ Add the source port for a zone [Z] --remove-source-port=[-]/ Remove the source port from a zone [Z] --query-source-port=[-]/ Return whether the source port has been added for zone [Z] --list-icmp-blocks List Internet ICMP type blocks added for a zone [Z] --add-icmp-block= Add an ICMP block for a zone [Z] --remove-icmp-block= Remove the ICMP block from a zone [Z] --query-icmp-block= Return whether an ICMP block has been added for a zone [Z] --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [Z] --list-forward-ports List IPv4 forward ports added for a zone [Z] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port for a zone [Z] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port from a zone [Z] --query-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Return whether the IPv4 forward port has been added for a zone [Z] --add-masquerade Enable IPv4 masquerade for a zone [Z] --remove-masquerade Disable IPv4 masquerade for a zone [Z] --query-masquerade Return whether IPv4 masquerading has been enabled for a zone [Z] --list-rich-rules List rich language rules added for a zone [Z] --add-rich-rule= Add rich language rule 'rule' for a zone [Z] --remove-rich-rule= Remove rich language rule 'rule' from a zone [Z] --query-rich-rule= Return whether a rich language rule 'rule' has been added for a zone [Z] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [Z] --add-interface= Bind the to a zone [Z] --change-interface= Change zone the is bound to [Z] --query-interface= Query whether is bound to a zone [Z] --remove-interface= Remove binding of from a zone [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [Z] --add-source=[/]||ipset: Bind the source to a zone [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [Z] Helper Options --new-helper= --module= [--family=] Add a new helper --new-helper-from-file= [--name=] Add a new helper from file with optional name --delete-helper= Delete an existing helper --load-helper-defaults= Load helper default settings --info-helper= Print information about an helper --path-helper= Print file path of an helper --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper --helper= --get-description Print description for helper --helper= --set-short= Set new short description to helper --helper= --get-short Print short description for helper --helper= --add-port=[-]/ Add a new port to helper --helper= --remove-port=[-]/ Remove a port from helper --helper= --query-port=[-]/ Return whether the port has been added for helper --helper= --get-ports List ports of helper --helper= --set-module= Set module to helper --helper= --get-module Get module from helper --helper= --set-family={ipv4|ipv6|} Set family for helper --helper= --get-family Get module from helper Direct Options --direct First option for all direct options --get-all-chains Get all chains --get-chains {ipv4|ipv6|eb}
Get all chains added to the table --add-chain {ipv4|ipv6|eb}
Add a new chain to the table --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table --get-all-rules Get all rules --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table --get-all-passthroughs Get all passthrough rules --get-passthroughs {ipv4|ipv6|eb} ... Get passthrough rules --add-passthrough {ipv4|ipv6|eb} ... Add a new passthrough rule --remove-passthrough {ipv4|ipv6|eb} ... Remove a passthrough rule --query-passthrough {ipv4|ipv6|eb} ... Return whether the passthrough rule has been added Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist --add-lockdown-whitelist-command= Add the command to the whitelist --remove-lockdown-whitelist-command= Remove the command from the whitelist --query-lockdown-whitelist-command= Query whether the command is on the whitelist --list-lockdown-whitelist-contexts List all contexts that are on the whitelist --add-lockdown-whitelist-context= Add the context context to the whitelist --remove-lockdown-whitelist-context= Remove the context from the whitelist --query-lockdown-whitelist-context= Query whether the context is on the whitelist --list-lockdown-whitelist-uids List all user ids that are on the whitelist --add-lockdown-whitelist-uid= Add the user id uid to the whitelist --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist --list-lockdown-whitelist-users List all user names that are on the whitelist --add-lockdown-whitelist-user= Add the user name user to the whitelist --remove-lockdown-whitelist-user= Remove the user name user from the whitelist --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist Polkit Options --policy-server Change Polkit actions to 'server' (more restricted) --policy-desktop Change Polkit actions to 'desktop' (less restricted) """ % (SYSTEM_CONFIG_FIREWALL, config.SYSCONFIGDIR)) def parse_port_lokkit(value): try: (port, proto) = value.split(":") except Exception: cmd.fail("bad port (most likely missing protocol), correct syntax is portid[-portid]:protocol") return (port, proto) def pk_symlink(product='server'): _PK_DIR = '/usr/share/polkit-1/actions/' _PK_NAME = 'org.fedoraproject.FirewallD1.' os.chdir(_PK_DIR) if os.path.isfile(_PK_NAME+product+'.policy.choice'): if os.path.isfile(_PK_NAME+'policy'): os.remove(_PK_NAME+'policy') os.symlink(_PK_NAME+product+'.policy.choice', _PK_NAME+'policy') cmd.print_and_exit('symlink '+_PK_DIR+_PK_NAME+product+'.policy.choice -> '+_PK_NAME+'policy') else: cmd.fail('no such file '+_PK_DIR+_PK_NAME+product+'.policy.choice') # system-config-firewall def read_sysconfig_args(config_file=SYSTEM_CONFIG_FIREWALL): filename = None if os.path.exists(config_file) and os.path.isfile(config_file): filename = config_file try: f = open(filename, 'r') except Exception: return None argv = [ ] for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] == '#': continue argv.append(line) f.close() return argv parser = argparse.ArgumentParser(usage="see firewall-offline-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_lokkit = parser.add_argument_group() parser_group_lokkit.add_argument("--enabled", action="store_true") parser_group_lokkit.add_argument("--disabled", action="store_true") parser_group_lokkit.add_argument("--addmodule", metavar="", action='append') parser_group_lokkit.add_argument("--removemodule", metavar="", action='append') parser_group_lokkit.add_argument("--service", "-s", metavar="", action='append') parser_group_lokkit.add_argument("--remove-service", metavar="", action='append') parser_group_lokkit.add_argument("--port", "-p", metavar="", action='append') parser_group_lokkit.add_argument("--trust", "-t", metavar="", action='append') parser_group_lokkit.add_argument("--masq", "-m", metavar="", action='append') parser_group_lokkit.add_argument("--custom-rules", metavar="", action='append') parser_group_lokkit.add_argument("--forward-port", metavar="", action='append') parser_group_lokkit.add_argument("--block-icmp", metavar="", action='append') parser.add_argument("--system-config", metavar="path") parser.add_argument("--default-config", metavar="path") parser.add_argument("--check-config", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--policy-server", action="store_true") parser_group_standalone.add_argument("--policy-desktop", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--zone", default="", metavar="") parser_group_zone = parser.add_mutually_exclusive_group() parser_group_zone.add_argument("--add-interface", metavar="", action='append') parser_group_zone.add_argument("--remove-interface", metavar="", action='append') parser_group_zone.add_argument("--query-interface", metavar="", action='append') parser_group_zone.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone.add_argument("--list-interfaces", action="store_true") parser_group_zone.add_argument("--add-source", metavar="", action='append') parser_group_zone.add_argument("--remove-source", metavar="", action='append') parser_group_zone.add_argument("--query-source", metavar="", action='append') parser_group_zone.add_argument("--change-source", metavar="", action='append') parser_group_zone.add_argument("--list-sources", action="store_true") parser_group_zone.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--add-service", metavar="", action='append') parser_group_zone.add_argument("--remove-service-from-zone", metavar="", action='append') parser_group_zone.add_argument("--query-service", metavar="", action='append') parser_group_zone.add_argument("--add-port", metavar="", action='append') parser_group_zone.add_argument("--remove-port", metavar="", action='append') parser_group_zone.add_argument("--query-port", metavar="", action='append') parser_group_zone.add_argument("--add-protocol", metavar="", action='append') parser_group_zone.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone.add_argument("--query-protocol", metavar="", action='append') parser_group_zone.add_argument("--add-source-port", metavar="", action='append') parser_group_zone.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone.add_argument("--query-source-port", metavar="", action='append') parser_group_zone.add_argument("--add-masquerade", action="store_true") parser_group_zone.add_argument("--remove-masquerade", action="store_true") parser_group_zone.add_argument("--query-masquerade", action="store_true") parser_group_zone.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone.add_argument("--list-rich-rules", action="store_true") parser_group_zone.add_argument("--list-services", action="store_true") parser_group_zone.add_argument("--list-ports", action="store_true") parser_group_zone.add_argument("--list-protocols", action="store_true") parser_group_zone.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone.add_argument("--list-forward-ports", action="store_true") parser_group_zone.add_argument("--list-source-ports", action="store_true") parser_group_zone.add_argument("--list-all", action="store_true") parser_group_zone.add_argument("--get-target", action="store_true") parser_group_zone.add_argument("--set-target", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## cmd = FirewallCommand() def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook if len(sys.argv) > 1 and \ any('--migrate-system-config-firewall' in arg for arg in sys.argv): args = sys.argv[1:] migration_parser = argparse.ArgumentParser( usage="see firewall-offline-cmd man page", add_help=False) migration_parser.add_argument("-h", "--help", action="store_true") migration_parser.add_argument("-v", "--verbose", action="store_true") migration_parser.add_argument("-q", "--quiet", action="store_true") migration_parser.add_argument("--migrate-system-config-firewall", metavar="", action='store') a,unknown = migration_parser.parse_known_args(args) cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) if a.help: __usage() sys.exit(0) else: assert_root() if a.quiet: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.migrate_system_config_firewall: args = read_sysconfig_args(a.migrate_system_config_firewall) if not args: cmd.fail("Opening of '%s' failed, exiting." % \ a.migrate_system_config_firewall) args += unknown elif len(sys.argv) > 1: i = -1 args = sys.argv[1:] if '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg else: assert_root() # migrate configuration from SYSTEM_CONFIG_FIREWALL args = read_sysconfig_args() if not args: cmd.fail("Opening of '%s' failed, exiting." % SYSTEM_CONFIG_FIREWALL) a = parser.parse_args(args) options_lokkit = a.enabled or a.disabled or a.addmodule or a.removemodule or \ a.trust or a.masq or a.custom_rules or \ a.service or a.remove_service or a.port or \ a.trust or a.masq or a.forward_port or a.block_icmp options_standalone = a.help or a.version or \ a.policy_server or a.policy_desktop or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.info_helper or \ a.get_helpers options_zone_action_action = \ a.add_service or a.remove_service_from_zone or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port options_zone_interfaces_sources = \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_adapt_query = \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.list_all or a.get_target or a.set_target options_zone_ops = options_zone_interfaces_sources or \ options_zone_action_action or options_zone_adapt_query options_zone = a.zone or options_zone_ops or options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = options_config or options_zone or \ a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.ipset or options_ipset or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper options_direct = \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description # Set quiet and verbose cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_lokkit or \ options_icmptype or options_service or options_helper or \ options_permanent or options_direct or options_desc_xml_file or \ a.check_config): cmd.fail(parser.format_usage() + "No option specified.") if options_lokkit and (options_standalone or \ options_permanent or options_direct) and \ not (options_service and a.service): cmd.fail(parser.format_usage() + "Can't use lokkit options with other options.") if options_standalone and (options_permanent or \ options_direct or options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if options_service and a.service and len(a.service) > 0: if len(a.service) > 1: cmd.fail(parser.format_usage() + "More than one service specified.") # use the first entry in the array only a.service = a.service[0] if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No helper specified.") if options_direct and options_zone: cmd.fail(parser.format_usage() + "Can't use 'direct' options with other options.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_config and options_zone: cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.help: __usage() sys.exit(0) assert_root() if a.system_config: config.set_system_config_paths(a.system_config) if a.default_config: config.set_default_config_paths(a.default_config) if a.check_config: try: fw = Firewall(offline=True) fw.start() check_config(fw) except FirewallError as error: cmd.print_and_exit("Configuration error: %s" % error, error.code) except Exception as msg: cmd.fail("Configuration error: %s" % msg) sys.exit(0) zone = a.zone fw = Firewall(offline=True) fw.start() try: # Lokkit Compatibility Options if options_lokkit and not (options_service and a.service): trusted_zone = "trusted" default_zone = fw.get_default_zone() fw_zone = fw.config.get_zone(default_zone) fw_settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(fw_zone))) if a.enabled: # Enable firewall (default) os.system("systemctl enable firewalld.service") if a.disabled: # Disable firewall os.system("systemctl disable firewalld.service") if a.addmodule: for m in a.addmodule: cmd.print_msg("Ignoring addmodule '%s'" % m) if a.removemodule: for m in a.removemodule: cmd.print_msg("Ignoring removemodule '%s'" % m) if a.custom_rules: for c in a.custom_rules: cmd.print_msg("Ignoring custom-rule '%s'" % c) if a.service: for s in a.service: cmd.print_msg("Adding service '%s' to default zone." % s) if not fw_settings.queryService(s): fw_settings.addService(s) else: cmd.print_msg("ALREADY_ENABLED: %s" % s) if a.remove_service: for s in a.remove_service: cmd.print_msg("Removing service '%s' from default zone." % s) if fw_settings.queryService(s): fw_settings.removeService(s) else: cmd.print_msg("NOT_ENABLED: %s" % s) if a.port: for port_proto in a.port: (port, proto) = parse_port_lokkit(port_proto) cmd.print_msg("Adding port '%s/%s' to default zone." % (port, proto)) if not fw_settings.queryPort(port, proto): fw_settings.addPort(port, proto) else: cmd.print_msg("ALREADY_ENABLED: %s" % port_proto) if a.trust: if default_zone != trusted_zone: fw_trusted = fw.config.get_zone("trusted") fw_trusted_settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(fw_trusted))) # Bind an interface to the trusted zone for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_trusted_settings.queryInterface(i): fw_trusted_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) fw.config.set_zone_config(fw_trusted, fw_trusted_settings.settings) else: for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_settings.queryInterface(i): fw_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) if a.masq: # Enables masquerading in the default zone, interface argument is ignored cmd.print_msg("Enabling masquerade for the default zone.") fw_settings.setMasquerade(True) if a.forward_port: for fp in a.forward_port: (port, protocol, toport, toaddr) = cmd.parse_forward_port( fp, compat=True) cmd.print_msg("Adding forward port %s:%s:%s:%s to default zone." % \ (port, protocol, toport, toaddr)) if not fw_settings.queryForwardPort(port, protocol, toport, toaddr): fw_settings.addForwardPort(port, protocol, toport, toaddr) else: cmd.print_msg("ALREADY_ENABLED: %s" % fp) if a.block_icmp: for ib in a.block_icmp: cmd.print_msg("Adding icmpblock '%s' to default zone." % ib) if not fw_settings.queryIcmpBlock(ib): fw_settings.addIcmpBlock(ib) else: cmd.print_msg("ALREADY_ENABLED: %s" % ib) fw.config.set_zone_config(fw_zone, fw_settings.settings) elif a.version: cmd.print_and_exit(config.VERSION) elif a.get_log_denied: cmd.print_and_exit(fw.get_log_denied()) elif a.set_log_denied: fw.set_log_denied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.get_automatic_helpers()) elif a.set_automatic_helpers: fw.set_automatic_helpers(a.set_automatic_helpers) elif a.policy_server: pk_symlink('server') elif a.policy_desktop: pk_symlink('desktop') # options from firewall-cmd elif a.get_default_zone: cmd.print_and_exit(fw.get_default_zone()) elif a.set_default_zone: fw.set_default_zone(a.set_default_zone) # lockdown elif a.lockdown_on: fw.enable_lockdown() elif a.lockdown_off: fw.disable_lockdown() elif a.query_lockdown: cmd.print_query_result(fw.policies.query_lockdown()) # zones elif a.get_zones: zones = fw.config.get_zones() cmd.print_and_exit(" ".join(zones)) elif a.new_zone: fw.config.new_zone(a.new_zone, FirewallClientZoneSettings().settings) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name fw.config.new_zone(obj.name, obj.export_config()) elif a.delete_zone: obj = fw.config.get_zone(a.delete_zone) fw.config.remove_zone(obj) elif a.load_zone_defaults: obj = fw.config.get_zone(a.load_zone_defaults) fw.config.load_zone_defaults(obj) elif a.info_zone: zone = fw.config.get_zone(a.info_zone) settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(zone))) cmd.print_zone_info(a.info_zone, settings, True) sys.exit(0) elif a.path_zone: obj = fw.config.get_zone(a.path_zone) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # services elif a.get_services: services = fw.config.get_services() cmd.print_and_exit(" ".join(services)) elif a.new_service: fw.config.new_service_dict(a.new_service, FirewallClientServiceSettings().getSettingsDict()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name fw.config.new_service(obj.name, obj.export_config()) elif a.delete_service: obj = fw.config.get_service(a.delete_service) fw.config.remove_service(obj) # remove service from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(_zone))) if _settings.queryService(a.delete_service): _settings.removeService(a.delete_service) fw.config.set_zone_config(_zone, _settings.settings) elif a.load_service_defaults: obj = fw.config.get_service(a.load_service_defaults) fw.config.load_service_defaults(obj) elif a.info_service: service = fw.config.get_service(a.info_service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) cmd.print_service_info(a.info_service, settings) sys.exit(0) elif a.path_service: obj = fw.config.get_service(a.path_service) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # icmptypes elif a.get_icmptypes: icmptypes = fw.config.get_icmptypes() cmd.print_and_exit(" ".join(icmptypes)) elif a.new_icmptype: fw.config.new_icmptype(a.new_icmptype, FirewallClientIcmpTypeSettings().settings) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name fw.config.new_icmptype(obj.name, obj.export_config()) elif a.delete_icmptype: obj = fw.config.get_icmptype(a.delete_icmptype) fw.config.remove_icmptype(obj) # remove icmpyte from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(_zone))) if _settings.queryIcmpBlock(a.delete_icmptype): _settings.removeIcmpBlock(a.delete_icmptype) fw.config.set_zone_config(_zone, _settings.settings) elif a.load_icmptype_defaults: obj = fw.config.get_icmptype(a.load_icmptype_defaults) fw.config.load_icmptype_defaults(obj) elif a.info_icmptype: icmptype = fw.config.get_icmptype(a.info_icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) cmd.print_icmptype_info(a.info_icmptype, settings) sys.exit(0) elif a.path_icmptype: obj = fw.config.get_icmptype(a.path_icmptype) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.icmptype and options_icmptype: icmptype = fw.config.get_icmptype(a.icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") elif a.service and options_service: service = fw.config.get_service(a.service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # ipsets if a.get_ipsets: ipsets = fw.config.get_ipsets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) fw.config.new_ipset(a.new_ipset, settings.settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name fw.config.new_ipset(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config.get_ipset(a.delete_ipset) fw.config.remove_ipset(ipset) elif a.load_ipset_defaults: obj = fw.config.get_ipset(a.load_ipset_defaults) fw.config.load_ipset_defaults(obj) elif a.info_ipset: ipset = fw.config.get_ipset(a.info_ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_ipset_info(a.info_ipset, settings) sys.exit(0) elif a.path_ipset: obj = fw.config.get_ipset(a.path_ipset) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.ipset: if a.add_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.query_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % \ entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.set_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setDescription(a.set_description) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getDescription()) elif a.set_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setShort(a.set_short) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # helper elif a.get_helpers: cmd.print_and_exit(" ".join(sorted(fw.config.get_helpers()))) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) fw.config.new_helper(a.new_helper, settings.settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name fw.config.new_helper(obj.name, obj.export_config()) elif a.delete_helper: obj = fw.config.get_helper(a.delete_helper) fw.config.remove_helper(obj) elif a.load_helper_defaults: obj = fw.config.get_helper(a.load_helper_defaults) fw.config.load_helper_defaults(obj) elif a.info_helper: obj = fw.config.get_helper(a.info_helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) cmd.print_helper_info(a.info_helper, settings) sys.exit(0) elif a.path_helper: obj = fw.config.get_helper(a.path_helper) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.helper: obj = fw.config.get_helper(a.helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) fw.config.set_helper_config(obj, settings.settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) fw.config.set_helper_config(obj, settings.settings) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_helper_config(obj, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_helper_config(obj, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: whitelist = fw.config.get_policies().lockdown_whitelist # commands if a.list_lockdown_whitelist_commands: l = whitelist.get_commands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, whitelist.add_command, whitelist.has_command, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, whitelist.remove_command, whitelist.has_command, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, whitelist.has_command, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = whitelist.get_contexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, whitelist.add_context, whitelist.has_context, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, whitelist.remove_context, whitelist.has_context, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, whitelist.has_context, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = whitelist.get_uids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid: cmd.add_sequence(a.add_lockdown_whitelist_uid, whitelist.add_uid, whitelist.has_uid, None, "'%s'") elif a.remove_lockdown_whitelist_uid: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, whitelist.remove_uid, whitelist.has_uid, None, "'%s'") elif a.query_lockdown_whitelist_uid: cmd.query_sequence(a.query_lockdown_whitelist_uid, whitelist.has_uid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = whitelist.get_users() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, whitelist.add_user, whitelist.has_user, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, whitelist.remove_user, whitelist.has_user, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, whitelist.has_user, None, "'%s'") # apply whitelist changes whitelist.write() elif options_direct: obj = fw.config.get_direct() if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg( obj.add_passthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") obj.remove_passthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( obj.query_passthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = obj.get_passthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: rules = obj.get_all_passthroughs() for ipv in rules: for rule in rules[ipv]: cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: obj.add_chain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: obj.remove_chain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( obj.query_chain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(obj.get_chains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = obj.get_all_chains() for (ipv, table) in chains: for chain in chains[(ipv, table)]: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("wrong priority\nusage: --direct --add-rule { ipv4 | ipv6 | eb }
") obj.add_rule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") obj.remove_rule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") obj.remove_rules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( obj.query_rule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = obj.get_rules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = obj.get_all_rules() for (ipv, table, chain) in rules: for (priority, rule) in rules[(ipv, table, chain)]: cmd.print_msg("%s %s %s %d %s" % \ (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) obj.write() else: if zone == "": zone = fw.get_default_zone() fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings( list(fw.config.get_zone_config(fw_zone))) # convert to list, for setMasquerade # interface if a.list_interfaces: l = fw_settings.getInterfaces() cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if interface in obj.interfaces: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % (interface, len(ret))) if len(ret) == 1: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.print_and_exit("no zone", 2) elif a.change_interface: for interface in a.change_interface: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if interface in old_zone_obj.interfaces: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings( fw.config.get_zone_config(old_zone_obj)) old_zone_settings.removeInterface(interface) # remove from old fw.config.set_zone_config(old_zone_obj, old_zone_settings.settings) fw_settings.addInterface(interface) # add to new elif a.add_interface: cmd.add_sequence(a.add_interface, fw_settings.addInterface, fw_settings.queryInterface, None, "'%s'") elif a.remove_interface: cmd.remove_sequence(a.remove_interface, fw_settings.removeInterface, fw_settings.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_settings.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_settings.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if source in obj.sources: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % (source, len(ret))) if len(ret) == 1: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.print_and_exit("no zone", 2) elif a.change_source: for source in a.change_source: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if source in old_zone_obj.sources: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings( fw.config.get_zone_config(old_zone_obj)) old_zone_settings.removeSource(source) # remove from old fw.config.set_zone_config(old_zone_obj, old_zone_settings.settings) fw_settings.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_settings.addSource, fw_settings.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_settings.removeSource, fw_settings.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_settings.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_settings.addRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_settings.removeRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_settings.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_settings.addService, fw_settings.queryService, None, "'%s'") elif a.remove_service_from_zone: cmd.remove_sequence(a.remove_service_from_zone, fw_settings.removeService, fw_settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_settings.queryService, None, "'%s'") # port elif a.list_ports: l = fw_settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.add_sequence(a.add_port, fw_settings.addPort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_settings.removePort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_settings.getProtocols() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_settings.addProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_settings.removeProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_settings.addSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_settings.removeSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_settings.setMasquerade(True) elif a.remove_masquerade: fw_settings.setMasquerade(False) elif a.query_masquerade: cmd.print_query_result(fw_settings.getMasquerade()) # forward port elif a.list_forward_ports: l = fw_settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (_port, _protocol, _toport, _toaddr) for (_port, _protocol, _toport, _toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_settings.addForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_settings.removeForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_settings.addIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_settings.removeIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_settings.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_settings.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_settings.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_settings.queryIcmpBlockInversion()) # zone target elif a.get_target: cmd.print_and_exit(fw_settings.getTarget()) elif a.set_target: fw_settings.setTarget(a.set_target) # list all zone settings elif a.list_all: cmd.print_zone_info(zone if zone else fw.get_default_zone(), fw_settings) sys.exit(0) # list everything elif a.list_all_zones: zones = fw.config.get_zones() for zone in zones: fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings(list(fw.config.get_zone_config(fw_zone))) cmd.print_zone_info(zone, fw_settings) cmd.print_msg("") sys.exit(0) elif a.set_description: fw_settings.setDescription(a.set_description) elif a.get_description: cmd.print_and_exit(fw_settings.getDescription()) elif a.set_short: fw_settings.setShort(a.set_short) elif a.get_short: cmd.print_and_exit(fw_settings.getShort()) fw.config.set_zone_config(fw_zone, fw_settings.settings) cmd.print_and_exit("success") except FirewallError as msg: cmd.print_and_exit("%s" % msg, msg.code) except Exception as msg: cmd.fail("%s" % msg) else: cmd.print_and_exit("success") firewalld-0.8.2/src/firewall-config.glade0000664007115300711530000257621713620317435021541 0ustar00egarveregarver00000000000000 False 5 dialog Glade image-missing False vertical 2 False end False True end 0 False 5 Address True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter an %s address. True 0 0 False False 0 False start True 0 0 False False 1 True False 6 vertical True True start 60 True 40 60 none False True 0 False True 2 True True 1 addressDialogCancelButton addressDialogOkButton False 5 Automatic Helpers True center-on-parent True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 5 vertical 6 False start start Please select the automatic helpers value: True 0 0 False False 0 True False vertical True False start True 6 False True 0 False True 1 True True 1 automaticHelpersDialogCancelButton automaticHelpersDialogOkButton False 5 Command line True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the command line. True 0 0 False False 0 True False 6 vertical True True 1024 True 50 False True 0 False True 1 True True 1 commandDialogCancelButton commandDialogOkButton False 5 Context True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the context. True 0 0 False False 0 True False 6 vertical True True 1024 True 50 False True 0 False True 1 True True 1 contextDialogCancelButton contextDialogOkButton 200 350 False 5 Default Zone True center-on-parent 200 350 True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 5 vertical 6 False start start Please select default zone from the list below. True 0 0 False False 0 True True 6 in True True False False True True 1 True True 1 portDialogCancelButton1 defaultZoneDialogOkButton False 5 Direct Chain True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select ipv and table and enter the chain name. True 0 0 False False 0 True False 6 6 6 True False end ipv: 1 0 0 True True start start True 31 20 31 1 2 True False start ipv4 ipv6 eb 1 0 True False end Chain: middle 1 0 2 True False start filter nat mangle raw security 1 1 True False end Table: 1 0 1 True True 1 True True 1 directChainDialogCancelButton directChainDialogOkButton False 5 Direct Passthrough Rule True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select ipv and enter the args. True 0 0 False False 0 True False 6 6 6 True False end ipv: 1 0 0 True False start ipv4 ipv6 eb 1 0 True True start start 1024 50 1 1 True False end Args: 1 0 1 False True 1 True True 1 directPassthroughDialogCancelButton directPassthroughDialogOkButton 200 350 False 5 Port Forwarding 200 350 dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 270 True False start Please select the source and destination options according to your needs. True 0 0 False False 0 True False 6 6 6 True False end Port / Port Range: 1 0 9 True False end IP address: 1 0 8 True False end Port / Port Range: 1 0 2 True False end Protocol: 1 0 1 True False start Source True 0 0 0 0 2 True False start Destination True 0 0 0 4 2 270 True False start If you enable local forwarding, you have to specify a port. This port has to be different to the source port. True True 0 0 0 5 2 Local forwarding True True False False start True 0.5 True 0 6 2 Forward to another port True True False False start True 0.5 True 0 7 2 True False 0 3 2 True False start start True tcp udp sctp dccp 1 1 True True start True 11 11 11 1 2 True True start True 60 True 25 60 1 8 True True start True 11 11 11 1 9 False True 1 True True 1 button15 forwardDialogOkButton False 5 Base Helper Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base helper settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False 6 6 6 True False end Name: 1 0 0 True True True 1 2 250 80 True True True True in True True True word 1 3 True False end Version: 1 0 1 True True True 1 1 True False end Short: 1 0 2 True False end Description: 1 0 3 True False Family: 1 0 5 True False start True All IPv4 IPv6 1 5 True False end Module: 1 0 4 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 1 4 True True True 1 0 True True 2 True True 1 helperBaseDialogCancelButton helperBaseDialogOkButton 300 False 5 Helper True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select a helper: True 0 0 False False 0 True True 6 in True True False True True 1 True True 1 helperDialogCancelButton helperDialogOkButton False 5 Base ICMP Type Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base ICMP type settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False 6 6 6 True False end Name: 1 0 0 True True True 1 0 True True True 1 2 250 80 True True True True in True True True word 1 3 True False end Version: 1 0 1 True True True 1 1 True False end Short: 1 0 2 True False end Description: 1 0 3 True True 2 True True 1 icmpBaseDialogCancelButton icmpBaseDialogOkButton 300 False 5 ICMP Type True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select an ICMP type True 0 0 False False 0 True True 6 in True True True True 1 True True 1 icmptypeDialogCancelButton icmptypeDialogOkButton True False gtk-refresh True False gtk-add True False gtk-preferences True False gtk-preferences True False gtk-add True False False Add Entry True False True image13 False Add Entries From File True False True image17 False True False gtk-remove True False gtk-remove True False gtk-preferences True False gtk-remove True False False Remove Selected Entry True False True image20 False Remove All Entries True False True image18 False Remove Entries From File True False True image19 False True False gtk-preferences True False gtk-preferences 870 600 True False Firewall Configuration 870 600 True False vertical True False True False _File True True False gtk-quit True False True True True False _Options True True False Reload Firewalld True False Reloads firewall rules. Current permanent configuration will become new runtime configuration. i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. image1 False True False True False Change which zone a network connection belongs to. Change Zones of Connections... Change Default Zone True False Change default zone for connections or interfaces. image15 False Change Log Denied True False Change LogDenied value. image16 False Configure Automatic Helper Assigment True False Configure Automatic Helper Assignment setting. image21 False True False True False Panic mode means that all incoming and outgoing packets are dropped. Panic Mode True True False Lockdown locks firewall configuration so that only applications on lockdown whitelist are able to change it. Lockdown True True False True False Make runtime configuration permanent Runtime To Permanent True True False _View True True False True False IPSets True True False ICMP Types True True False Helpers True True False Direct Configuration True True False Lockdown Whitelist True True False Active Bindings True True False _Help True True False gtk-about True False True True False True 0 True False True True True True 200 True True False 6 6 True False True True vertical 6 True True True True out True True False False True 0 True False 6 start Change Zone True True False True True Change zone of binding image8 False True 0 False True 1 1 1 True True True Hide active runtime bindings of connections, interfaces and sources to zones none 0 True False 6 True False down none False True 0 True False Active Bindings False True 1 1 0 True True True Show active runtime bindings of connections, interfaces and sources to zones start True none True False vertical 6 True False False True 0 True False Active Bindings 90 False True 1 0 0 2 False False True False 6 vertical 6 True False 6 True False Configuration: 0 False True 0 True False Currently visible configuration. Runtime configuration is the actual active configuration. Permanent configuration will be active after service or system reload or restart. False True 1 False True 0 True True True True False 6 vertical 6 True False start A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules. The zone can be bound to interfaces and source addresses. True 0 0 False True 0 True True 6 175 True True False vertical False Zone 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False Add Zone True gtk-add False True True False Edit Zone True gtk-edit False True True False Remove Zone True gtk-remove False True True False Load Zone Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Here you can define which services are trusted in the zone. Trusted services are accessible from all hosts and networks that can reach the machine from connections, interfaces and sources bound to this zone. True True 0 0 False False 0 True False 6 True True out True True True True 0 True True 1 True False Services False True False 6 vertical 6 True False Add additional ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Port True False True 0 gtk-edit True False True False True True Edit Port True False True 1 gtk-remove True False True False True True Remove Port True False True 2 False True 2 1 True False Ports 1 False True False 6 vertical 6 True False Add protocols, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Protocol True False True 0 gtk-edit True False True False True True Edit Protocol True False True 1 gtk-remove True False True False True True Remove Protocol True False True 2 False True 2 2 True False Protocols 2 False True False 6 vertical 6 True False Add additional source ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Port True False True 0 gtk-edit True False True False True True Edit Port True False True 1 gtk-remove True False True False True True Remove Port True False True 2 False True 2 3 True False Source Ports 3 False True False 6 vertical 6 True False Masquerading allows you to set up a host or router that connects your local network to the internet. Your local network will not be visible and the hosts appear as a single address on the internet. Masquerading is IPv4 only. True 0 0 False False 0 True False start False True Masquerade zone True True False start 0 True False True 1 True False If you enable masquerading, IP forwarding will be enabled for your IPv4 networks. True 0 0 False True 2 4 True False Masquerading 4 False True False 6 vertical 6 True False Add entries to forward ports either from one port to another on the local system or from the local system to another system. Forwarding to another system is only useful if the interface is masqueraded. Port forwarding is IPv4 only. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Forward Port True False True 0 gtk-edit True False True False True True Edit Forward Port True False True 1 gtk-remove True False True False True True Remove Forward Port True False True 2 False True 2 5 True False Port Forwarding 5 False True False 6 vertical 6 True False The Internet Control Message Protocol (ICMP) is mainly used to send error messages between networked computers, but additionally for informational messages like ping requests and replies. True 0 0 False False 0 True True 250 True True True out True True False False True False 6 True False vertical 6 True False Mark the ICMP types in the list, which should be rejected. All other ICMP types are allowed to pass the firewall. The default is no limitation. True 0 0 False False 0 True False If Invert Filter is enabled, marked ICMP entries are accepted and the others are rejected. In a zone with the target DROP, they are dropped. True True 0 0 False False 1 True False start False True Invert Filter True True False start 0 True False True 2 True False True True 2 6 True False ICMP Filter 6 False True False 6 vertical 6 True False Here you can set rich language rules for the zone. True True 0 0 False False 0 True False 6 True True out True True True True 0 True True 1 True False 6 start gtk-add True True False True True Add Rich Rule True False True 0 gtk-edit True False True False True True Edit Rich Rule True False True 1 gtk-remove True False True False True True Remove Rich Rule True False True 2 False True 2 7 True False Rich Rules 7 False True False 6 vertical 6 True False Add entries to bind interfaces to the zone. If the interface will be used by a connection, the zone will be set to the zone specified in the connection. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Interface True False True 0 gtk-edit True False True False True True Edit Interface True False True 1 gtk-remove True False True False True True Remove Interface True False True 2 False True 2 8 True False Interfaces 8 False True False 6 vertical 6 True False Add entries to bind source addresses or areas to the zone. You can also bind to a MAC source address, but with limitations. Port forwarding and masquerading will not work for MAC source bindings. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Source True False True 0 gtk-edit True False True False True True Edit Source True False True 1 gtk-remove True False True False True True Remove Source True False True 2 False True 2 9 True False Sources 9 False True False True True 1 True False Zones False True False 6 vertical 6 True False start A firewalld service is a combination of ports, protocols, modules and destination addresses. True 0 0 False True 0 True True 6 175 True True False vertical False Service 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add Service Add Service True gtk-add False True True False True Edit Service Edit Service True gtk-edit False True True False True Remove Service Remove Service True gtk-remove False True True False True Load Service Defaults Load Service Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Add additional ports or port ranges, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 True False Ports False True False 6 vertical 6 True False Add protocols, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 1 True False Protocols 1 False True False 6 vertical 6 True False start Add additional source ports or port ranges, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 2 True False Source Port 2 False True False 6 vertical 6 True False Netfilter helper modules are needed for some services. True 0 0 False False 0 True True out True True False False True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 3 True False Modules 3 False True False 6 vertical 6 True False If you specify destination addresses, the service entry will be limited to the destination address and type. If both entries are empty, there is no limitation. True 0 0 False False 1 True False 6 6 True False IPv4: 0 0 True False IPv6: 0 1 True True False True True False 4 True False 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 1 0 True True False True True False 4 True False 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 1 1 False True 2 4 True False Destination 4 False True False True True 1 True False Services can only be changed in the permanent configuration view. The runtime configuration of services is fixed. True 0 False True 2 1 True False Services 1 False True False 6 vertical 6 True False start An IPSet can be used to create white or black lists and is able to store for example IP addresses, port numbers or MAC addresses. True 0 0 False True 0 True True 6 175 True True False vertical False IPSet 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add IPSet Add IPSet True gtk-add False True True False True Edit IPSet Edit IPSet True gtk-edit False True True False True Remove IPSet Remove IPSet True gtk-remove False True True False True Load IPSet Defaults Load IPSet Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Entries of the IPSet. You will only be able to see entries of ipsets that are not using the timeout option, also only the entries, that have been added by firewalld. Entries, that have been directly added with the ipset command wil not be listed here. True 0 0 False False 0 True False vertical 6 True True out True True False True True 0 False 12 12 This IPSet uses the timeout option, therefore no entries are visible here. The entries should be taken care directly with the ipset command. True 0 0 False False 1 True True 1 True False 6 start True True True True ipsetConfAddEntryMenu False True False center 3 True False gtk-add False True 0 True False Add False True 1 True False down False True 2 True True 0 gtk-edit True False True False True True Edit Entry True False True 1 True True True True ipsetConfRemoveEntryMenu False True False center 3 True False gtk-remove False True 0 True False Remove False True 1 True False down False True 2 True True 2 False True 2 True False Entries False True False True True 1 True False IPSets can only be created or deleted in the permanent configuration view. True 0 False True 2 2 True False IPSets 2 False True False 6 vertical 6 True False start A firewalld icmptype provides the information for an Internet Control Message Protocol (ICMP) type for firewalld. True 0 0 False True 0 True True 6 175 True True False vertical False ICMP Type 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add ICMP Type Add ICMP Type True gtk-add False True True False True Edit ICMP Type Edit ICMP Type True gtk-edit False True True False True Remove ICMP Type Remove ICMP Type True gtk-remove False True True False True Load ICMP Type Defaults Load ICMP Type Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False Specify whether this ICMP Type is available for IPv4 and/or IPv6. True 0 0 False False 0 True False False True IPv4 True True False 0 True False True 1 True False False True IPv6 True True False 0 True False False 2 True False Destination False True False True True 1 True False ICMP Types can only be changed in the permanent configuration view. The runtime configuration of ICMP Types is fixed. True 0 False True 2 3 True False ICMP Types 3 False True False 6 vertical 6 True False start A connection tracking helper is assisting to make protocols work that are using different flows for signaling and data transfers. The data transfers are using ports that are unrelated to the signaling connection and are therefore blocked by the firewall without the helper. True 0 0 False True 0 True True 6 175 True True False vertical False Helper 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add Service Add Service True gtk-add False True True False True Edit Service Edit Service True gtk-edit False True True False True Remove Service Remove Service True gtk-remove False True True False True Load Service Defaults Load Service Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Define ports or port ranges, which are monitored by the helper. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 True False Ports False True False True True 1 True False Services can only be changed in the permanent configuration view. The runtime configuration of services is fixed. True 0 False True 2 4 True False Helpers 4 False False 6 vertical 6 True False start The direct configuration gives a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. tables, chains, commands, parameters and targets. Direct configuration should be used only as a last resort when it is not possible to use other firewalld features. True 0 0 False True 0 True False start The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for iptables, with ipv6 for ip6tables and with eb for ethernet bridges (ebtables). True 0 0 False True 1 True False 6 vertical True True True False 6 vertical 6 True False start Additional chains for use with rules. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Chain True False True 0 gtk-edit True False True False True True Edit Chain True False True 1 gtk-remove True False True False True True Remove Chain True False True 2 False True 2 True False Chains False True False 6 vertical 6 True False start Add a rule with the arguments args to a chain in a table with a priority. True 0 0 False False 1 True False start The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. True 0 0 False False 2 True False 6 True True out True True False True True 0 True True 3 True False 6 start gtk-add True True False True True Add Rule True False True 0 gtk-edit True False True False True True Edit Rule True False True 1 gtk-remove True False True False True True Remove Rule True False True 2 False True 4 1 True False Rules 1 False True False 6 vertical 6 True False start The passthrough rules are directly passed through to the firewall and are not placed in special chains. All iptables, ip6tables and ebtables options can be used. True 0 0 False False 0 True False start Please be careful with passthrough rules to not damage the firewall. True 0 0 False False 2 True False 6 True True out True True False True True 0 True True 3 True False 6 start gtk-add True True False True True Add Passthrough True False True 0 gtk-edit True False True False True True Edit Passthrough True False True 1 gtk-remove True False True False True True Remove Passthrough True False True 2 False True 4 2 True False Passthrough 2 False True True 0 True True 3 5 True False Direct Configuration 5 False False 6 vertical 6 True False The lockdown feature is a light version of user and application policies for firewalld. It limits changes to the firewall. The lockdown whitelist can contain commands, contexts, users and user ids. True 0 0 False True 0 True False 6 vertical True True True False 6 vertical 6 True False The context is the security (SELinux) context of a running application or service. To get the context of a running application use <tt>ps -e --context</tt>. True True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Context True False True 0 gtk-edit True False True False True True Edit Context True False True 1 gtk-remove True False True False True True Remove Context True False True 2 False True 2 True False Contexts False True False 6 vertical 6 True False If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Command Line True False True 0 gtk-edit True False True False True True Edit Command Line True False True 1 gtk-remove True False True False True True Remove Command Line True False True 2 False True 2 1 True False Command lines 1 False True False 6 vertical 6 True False User names. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add User Name True False True 0 gtk-edit True False True False True True Edit User Name True False True 1 gtk-remove True False True False True True Remove User Name True False True 2 False True 2 2 True False User names 2 False True False 6 vertical 6 True False User ids. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add User Id True False True 0 gtk-edit True False True False True True Edit User Id True False True 1 gtk-remove True False True False True True Remove User Id True False True 2 False True 2 3 True False User Ids 3 False True True 0 True True 2 6 True False Lockdown Whitelist 6 False True True 1 True False -1 True True 1 True False False True 2 True False 6 6 3 3 6 True False True 0 False True 0 True False True 0 False True 1 False True 3 True False 6 6 3 3 3 3 True False True Current default zone of the system. Current default zone of the system. label 0 1 0 True False 6 Log Denied: right 1 2 0 True False True Current default zone of the system. Current default zone of the system. label 0 3 0 True False 6 Panic Mode: right 1 4 0 True False True Current default zone of the system. Current default zone of the system. label 0 5 0 True False 6 Automatic Helpers: right 1 6 0 True False True Current default zone of the system. Current default zone of the system. label 0 7 0 True False 6 Lockdown: right 1 8 0 True False True Current default zone of the system. Current default zone of the system. label 0 9 0 True False Default Zone: right 1 0 0 False True 4 True False False True 6 False 5 Interface True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter an interface name: True 0 0 False False 0 True False 6 vertical True True 60 True 50 none False True 0 False True 1 True True 1 interfaceDialogCancelButton interfaceDialogOkButton False 5 Base IPSet Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base ipset settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False True True 6 6 6 True True True True 1 1 True True True True 1 2 250 80 True True True True in True True True True word 1 3 True False Name: 1 0 0 True True True True 1 0 True False Version: 1 0 1 True False Short: 1 0 2 True False Description: 1 0 3 True False Type: 1 0 4 True False start True inet inet6 1 5 True False Timeout: middle 1 0 6 True False Hashsize: middle 1 0 7 True False Maxelem: middle 1 0 8 True True Timeout value in seconds number 1 6 True True Initial hash size, default 1024 number 1 7 True True Max number of elements, default 65536 number 1 8 True False Family: True 1 0 5 True False start 3 True False start True False True 0 True False False True 1 1 4 False True 2 True True 1 ipsetBaseDialogCancelButton ipsetBaseDialogOkButton 300 300 False 5 IPSet True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select an ipset: True 0 0 False False 0 True True 6 in True True True True 1 True True 1 ipsetDialogCancelButton ipsetDialogOkButton False 5 Entry True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter an ipset entry: True 0 0 False False 0 True False start 6 vertical 6 True True start 1024 True 50 60 none True True 0 True False 3 True False Type: False True 0 True False label False True 1 False True 1 True True 1 True True 1 ipsetEntryDialogCancelButton ipsetEntryDialogOkButton False 5 Log Denied True center-on-parent True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 5 vertical 6 False start start Please select the log denied value: True 0 0 False False 0 True False vertical True False start True 6 False True 0 False True 1 True True 1 logDeniedDialogCancelButton logDeniedDialogOkButton False 5 Address True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a MAC address. True 0 0 False False 0 True False 6 vertical True True start 17 True 17 17 none False True 0 False True 1 True True 1 macDialogCancelButton macDialogOkButton False 5 Mark True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a mark with an optional mask. True 0 0 False False 0 False start The mark and the mask fields are both 32 bits wide unsigned numbers. True 0 0 False False 1 True False 6 6 6 True False end Mark: 1 0 0 True True start 10 True 10 10 1 0 True False end Mask: 1 0 1 True True start 10 True 10 10 1 1 False True 2 True True 1 markDialogCancelButton markDialogOkButton False 5 Helper True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select a netfilter conntrack helper: True 0 0 False False 0 True False 6 6 6 True False end Module: 1 0 0 True False start True - Select - 1 0 True True start True 50 25 50 1 1 Other Module: True True False end 0 right True 0 1 True True 1 True True 1 moduleDialogCancelButton moduleDialogOkButton False 5 Port and Protocol True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a port and protocol. True 0 0 False False 0 True False 6 6 6 True False end Port / Port Range: 1 0 0 True True start 32 True 11 32 1 0 True False start tcp udp sctp dccp 1 1 True False end Protocol: 1 0 1 False True 1 True True 1 portDialogCancelButton portDialogOkButton -99999999 99999999 1 10 False 5 Direct Rule True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select ipv and table, chain priority and enter the args. True 0 0 False False 0 True False 6 6 6 True False ipv: 1 0 0 True False start 1 1 True True start start 31 31 31 1 2 True False start ipv4 ipv6 eb 1 0 True True start True 1024 50 1 4 True True start 8 8 1 number priority_adjustment 1 True 1 3 True False Table: 1 0 1 True False Chain: 1 0 2 True False Priority: 1 0 3 True False Args: 1 0 4 True True 1 True True 1 directRuleDialogCancelButton directRuleDialogOkButton False 5 Protocol True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 3 False start Please enter a protocol. True 0 0 False False 0 True False 6 6 6 True False end Protocol: 1 0 0 True False start True - Select - ah esp dccp ddp icmp ipv6-icmp igmp mux sctp tcp udp 1 0 True True start True 50 25 50 1 1 Other Protocol: True True False end 0.5 right True 0 1 True True 1 False True 1 protoDialogCancelButton protoDialogOkButton -32768 32767 1 10 False 5 Rich Rule dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a rich rule. True 0 0 False False 0 False start For host or network white or blacklisting deactivate the element. True 0 0 False False 1 True False 6 6 6 True False end Source: 1 0 7 True False end Destination: 1 0 9 Log: True True False end 1 True 0 11 Audit: True True False end 1 True 0 13 True False start ipv4 and ipv6 ipv4 ipv6 1 0 True False True 3 True False IP MAC ipset False True 0 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 1 inverted True True False start 0.5 True False True 2 1 7 True False True 3 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 0 inverted True True False start 0.5 True False True 1 1 9 True False True vertical 3 True False 5 True False start start accept reject drop mark False True 0 True False vertical 3 True False To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' (not both). True 6 with Type: True True False 0.5 True True False True 0 True True start True True 1 False True 0 True False True 6 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 0 False True 1 False True 1 True True 0 True False 3 With limit: True True False end 0.5 True True False True 0 True False 3 True True 8 8 False True 0 True False / False True 2 True False second minute hour day False True 3 False True 1 False True 1 1 5 True False True 6 3 True False end Prefix: 1 0 0 True False end Level: 1 0 1 True True True 29 True 29 1 0 True False start emergency alert critical error warning notice info debug 1 1 True False 3 With limit: True True False end 0.5 True False True 0 True False 3 True True 8 8 False True 0 True False / False True 2 True False second minute hour day False True 3 False True 1 0 2 2 1 11 True False True 3 With limit: True True False end 0.5 True False True 0 True False 3 True True 8 8 False True 0 True False / False True 2 True False second minute hour day False True 3 False True 1 1 13 True False True 6 True False start service port protocol icmp-block icmp-type forward-port source-port masquerade False True 0 True True False True start True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-properties 1 False True 2 True True 1 1 3 True False end Family: 1 0 0 Element: True True False end 1 True 0 3 True False 0 2 2 True False 0 4 2 True False 0 6 2 True False 0 8 2 True False 0 10 2 True False 0 12 2 Action: True True False end 1 True 0 5 True False Priority: 1 0 1 True True number rich_rule_priority_adjustment True 1 1 False True 2 True True 1 richRuleDialogCancelButton richRuleDialogOkButton False 5 Base Service Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base service settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False True True 6 6 6 True False Name: 1 0 0 True True True 1 0 True True True 1 2 250 80 True True True True in True True True True word 1 3 True False Short: 1 0 2 True False Description: 1 0 3 True False Version: 1 0 1 True True True 1 1 False True 2 True True 1 serviceBaseDialogCancelButton serviceBaseDialogOkButton 300 False 5 Service True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select a service. True 0 0 False False 0 True True 6 in True True True True 1 True True 1 serviceDialogCancelButton serviceDialogOkButton False 5 Source True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a source. True 0 0 False False 0 True False True 6 3 True False IP MAC ipset False True 0 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 1 False True 1 True True 1 sourceDialogCancelButton sourceDialogOkButton False 5 User ID True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the user id. True 0 0 False False 0 True False 6 vertical True True start 5 True 5 5 False True 0 False True 1 True True 1 uidDialogCancelButton uidDialogOkButton False 5 User name True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the user name. True 0 0 False False 0 True False 6 vertical True True True 256 True 20 False True 0 False True 1 True True 1 userDialogCancelButton userDialogOkButton False popup popup-menu True False 0 in True False 6 vertical 6 True False label False True 0 200 50 True False True True 1 True True True center gtk-quit True True True True True True False True 0 False True end 2 False 5 Base Zone Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base zone settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False True True 6 6 6 True True True True 1 1 True True True True 1 2 250 80 True True True True in True True True True word 1 3 Default Target True True False start 0.5 True 1 4 True False start True ACCEPT DROP REJECT 1 5 True False Name: 1 0 0 True True start True 17 True 17 17 1 0 True False Version: 1 0 1 True False Short: 1 0 2 True False Description: 1 0 3 True False Target: 1 0 4 True False middle 1 0 5 False True 2 True True 1 zoneBaseDialogCancelButton zoneBaseDialogOkButton firewalld-0.8.2/src/firewalld0000775007115300711530000001555713641123204017353 0ustar00egarveregarver00000000000000#!/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # python fork magic derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Dan Walsh import os import sys import dbus import traceback import argparse from firewall import config from firewall.functions import firewalld_is_active from firewall.core.logger import log, FileLog def parse_cmdline(): parser = argparse.ArgumentParser() parser.add_argument('--debug', nargs='?', const=1, default=0, type=int, choices=range(1, log.DEBUG_MAX+1), help="""Enable logging of debug messages. Additional argument in range 1..%s can be used to specify log level.""" % log.DEBUG_MAX, metavar="level") parser.add_argument('--debug-gc', help="""Turn on garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks.""", action="store_true") parser.add_argument('--nofork', help="""Turn off daemon forking, run as a foreground process.""", action="store_true") parser.add_argument('--nopid', help="""Disable writing pid file and don't check for existing server process.""", action="store_true") parser.add_argument('--system-config', help="""Path to firewalld system configuration""", metavar="path") parser.add_argument('--default-config', help="""Path to firewalld default configuration""", metavar="path") parser.add_argument('--log-file', help="""Path to firewalld log file""", metavar="path") return parser.parse_args() def setup_logging(args): # Set up logging capabilities log.setDateFormat("%Y-%m-%d %H:%M:%S") log.setFormat("%(date)s %(label)s%(message)s") log.setInfoLogging("*", log.syslog, [ log.FATAL, log.ERROR, log.WARNING ], fmt="%(label)s%(message)s") log.setDebugLogLevel(log.NO_INFO) log.setDebugLogLevel(log.NO_DEBUG) if args.debug: log.setInfoLogLevel(log.INFO_MAX) log.setDebugLogLevel(args.debug) if args.nofork: log.addInfoLogging("*", log.stdout) log.addDebugLogging("*", log.stdout) log_file = FileLog(config.FIREWALLD_LOGFILE, "a") try: log_file.open() except IOError as e: log.error("Failed to open log file '%s': %s", config.FIREWALLD_LOGFILE, str(e)) else: log.addInfoLogging("*", log_file, [ log.FATAL, log.ERROR, log.WARNING ]) log.addDebugLogging("*", log_file) if args.debug: log.addInfoLogging("*", log_file) log.addDebugLogging("*", log_file) def startup(args): try: if not args.nofork: # do the UNIX double-fork magic, see Stevens' "Advanced # Programming in the UNIX Environment" for details (ISBN 0201563177) pid = os.fork() if pid > 0: # exit first parent sys.exit(0) # decouple from parent environment os.chdir("/") os.setsid() os.umask(os.umask(0o077) | 0o022) # Do not close the file descriptors here anymore # File descriptors are now closed in runProg before execve # Redirect the standard I/O file descriptors to /dev/null if hasattr(os, "devnull"): REDIRECT_TO = os.devnull else: REDIRECT_TO = "/dev/null" fd = os.open(REDIRECT_TO, os.O_RDWR) os.dup2(fd, 0) # standard input (0) os.dup2(fd, 1) # standard output (1) os.dup2(fd, 2) # standard error (2) if not args.nopid: # write the pid file with open(config.FIREWALLD_PIDFILE, "w") as f: f.write(str(os.getpid())) if not os.path.exists(config.FIREWALLD_TEMPDIR): os.mkdir(config.FIREWALLD_TEMPDIR, 0o750) if args.system_config: config.set_system_config_paths(args.system_config) if args.default_config: config.set_default_config_paths(args.default_config) # Start the server mainloop here from firewall.server import server server.run_server(args.debug_gc) # Clean up on exit if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) except OSError as e: log.fatal("Fork #1 failed: %d (%s)" % (e.errno, e.strerror)) log.error(traceback.format_exc()) if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except dbus.exceptions.DBusException as e: log.fatal(str(e)) log.error(traceback.format_exc()) if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except IOError as e: log.fatal(str(e)) log.error(traceback.format_exc()) if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) def main(): # firewalld should only be run as the root user if os.getuid() != 0: print("You need to be root to run %s." % sys.argv[0]) sys.exit(-1) # Process the command-line arguments args = parse_cmdline() if args.log_file: config.FIREWALLD_LOGFILE = args.log_file setup_logging(args) # Don't attempt to run two copies of firewalld simultaneously if not args.nopid and firewalld_is_active(): log.fatal("Not starting FirewallD, already running.") sys.exit(1) startup(args) sys.exit(0) if __name__ == '__main__': main() firewalld-0.8.2/src/firewall-cmd.in0000775007115300711530000034771713641105304020364 0ustar00egarveregarver00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClient, FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings from firewall.errors import FirewallError from firewall import errors from firewall.functions import joinArgs, splitArgs from firewall.core.fw_nm import nm_is_imported, \ nm_get_connection_of_interface, nm_get_zone_of_connection, \ nm_set_zone_of_connection, nm_get_interfaces_in_zone from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand def __usage(): sys.stdout.write(""" Usage: firewall-cmd [OPTIONS...] General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Permanent Options --permanent Set an option permanently Usable for options marked with [P] Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-active-zones Print currently active zones --get-zones Print predefined zones [P] --get-services Print predefined services [P] --get-icmptypes Print predefined icmptypes [P] --get-zone-of-interface= Print name of the zone the interface is bound to [P] --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to [P] --list-all-zones List everything added for or enabled in all zones [P] --new-zone= Add a new zone [P only] --new-zone-from-file= [--name=] Add a new zone from file with optional name [P only] --delete-zone= Delete an existing zone [P only] --load-zone-defaults= Load zone default settings [P only] [Z] --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --get-target Get the zone target [P only] [Z] --set-target= Set the zone target [P only] [Z] --info-zone= Print information about a zone --path-zone= Print file path of a zone [P only] IPSet Options --get-ipset-types Print the supported ipset types --new-ipset= --type= [--option=[=]].. Add a new ipset [P only] --new-ipset-from-file= [--name=] Add a new ipset from file with optional name [P only] --delete-ipset= Delete an existing ipset [P only] --load-ipset-defaults= Load ipset default settings [P only] --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset [P only] --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset [P only] --ipset= --get-description Print description for ipset [P only] --ipset= --set-short= Set new short description to ipset [P only] --ipset= --get-short Print short description for ipset [P only] --ipset= --add-entry= Add a new entry to an ipset [P] --ipset= --remove-entry= Remove an entry from an ipset [P] --ipset= --query-entry= Return whether ipset has an entry [P] --ipset= --get-entries List entries of an ipset [P] --ipset= --add-entries-from-file= Add a new entries to an ipset [P] --ipset= --remove-entries-from-file= Remove entries from an ipset [P] IcmpType Options --new-icmptype= Add a new icmptype [P only] --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name [P only] --delete-icmptype= Delete an existing icmptype [P only] --load-icmptype-defaults= Load icmptype default settings [P only] --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype [P only] --icmptype= --set-description= Set new description to icmptype [P only] --icmptype= --get-description Print description for icmptype [P only] --icmptype= --set-short= Set new short description to icmptype [P only] --icmptype= --get-short Print short description for icmptype [P only] --icmptype= --add-destination= Enable destination for ipv in icmptype [P only] --icmptype= --remove-destination= Disable destination for ipv in icmptype [P only] --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype [P only] --icmptype= --get-destinations List destinations in icmptype [P only] Service Options --new-service= Add a new service [P only] --new-service-from-file= [--name=] Add a new service from file with optional name [P only] --delete-service= Delete an existing service [P only] --load-service-defaults= Load icmptype default settings [P only] --info-service= Print information about a service --path-service= Print file path of a service [P only] --service= --set-description= Set new description to service [P only] --service= --get-description Print description for service [P only] --service= --set-short= Set new short description to service [P only] --service= --get-short Print short description for service [P only] --service= --add-port=[-]/ Add a new port to service [P only] --service= --remove-port=[-]/ Remove a port from service [P only] --service= --query-port=[-]/ Return whether the port has been added for service [P only] --service= --get-ports List ports of service [P only] --service= --add-protocol= Add a new protocol to service [P only] --service= --remove-protocol= Remove a protocol from service [P only] --service= --query-protocol= Return whether the protocol has been added for service [P only] --service= --get-protocols List protocols of service [P only] --service= --add-source-port=[-]/ Add a new source port to service [P only] --service= --remove-source-port=[-]/ Remove a source port from service [P only] --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service [P only] --service= --add-helper= Add a new helper to service [P only] --service= --remove-helper= Remove a helper from service [P only] --service= --query-helper= Return whether the helper has been added for service [P only] --service= --get-service-helpers List helpers of service [P only] --service= --set-destination=:
[/] Set destination for ipv to address in service [P only] --service= --remove-destination= Disable destination for ipv i service [P only] --service= --query-destination=:
[/] Return whether destination ipv is set for service [P only] --service= --get-destinations List destinations in service [P only] --service= --add-include= Add a new include to service [P only] --service= --remove-include= Remove a include from service [P only] --service= --query-include= Return whether the include has been added for service [P only] --service= --get-includes List includes of service [P only] Options to Adapt and Query Zones --list-all List everything added for or enabled in a zone [P] [Z] --list-services List services added for a zone [P] [Z] --timeout= Enable an option for timeval time, where timeval is a number followed by one of letters 's' or 'm' or 'h' Usable for options marked with [T] --set-description= Set new description to zone [P only] [Z] --get-description Print description for zone [P only] [Z] --set-short= Set new short description to zone [P only] [Z] --get-short Print short description for zone [P only] [Z] --add-service= Add a service for a zone [P] [Z] [T] --remove-service= Remove a service from a zone [P] [Z] --query-service= Return whether service has been added for a zone [P] [Z] --list-ports List ports added for a zone [P] [Z] --add-port=[-]/ Add the port for a zone [P] [Z] [T] --remove-port=[-]/ Remove the port from a zone [P] [Z] --query-port=[-]/ Return whether the port has been added for zone [P] [Z] --list-protocols List protocols added for a zone [P] [Z] --add-protocol= Add the protocol for a zone [P] [Z] [T] --remove-protocol= Remove the protocol from a zone [P] [Z] --query-protocol= Return whether the protocol has been added for zone [P] [Z] --list-source-ports List source ports added for a zone [P] [Z] --add-source-port=[-]/ Add the source port for a zone [P] [Z] [T] --remove-source-port=[-]/ Remove the source port from a zone [P] [Z] --query-source-port=[-]/ Return whether the source port has been added for zone [P] [Z] --list-icmp-blocks List Internet ICMP type blocks added for a zone [P] [Z] --add-icmp-block= Add an ICMP block for a zone [P] [Z] [T] --remove-icmp-block= Remove the ICMP block from a zone [P] [Z] --query-icmp-block= Return whether an ICMP block has been added for a zone [P] [Z] --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [P] [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [P] [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [P] [Z] --list-forward-ports List IPv4 forward ports added for a zone [P] [Z] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port for a zone [P] [Z] [T] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port from a zone [P] [Z] --query-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Return whether the IPv4 forward port has been added for a zone [P] [Z] --add-masquerade Enable IPv4 masquerade for a zone [P] [Z] [T] --remove-masquerade Disable IPv4 masquerade for a zone [P] [Z] --query-masquerade Return whether IPv4 masquerading has been enabled for a zone [P] [Z] --list-rich-rules List rich language rules added for a zone [P] [Z] --add-rich-rule= Add rich language rule 'rule' for a zone [P] [Z] [T] --remove-rich-rule= Remove rich language rule 'rule' from a zone [P] [Z] --query-rich-rule= Return whether a rich language rule 'rule' has been added for a zone [P] [Z] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [P] [Z] --add-interface= Bind the to a zone [P] [Z] --change-interface= Change zone the is bound to [P] [Z] --query-interface= Query whether is bound to a zone [P] [Z] --remove-interface= Remove binding of from a zone [P] [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [P] [Z] --add-source=[/]||ipset: Bind the source to a zone [P] [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [P] [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [P] [Z] Helper Options --new-helper= --module= [--family=] Add a new helper [P only] --new-helper-from-file= [--name=] Add a new helper from file with optional name [P only] --delete-helper= Delete an existing helper [P only] --load-helper-defaults= Load helper default settings [P only] --info-helper= Print information about an helper --path-helper= Print file path of an helper [P only] --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper [P only] --helper= --get-description Print description for helper [P only] --helper= --set-short= Set new short description to helper [P only] --helper= --get-short Print short description for helper [P only] --helper= --add-port=[-]/ Add a new port to helper [P only] --helper= --remove-port=[-]/ Remove a port from helper [P only] --helper= --query-port=[-]/ Return whether the port has been added for helper [P only] --helper= --get-ports List ports of helper [P only] --helper= --set-module= Set module to helper [P only] --helper= --get-module Get module from helper [P only] --helper= --set-family={ipv4|ipv6|} Set family for helper [P only] --helper= --get-family Get module from helper [P only] Direct Options --direct First option for all direct options --get-all-chains Get all chains [P] --get-chains {ipv4|ipv6|eb}
Get all chains added to the table [P] --add-chain {ipv4|ipv6|eb}
Add a new chain to the table [P] --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table [P] --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table [P] --get-all-rules Get all rules [P] --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table [P] --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table [P] --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table [P] --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table [P] --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table [P] --passthrough {ipv4|ipv6|eb} ... Pass a command through (untracked by firewalld) --get-all-passthroughs Get all tracked passthrough rules [P] --get-passthroughs {ipv4|ipv6|eb} ... Get tracked passthrough rules [P] --add-passthrough {ipv4|ipv6|eb} ... Add a new tracked passthrough rule [P] --remove-passthrough {ipv4|ipv6|eb} ... Remove a tracked passthrough rule [P] --query-passthrough {ipv4|ipv6|eb} ... Return whether the tracked passthrough rule has been added [P] Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist [P] --add-lockdown-whitelist-command= Add the command to the whitelist [P] --remove-lockdown-whitelist-command= Remove the command from the whitelist [P] --query-lockdown-whitelist-command= Query whether the command is on the whitelist [P] --list-lockdown-whitelist-contexts List all contexts that are on the whitelist [P] --add-lockdown-whitelist-context= Add the context context to the whitelist [P] --remove-lockdown-whitelist-context= Remove the context from the whitelist [P] --query-lockdown-whitelist-context= Query whether the context is on the whitelist [P] --list-lockdown-whitelist-uids List all user ids that are on the whitelist [P] --add-lockdown-whitelist-uid= Add the user id uid to the whitelist [P] --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist [P] --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist [P] --list-lockdown-whitelist-users List all user names that are on the whitelist [P] --add-lockdown-whitelist-user= Add the user name user to the whitelist [P] --remove-lockdown-whitelist-user= Remove the user name user from the whitelist [P] --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist [P] Panic Options --panic-on Enable panic mode --panic-off Disable panic mode --query-panic Query whether panic mode is enabled """) def try_set_zone_of_interface(_zone, interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: if _zone == nm_get_zone_of_connection(connection): if _zone == "": cmd.print_warning("The interface is under control of NetworkManager and already bound to the default zone") else: cmd.print_warning("The interface is under control of NetworkManager and already bound to '%s'" % _zone) if _zone == "": cmd.print_msg("The interface is under control of NetworkManager, setting zone to default.") else: cmd.print_msg("The interface is under control of NetworkManager, setting zone to '%s'." % _zone) nm_set_zone_of_connection(_zone, connection) return True return False def try_get_zone_of_interface(interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: return nm_get_zone_of_connection(connection) return False def try_nm_get_interfaces_in_zone(zone): if nm_is_imported(): try: return nm_get_interfaces_in_zone(zone) except Exception: pass return [] parser = argparse.ArgumentParser(usage="see firewall-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--state", action="store_true") parser_group_standalone.add_argument("--reload", action="store_true") parser_group_standalone.add_argument("--complete-reload", action="store_true") parser_group_standalone.add_argument("--runtime-to-permanent", action="store_true") parser_group_standalone.add_argument("--check-config", action="store_true") parser_group_standalone.add_argument("--get-ipset-types", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--panic-on", action="store_true") parser_group_standalone.add_argument("--panic-off", action="store_true") parser_group_standalone.add_argument("--query-panic", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-active-zones", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--permanent", action="store_true") parser.add_argument("--zone", default="", metavar="") parser.add_argument("--timeout", default="0", metavar="") parser_group_zone = parser.add_mutually_exclusive_group() parser_group_zone.add_argument("--add-interface", metavar="", action='append') parser_group_zone.add_argument("--remove-interface", metavar="", action='append') parser_group_zone.add_argument("--query-interface", metavar="", action='append') parser_group_zone.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone.add_argument("--list-interfaces", action="store_true") parser_group_zone.add_argument("--add-source", metavar="", action='append') parser_group_zone.add_argument("--remove-source", metavar="", action='append') parser_group_zone.add_argument("--query-source", metavar="", action='append') parser_group_zone.add_argument("--change-source", metavar="", action='append') parser_group_zone.add_argument("--list-sources", action="store_true") parser_group_zone.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone.add_argument("--add-service", metavar="", action='append') parser_group_zone.add_argument("--remove-service", metavar="", action='append') parser_group_zone.add_argument("--query-service", metavar="", action='append') parser_group_zone.add_argument("--add-port", metavar="", action='append') parser_group_zone.add_argument("--remove-port", metavar="", action='append') parser_group_zone.add_argument("--query-port", metavar="", action='append') parser_group_zone.add_argument("--add-protocol", metavar="", action='append') parser_group_zone.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone.add_argument("--query-protocol", metavar="", action='append') parser_group_zone.add_argument("--add-source-port", metavar="", action='append') parser_group_zone.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone.add_argument("--query-source-port", metavar="", action='append') parser_group_zone.add_argument("--add-masquerade", action="store_true") parser_group_zone.add_argument("--remove-masquerade", action="store_true") parser_group_zone.add_argument("--query-masquerade", action="store_true") parser_group_zone.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone.add_argument("--list-rich-rules", action="store_true") parser_group_zone.add_argument("--list-services", action="store_true") parser_group_zone.add_argument("--list-ports", action="store_true") parser_group_zone.add_argument("--list-protocols", action="store_true") parser_group_zone.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone.add_argument("--list-forward-ports", action="store_true") parser_group_zone.add_argument("--list-source-ports", action="store_true") parser_group_zone.add_argument("--list-all", action="store_true") parser_group_zone.add_argument("--get-target", action="store_true") parser_group_zone.add_argument("--set-target", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser.add_argument("--service", metavar="") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## args = sys.argv[1:] if len(sys.argv) > 1: i = -1 if '--passthrough' in args: i = args.index('--passthrough') + 1 elif '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg a = parser.parse_args(args) options_standalone = a.help or a.version or \ a.state or a.reload or a.complete_reload or a.runtime_to_permanent or \ a.panic_on or a.panic_off or a.query_panic or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_active_zones or a.get_ipset_types or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.info_helper or \ a.get_helpers options_zone_action_action = \ a.add_service or a.remove_service or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port options_zone_interfaces_sources = \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_adapt_query = \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.list_all or a.get_target or a.set_target options_zone_ops = options_zone_interfaces_sources or \ options_zone_action_action or options_zone_adapt_query options_zone = a.zone or a.timeout != "0" or options_zone_ops or \ options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = a.permanent or options_config or \ a.zone or options_zone_ops or \ a.ipset or options_ipset or \ a.helper or options_helper options_permanent_only = a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or options_desc_xml_file options_direct = a.passthrough or \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs options_require_permanent = options_permanent_only or \ a.get_target or a.set_target # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or a.get_active_zones or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description # Set quiet and verbose cmd = FirewallCommand(a.quiet, a.verbose) def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_icmptype or options_service or options_helper or \ options_config or options_zone_ops or \ options_direct or options_permanent_only): cmd.fail(parser.format_usage() + "No option specified.") if options_standalone and (options_zone or options_permanent or \ options_direct or options_permanent_only or\ options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No helper specified.") if (options_direct or options_permanent_only) and \ (options_zone and not a.zone) and (options_service and not a.service) and \ (options_icmptype and a.icmptype) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "Can't be used with --zone.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_require_permanent and not a.permanent: cmd.fail(parser.format_usage() + "Option can be used only with --permanent.") if options_config and options_zone: cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes.") if a.timeout != "0": value = 0 unit = 's' if len(a.timeout) < 1: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) == 1: if a.timeout.isdigit(): value = int (a.timeout[0]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) > 1: if a.timeout.isdigit(): value = int(a.timeout) unit = 's' else: if a.timeout[:-1].isdigit(): value = int (a.timeout[:-1]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) unit = a.timeout[-1:].lower() if unit == 's': a.timeout = value elif unit == 'm': a.timeout = value * 60 elif unit == 'h': a.timeout = value * 60 * 60 else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) else: a.timeout = 0 if a.timeout and not (a.add_service or a.add_port or a.add_protocol or \ a.add_icmp_block or a.add_forward_port or \ a.add_source_port or a.add_masquerade or a.add_rich_rule): cmd.fail(parser.format_usage() + "Wrong --timeout usage") if a.permanent: if a.timeout: cmd.fail(parser.format_usage() + "Can't specify timeout for permanent action.") if options_config and not a.zone: pass elif options_permanent: pass else: cmd.fail(parser.format_usage() + "Wrong --permanent usage.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.help: __usage() sys.exit(0) zone = a.zone try: fw = FirewallClient() except FirewallError as msg: code = FirewallError.get_code(str(msg)) cmd.print_and_exit("Error: %s" % msg, code) fw.setExceptionHandler(cmd.exception_handler) if not fw.connected: if a.state: cmd.print_and_exit ("not running", errors.NOT_RUNNING) else: cmd.print_and_exit ("FirewallD is not running", errors.NOT_RUNNING) cmd.set_fw(fw) if options_zone_ops and not zone and not \ (a.service and options_service) and not \ (a.helper and options_helper): default = fw.getDefaultZone() cmd.print_if_verbose("No zone specified, using default zone, i.e. '%s'" % default) active = list(fw.getActiveZones().keys()) if active and default not in active: cmd.print_msg("""You're performing an operation over default zone ('%s'), but your connections/interfaces are in zone '%s' (see --get-active-zones) You most likely need to use --zone=%s option.\n""" % (default, ",".join(active), active[0])) if a.permanent: if a.get_ipsets: cmd.print_and_exit(" ".join(fw.config().getIPSetNames())) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) if a.family: settings.addOption("family", a.family) config = fw.config() config.addIPSet(a.new_ipset, settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg)) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIPSet(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config().getIPSetByName(a.delete_ipset) ipset.remove() elif a.load_ipset_defaults: ipset = fw.config().getIPSetByName(a.load_ipset_defaults) ipset.loadDefaults() elif a.info_ipset: ipset = fw.config().getIPSetByName(a.info_ipset) cmd.print_ipset_info(a.info_ipset, ipset.getSettings()) sys.exit(0) elif a.path_ipset: ipset = fw.config().getIPSetByName(a.path_ipset) cmd.print_and_exit("%s/%s" % (ipset.get_property("path"), ipset.get_property("filename"))) elif a.ipset: ipset = fw.config().getIPSetByName(a.ipset) settings = ipset.getSettings() if a.add_entry: cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.remove_entry: cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.query_entry: cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.remove_entries_from_file: changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.set_description: settings.setDescription(a.set_description) ipset.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) ipset.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_zones: cmd.print_and_exit(" ".join(fw.config().getZoneNames())) elif a.new_zone: config = fw.config() config.addZone(a.new_zone, FirewallClientZoneSettings()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg)) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addZone(obj.name, obj.export_config()) elif a.delete_zone: zone = fw.config().getZoneByName(a.delete_zone) zone.remove() elif a.load_zone_defaults: zone = fw.config().getZoneByName(a.load_zone_defaults) zone.loadDefaults() elif a.info_zone: zone = fw.config().getZoneByName(a.info_zone) cmd.print_zone_info(a.info_zone, zone.getSettings(), True) sys.exit(0) elif a.path_zone: zone = fw.config().getZoneByName(a.path_zone) cmd.print_and_exit("%s/%s" % (zone.get_property("path"), zone.get_property("filename"))) elif a.get_services: cmd.print_and_exit(" ".join(fw.config().getServiceNames())) elif a.new_service: config = fw.config() config.addService(a.new_service, FirewallClientServiceSettings()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg)) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addService(obj.name, obj.export_config()) elif a.delete_service: service = fw.config().getServiceByName(a.delete_service) service.remove() elif a.load_service_defaults: service = fw.config().getServiceByName(a.load_service_defaults) service.loadDefaults() elif a.info_service: service = fw.config().getServiceByName(a.info_service) cmd.print_service_info(a.info_service, service.getSettings()) sys.exit(0) elif a.path_service: service = fw.config().getServiceByName(a.path_service) cmd.print_and_exit("%s/%s" % (service.get_property("path"), service.get_property("filename"))) elif a.get_helpers: cmd.print_and_exit(" ".join(fw.config().getHelperNames())) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) config = fw.config() config.addHelper(a.new_helper, settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg)) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addHelper(obj.name, obj.export_config()) elif a.delete_helper: helper = fw.config().getHelperByName(a.delete_helper) helper.remove() elif a.load_helper_defaults: helper = fw.config().getHelperByName(a.load_helper_defaults) helper.loadDefaults() elif a.info_helper: helper = fw.config().getHelperByName(a.info_helper) cmd.print_helper_info(a.info_helper, helper.getSettings()) sys.exit(0) elif a.path_helper: helper = fw.config().getHelperByName(a.path_helper) cmd.print_and_exit("%s/%s" % (helper.get_property("path"), helper.get_property("filename"))) elif a.helper: helper = fw.config().getHelperByName(a.helper) settings = helper.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = helper.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) helper.update(settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) helper.update(settings) elif a.set_description: settings.setDescription(a.set_description) helper.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) helper.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_icmptypes: cmd.print_and_exit(" ".join(fw.config().getIcmpTypeNames())) elif a.new_icmptype: config = fw.config() config.addIcmpType(a.new_icmptype, FirewallClientIcmpTypeSettings()) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg)) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIcmpType(obj.name, obj.export_config()) elif a.delete_icmptype: icmptype = fw.config().getIcmpTypeByName(a.delete_icmptype) icmptype.remove() elif a.load_icmptype_defaults: icmptype = fw.config().getIcmpTypeByName(a.load_icmptype_defaults) icmptype.loadDefaults() elif a.info_icmptype: icmptype = fw.config().getIcmpTypeByName(a.info_icmptype) cmd.print_icmptype_info(a.info_icmptype, icmptype.getSettings()) sys.exit(0) elif a.path_icmptype: icmptype = fw.config().getIcmpTypeByName(a.path_icmptype) cmd.print_and_exit("%s/%s" % (icmptype.get_property("path"), icmptype.get_property("filename"))) elif a.icmptype: icmptype = fw.config().getIcmpTypeByName(a.icmptype) settings = icmptype.getSettings() if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) icmptype.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) icmptype.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.service: service = fw.config().getServiceByName(a.service) settings = service.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") service.update(settings) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) service.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) service.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) service.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: policies = fw.config().policies() # commands if a.list_lockdown_whitelist_commands: l = policies.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, policies.addLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, policies.removeLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, policies.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = policies.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, policies.addLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, policies.removeLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, policies.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = policies.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, policies.addLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, policies.removeLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, policies.queryLockdownWhitelistUid, None, "%s") # users elif a.list_lockdown_whitelist_users: l = policies.getLockdownWhitelistUsers() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, policies.addLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, policies.removeLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, policies.queryLockdownWhitelistUser, None, "'%s'") elif options_direct: direct = fw.config().direct() if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --permanent --direct --passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1]))) if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --permanent --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --permanent --direct --remove-passthrough { ipv4 | ipv6 | eb } ") direct.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --permanent --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( direct.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = direct.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in direct.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: direct.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: direct.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( direct.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(direct.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = direct.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") direct.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") direct.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --permanent --direct --remove-rules { ipv4 | ipv6 | eb }
") direct.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( direct.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = direct.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = direct.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) else: if zone == "": zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) # interface if a.list_interfaces: interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone)) | set(fw_zone.getInterfaces())) cmd.print_and_exit(" ".join(interfaces)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: # ask NM before checking our config zone = try_get_zone_of_interface(interface) if not zone: zone = fw.config().getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: if not try_set_zone_of_interface(zone, interface): interfaces.append(interface) for interface in interfaces: old_zone_name = fw.config().getZoneOfInterface(interface) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeInterface(interface)# remove from old fw_zone.addInterface(interface) # add to new elif a.add_interface: interfaces = [ ] for interface in a.add_interface: if not try_set_zone_of_interface(a.zone, interface): interfaces.append(interface) cmd.add_sequence(interfaces, fw_zone.addInterface, fw_zone.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: if not try_set_zone_of_interface("", interface): interfaces.append(interface) cmd.remove_sequence(interfaces, fw_zone.removeInterface, fw_zone.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_zone.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_zone.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.config().getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") elif a.change_source: for source in a.change_source: old_zone_name = fw.config().getZoneOfSource(source) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeSource(source) # remove from old fw_zone.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_zone.addSource, fw_zone.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_zone.removeSource, fw_zone.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_zone.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_zone.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_zone.addRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_zone.removeRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_zone.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_zone.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_zone.addService, fw_zone.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, fw_zone.removeService, fw_zone.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_zone.queryService, None, "'%s'") # port elif a.list_ports: l = fw_zone.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.add_sequence(a.add_port, fw_zone.addPort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_zone.removePort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_zone.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_zone.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_zone.addProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_zone.removeProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_zone.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_zone.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_zone.addSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_zone.removeSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_zone.addMasquerade() elif a.remove_masquerade: fw_zone.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(fw_zone.queryMasquerade()) # forward port elif a.list_forward_ports: l = fw_zone.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_zone.addForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_zone.removeForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_zone.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_zone.addIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_zone.removeIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_zone.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_zone.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_zone.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_zone.queryIcmpBlockInversion()) # zone target elif a.get_target: target = fw_zone.getTarget() cmd.print_and_exit(target if target != "%%REJECT%%" else "REJECT") elif a.set_target: fw_zone.setTarget(a.set_target if a.set_target != "REJECT" else "%%REJECT%%") # list all zone settings elif a.list_all: interfaces = try_nm_get_interfaces_in_zone(zone) cmd.print_zone_info(zone, fw_zone.getSettings(), extra_interfaces=interfaces) sys.exit(0) # list everything elif a.list_all_zones: names = fw.config().getZoneNames() for zone in sorted(names): interfaces = try_nm_get_interfaces_in_zone(zone) settings = fw.config().getZoneByName(zone).getSettings() cmd.print_zone_info(zone, settings, extra_interfaces=interfaces) cmd.print_msg("") sys.exit(0) # set zone description elif a.set_description: settings = fw.config().getZoneByName(zone).getSettings() settings.setDescription(a.set_description) fw_zone.update(settings) # get zone description elif a.get_description: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getDescription()) # set zone short description elif a.set_short: settings = fw.config().getZoneByName(zone).getSettings() settings.setShort(a.set_short) fw_zone.update(settings) # get zone short description elif a.get_short: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getShort()) elif a.version: cmd.print_and_exit(fw.get_property("version")) elif a.state: state = fw.get_property("state") if state == "RUNNING": cmd.print_and_exit ("running") elif state == "FAILED": cmd.print_and_exit("failed", errors.RUNNING_BUT_FAILED) else: cmd.print_and_exit ("not running", errors.NOT_RUNNING) elif a.get_log_denied: cmd.print_and_exit(fw.getLogDenied()) elif a.set_log_denied: fw.setLogDenied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.getAutomaticHelpers()) elif a.set_automatic_helpers: fw.setAutomaticHelpers(a.set_automatic_helpers) elif a.get_ipset_types: types = fw.get_property("IPSetTypes") cmd.print_and_exit(" ".join(sorted(types))) elif a.reload: fw.reload() elif a.complete_reload: fw.complete_reload() elif a.runtime_to_permanent: fw.runtimeToPermanent() elif a.check_config: fw.checkPermanentConfig() elif a.direct: if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --direct --passthrough { ipv4 | ipv6 | eb } ") msg = fw.passthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1])) if msg: sys.stdout.write(msg + "\n") elif a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") fw.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1])) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") fw.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( fw.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) elif a.get_passthroughs: rules = fw.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in fw.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: fw.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: fw.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result(fw.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) elif a.get_chains: cmd.print_and_exit(" ".join(fw.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) elif a.get_all_chains: chains = fw.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") fw.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") fw.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") fw.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( fw.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) elif a.get_rules: rules = fw.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = fw.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.get_default_zone: cmd.print_and_exit(fw.getDefaultZone()) elif a.set_default_zone: fw.setDefaultZone(a.set_default_zone) elif a.get_zones: cmd.print_and_exit(" ".join(fw.getZones())) elif a.get_active_zones: zones = fw.getActiveZones() for zone in zones: cmd.print_msg("%s" % zone) for x in [ "interfaces", "sources" ]: if x in zones[zone]: cmd.print_msg(" %s: %s" % (x, " ".join(zones[zone][x]))) sys.exit(0) elif a.get_services: l = fw.listServices() cmd.print_and_exit(" ".join(l)) elif a.get_icmptypes: l = fw.listIcmpTypes() cmd.print_and_exit(" ".join(l)) # panic elif a.panic_on: fw.enablePanicMode() elif a.panic_off: fw.disablePanicMode() elif a.query_panic: cmd.print_query_result(fw.queryPanicMode()) # ipset elif a.get_ipsets: ipsets = fw.getIPSets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.info_ipset: cmd.print_ipset_info(a.info_ipset, fw.getIPSetSettings(a.info_ipset)) sys.exit(0) elif a.add_entry: cmd.x_add_sequence(a.ipset, a.add_entry, fw.addEntry, fw.queryEntry, None, "'%s'") elif a.remove_entry: cmd.x_remove_sequence(a.ipset, a.remove_entry, fw.removeEntry, fw.queryEntry, None, "'%s'") elif a.query_entry: cmd.x_query_sequence(a.ipset, a.query_entry, fw.queryEntry, None, "'%s'") elif a.get_entries: l = fw.getEntries(a.ipset) cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose("Warning: ALREADY_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) elif a.remove_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) # helper elif a.get_helpers: helpers = fw.getHelpers() cmd.print_and_exit(" ".join(sorted(helpers))) elif a.info_helper: cmd.print_helper_info(a.info_helper, fw.getHelperSettings(a.info_helper)) sys.exit(0) # lockdown elif a.lockdown_on: fw.config().set_property("Lockdown", "yes") # permanent fw.enableLockdown() # runtime elif a.lockdown_off: fw.config().set_property("Lockdown", "no") # permanent fw.disableLockdown() # runtime elif a.query_lockdown: cmd.print_query_result(fw.queryLockdown()) # runtime #lockdown = fw.config().get_property("Lockdown") #cmd.print_query_result(lockdown.lower() in [ "yes", "true" ]) # lockdown whitelist # commands elif a.list_lockdown_whitelist_commands: l = fw.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, fw.addLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, fw.removeLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, fw.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = fw.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, fw.addLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, fw.removeLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, fw.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = fw.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, fw.addLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, fw.removeLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, fw.queryLockdownWhitelistUid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = fw.getLockdownWhitelistUsers() cmd.print_and_exit(" ".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, fw.addLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, fw.removeLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, fw.queryLockdownWhitelistUser, None, "'%s'") # interface elif a.list_interfaces: l = fw.getInterfaces(zone) cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: zone = fw.getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.add_interface: interfaces = [ ] for interface in a.add_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.addInterface, fw.queryInterface, None, "'%s'") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.changeZoneOfInterface, fw.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: interfaces.append(interface) cmd.x_remove_sequence(zone, interfaces, fw.removeInterface, fw.queryInterface, None, "'%s'") elif a.query_interface: cmd.x_query_sequence(zone, a.query_interface, fw.queryInterface, None, "'%s'") # source elif a.list_sources: sources = fw.getSources(zone) cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") sys.exit(0) elif a.add_source: cmd.x_add_sequence(zone, a.add_source, fw.addSource, fw.querySource, None, "'%s'") elif a.change_source: cmd.x_add_sequence(zone, a.change_source, fw.changeZoneOfSource, fw.querySource, None, "'%s'") elif a.remove_source: cmd.x_remove_sequence(zone, a.remove_source, fw.removeSource, fw.querySource, None, "'%s'") elif a.query_source: cmd.x_query_sequence(zone, a.query_source, fw.querySource, None, "'%s'") # rich rules elif a.list_rich_rules: l = fw.getRichRules(zone) cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.zone_add_timeout_sequence(zone, a.add_rich_rule, fw.addRichRule, fw.queryRichRule, None, "'%s'", a.timeout) elif a.remove_rich_rule: cmd.x_remove_sequence(zone, a.remove_rich_rule, fw.removeRichRule, fw.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.x_query_sequence(zone, a.query_rich_rule, fw.queryRichRule, None, "'%s'") # service elif a.list_services: l = fw.getServices(zone) cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.zone_add_timeout_sequence(zone, a.add_service, fw.addService, fw.queryService, None, "'%s'", a.timeout) elif a.remove_service: cmd.x_remove_sequence(zone, a.remove_service, fw.removeService, fw.queryService, None, "'%s'") elif a.query_service: cmd.x_query_sequence(zone, a.query_service, fw.queryService, None, "'%s'") # port elif a.list_ports: l = fw.getPorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_port: cmd.zone_add_timeout_sequence(zone, a.add_port, fw.addPort, fw.queryPort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_port: cmd.x_remove_sequence(zone, a.remove_port, fw.removePort, fw.queryPort, cmd.parse_port, "'%s/%s'") elif a.query_port: cmd.x_query_sequence(zone, a.query_port, fw.queryPort, cmd.parse_port, "'%s/%s'") # protocol elif a.list_protocols: l = fw.getProtocols(zone) cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.zone_add_timeout_sequence(zone, a.add_protocol, fw.addProtocol, fw.queryProtocol, None, "'%s'", a.timeout) elif a.remove_protocol: cmd.x_remove_sequence(zone, a.remove_protocol, fw.removeProtocol, fw.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.x_query_sequence(zone, a.query_protocol, fw.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw.getSourcePorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_source_port: cmd.zone_add_timeout_sequence(zone, a.add_source_port, fw.addSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_source_port: cmd.x_remove_sequence(zone, a.remove_source_port, fw.removeSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'") elif a.query_source_port: cmd.x_query_sequence(zone, a.query_source_port, fw.querySourcePort, cmd.parse_port, "'%s/%s'") # masquerade elif a.add_masquerade: fw.addMasquerade(zone, a.timeout) elif a.remove_masquerade: fw.removeMasquerade(zone) elif a.query_masquerade: cmd.print_query_result(fw.queryMasquerade(zone)) # forward port elif a.list_forward_ports: l = fw.getForwardPorts(zone) cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.zone_add_timeout_sequence(zone, a.add_forward_port, fw.addForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'", a.timeout) elif a.remove_forward_port: cmd.x_remove_sequence(zone, a.remove_forward_port, fw.removeForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") elif a.query_forward_port: cmd.x_query_sequence(zone, a.query_forward_port, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") # block icmp elif a.list_icmp_blocks: l = fw.getIcmpBlocks(zone) cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.zone_add_timeout_sequence(zone, a.add_icmp_block, fw.addIcmpBlock, fw.queryIcmpBlock, None, "'%s'", a.timeout) elif a.remove_icmp_block: cmd.x_remove_sequence(zone, a.remove_icmp_block, fw.removeIcmpBlock, fw.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.x_query_sequence(zone, a.query_icmp_block, fw.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw.addIcmpBlockInversion(zone) elif a.remove_icmp_block_inversion: fw.removeIcmpBlockInversion(zone) elif a.query_icmp_block_inversion: cmd.print_query_result(fw.queryIcmpBlockInversion(zone)) # list all elif a.list_all: z = zone if zone else fw.getDefaultZone() cmd.print_zone_info(z, fw.getZoneSettings(z)) sys.exit(0) # list everything elif a.list_all_zones: for zone in fw.getZones(): cmd.print_zone_info(zone, fw.getZoneSettings(zone)) cmd.print_msg("") sys.exit(0) elif a.info_zone: cmd.print_zone_info(a.info_zone, fw.getZoneSettings(a.info_zone), True) sys.exit(0) elif a.info_service: cmd.print_service_info(a.info_service, fw.getServiceSettings(a.info_service)) sys.exit(0) elif a.info_icmptype: cmd.print_icmptype_info(a.info_icmptype, fw.getIcmpTypeSettings(a.info_icmptype)) sys.exit(0) cmd.print_and_exit("success") firewalld-0.8.2/src/firewall-config.in0000775007115300711530000121241713641105304021053 0ustar00egarveregarver00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2011-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys import string import gi try: gi.require_version('Gtk', '3.0') from gi.repository import Gtk, Gdk, Pango, Gio Gtk.init(sys.argv) except RuntimeError as e: print("firewall-config: %s" % e) print("This is a graphical application and requires DISPLAY to be set.") sys.exit(1) from gi.repository import GObject, GLib sys.modules['gobject'] = GObject import os datadir = None if os.getenv("FIREWALLD_DEVEL_ENV") is not None: datadir = os.getenv("FIREWALLD_DEVEL_ENV") sys.path.insert(0, datadir) from dbus.exceptions import DBusException from firewall import config from firewall import client from firewall import functions from firewall.core.base import DEFAULT_ZONE_TARGET, REJECT_TYPES, \ ZONE_SOURCE_IPSET_TYPES from firewall.core.ipset import IPSET_MAXNAMELEN from firewall.core.helper import HELPER_MAXNAMELEN from firewall.core.io.zone import Zone from firewall.core.io.service import Service from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core import rich from firewall.core.fw_nm import nm_is_imported, nm_get_dbus_interface, \ nm_get_connections, nm_get_zone_of_connection, \ nm_set_zone_of_connection from firewall import errors from firewall.errors import FirewallError import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext if not datadir: datadir = config.DATADIR sys.path.insert(0, datadir) from gtk3_chooserbutton import ChooserButton from gtk3_niceexpander import NiceExpander def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text FIREWALL_CONFIG_SCHEMA = "org.fedoraproject.FirewallConfig" class FirewallConfig(object): def __init__(self): builder = Gtk.Builder() builder.set_translation_domain("firewalld") builder.add_from_file("%s/%s" % (datadir, config.CONFIG_GLADE_NAME)) builder.connect_signals(self) self.connected_label = _("Connection to firewalld established.") self.trying_to_connect_label = \ _("Trying to connect to firewalld, waiting...") self.failed_to_connect_label = \ _("Failed to connect to firewalld. Please make sure that the " "service has been started correctly and try again.") self.changes_applied_label = _("Changes applied.") self.used_by_label = _("Used by network connection '%s'") self.default_zone_used_by_label = _("Default zone used by network " "connection '%s'") self.enabled = _("enabled") self.disabled = _("disabled") self.settings = Gio.Settings.new(FIREWALL_CONFIG_SCHEMA) self.modified_timer = None self.connection_timer = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } self.default_zone = "" self.nf_conntrack_helpers = { } # point to the visible dialogs self.visible_dialogs = [ ] self.connection_lost = False # get icon and logo (foo, width, height) = Gtk.icon_size_lookup(Gtk.IconSize.BUTTON) size = min(width, height) self.icon_theme = Gtk.IconTheme.get_default() try: self.icon = self.icon_theme.load_icon(config.CONFIG_NAME, size, 0) self.logo = self.icon_theme.load_icon(config.CONFIG_NAME, 48, 0) except: print(_("Failed to load icons.")) self.icon = self.logo = None # get widgets self.mainWindow = builder.get_object("mainWindow") self.mainWindow.set_icon(self.icon) self.mainOverlay = builder.get_object("mainOverlay") self.mainPaned = builder.get_object("mainPaned") self.statusLabel = builder.get_object("statusLabel") self.modifiedLabel = builder.get_object("modifiedLabel") self.lockdownLabel = builder.get_object("lockdownLabel") self.panicLabel = builder.get_object("panicLabel") self.waitingWindow = builder.get_object("waitingWindow") self.waitingWindowLabel = builder.get_object("waitingWindowLabel") self.waitingWindowSpinner = builder.get_object("waitingWindowSpinner") self.waitingWindowQuitButton = \ builder.get_object("waitingWindowQuitButton") self.mainOverlay.add_overlay(self.waitingWindow) self.waitingWindow.set_valign(Gtk.Align.CENTER) self.waitingWindow.set_halign(Gtk.Align.CENTER) self.mainNotebook = builder.get_object("mainNotebook") self.ipsetsBox = builder.get_object("ipsetsBox") self.ipsetsMenuitem = builder.get_object("ipsetsMenuitem") self.icmpTypesBox = builder.get_object("icmpTypesBox") self.icmpTypesMenuitem = builder.get_object("icmpTypesMenuitem") self.helpersBox = builder.get_object("helpersBox") self.helpersMenuitem = builder.get_object("helpersMenuitem") self.directBox = builder.get_object("directBox") self.directMenuitem = builder.get_object("directMenuitem") self.lockdownWhitelistBox = builder.get_object("lockdownWhitelistBox") self.lockdownWhitelistMenuitem = \ builder.get_object("lockdownWhitelistMenuitem") self.activeBindingsMenuitem = \ builder.get_object("activeBindingsMenuitem") self.changeZonesConnectionMenuitem = \ builder.get_object("changeZonesConnectionMenuitem") self.left_menu = Gtk.Menu.new() self.left_menu.set_reserve_toggle_size(False) self.changeZonesConnectionMenuitem.set_submenu(self.left_menu) self.changeZonesConnectionMenuitem.connect( "activate", self.left_menu_cb, self.left_menu) self.active_zones = { } self.panicMenuitem = builder.get_object("panicMenuitem") self.panic_check_id = \ self.panicMenuitem.connect_after("toggled", self.panic_check_cb) self.lockdownMenuitem = builder.get_object("lockdownMenuitem") self.lockdown_check_id = \ self.lockdownMenuitem.connect_after("toggled", self.lockdown_check_cb) self.lockdownContextView = builder.get_object("lockdownContextView") self.lockdownContextStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownContextView.append_column( Gtk.TreeViewColumn(_("Context"), Gtk.CellRendererText(), text=0)) self.lockdownContextView.set_model(self.lockdownContextStore) self.lockdownContextView.get_selection().connect( \ "changed", self.change_lockdown_context_selection_cb) self.editLockdownContextButton = \ builder.get_object("editLockdownContextButton") self.removeLockdownContextButton = \ builder.get_object("removeLockdownContextButton") self.contextDialog = builder.get_object("contextDialog") self.contextDialogOkButton = builder.get_object("contextDialogOkButton") self.contextDialogCancelButton = \ builder.get_object("contextDialogCancelButton") self.contextDialogContextEntry = \ builder.get_object("contextDialogContextEntry") self.lockdownCommandView = builder.get_object("lockdownCommandView") self.lockdownCommandStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownCommandView.append_column( Gtk.TreeViewColumn(_("Command line"), Gtk.CellRendererText(), text=0)) self.lockdownCommandView.set_model(self.lockdownCommandStore) self.lockdownCommandView.get_selection().connect( \ "changed", self.change_lockdown_command_selection_cb) self.editLockdownCommandButton = \ builder.get_object("editLockdownCommandButton") self.removeLockdownCommandButton = \ builder.get_object("removeLockdownCommandButton") self.commandDialog = builder.get_object("commandDialog") self.commandDialogOkButton = builder.get_object("commandDialogOkButton") self.commandDialogCancelButton = \ builder.get_object("commandDialogCancelButton") self.commandDialogCommandEntry = \ builder.get_object("commandDialogCommandEntry") self.lockdownUserView = builder.get_object("lockdownUserView") self.lockdownUserStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownUserView.append_column( Gtk.TreeViewColumn(_("User name"), Gtk.CellRendererText(), text=0)) self.lockdownUserView.set_model(self.lockdownUserStore) self.lockdownUserView.get_selection().connect( \ "changed", self.change_lockdown_user_selection_cb) self.editLockdownUserButton = \ builder.get_object("editLockdownUserButton") self.removeLockdownUserButton = \ builder.get_object("removeLockdownUserButton") self.userDialog = builder.get_object("userDialog") self.userDialogOkButton = builder.get_object("userDialogOkButton") self.userDialogCancelButton = \ builder.get_object("userDialogCancelButton") self.userDialogUserEntry = \ builder.get_object("userDialogUserEntry") self.lockdownUidView = builder.get_object("lockdownUidView") self.lockdownUidStore = Gtk.ListStore(GObject.TYPE_INT) self.lockdownUidView.append_column( Gtk.TreeViewColumn(_("User id"), Gtk.CellRendererText(), text=0)) self.lockdownUidView.set_model(self.lockdownUidStore) self.lockdownUidView.get_selection().connect( \ "changed", self.change_lockdown_uid_selection_cb) self.editLockdownUidButton = \ builder.get_object("editLockdownUidButton") self.removeLockdownUidButton = \ builder.get_object("removeLockdownUidButton") self.uidDialog = builder.get_object("uidDialog") self.uidDialogOkButton = builder.get_object("uidDialogOkButton") self.uidDialogCancelButton = \ builder.get_object("uidDialogCancelButton") self.uidDialogUidEntry = \ builder.get_object("uidDialogUidEntry") self.serviceConfServicesEditBox = \ builder.get_object("serviceConfServicesEditBox") self.serviceConfPortBox = \ builder.get_object("serviceConfPortBox") self.serviceConfProtocolBox = \ builder.get_object("serviceConfProtocolBox") self.serviceConfSourcePortBox = \ builder.get_object("serviceConfSourcePortBox") self.serviceConfModuleBox = \ builder.get_object("serviceConfModuleBox") self.serviceConfDestinationGrid = \ builder.get_object("serviceConfDestinationGrid") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.directChainView = builder.get_object("directChainView") self.directChainStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING) # chain self.directChainView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directChainView.set_model(self.directChainStore) self.directChainView.get_selection().connect( \ "changed", self.change_chain_selection_cb) self.editDirectChainButton = \ builder.get_object("editDirectChainButton") self.removeDirectChainButton = \ builder.get_object("removeDirectChainButton") self.directChainDialog = builder.get_object("directChainDialog") self.directChainDialogOkButton = \ builder.get_object("directChainDialogOkButton") self.directChainDialogCancelButton = \ builder.get_object("directChainDialogCancelButton") self.directChainDialogIPVCombobox = \ builder.get_object("directChainDialogIPVCombobox") self.directChainDialogTableCombobox = \ builder.get_object("directChainDialogTableCombobox") self.directChainDialogChainEntry = \ builder.get_object("directChainDialogChainEntry") self.directRuleView = builder.get_object("directRuleView") self.directRuleStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING, # chain GObject.TYPE_INT, # priority GObject.TYPE_STRING) # args self.directRuleView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=3)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=4)) self.directRuleView.set_model(self.directRuleStore) self.directRuleView.get_selection().connect( \ "changed", self.change_rule_selection_cb) self.editDirectRuleButton = \ builder.get_object("editDirectRuleButton") self.removeDirectRuleButton = \ builder.get_object("removeDirectRuleButton") self.directRuleDialog = builder.get_object("directRuleDialog") self.directRuleDialogOkButton = \ builder.get_object("directRuleDialogOkButton") self.directRuleDialogCancelButton = \ builder.get_object("directRuleDialogCancelButton") self.directRuleDialogIPVCombobox = \ builder.get_object("directRuleDialogIPVCombobox") self.directRuleDialogTableCombobox = \ builder.get_object("directRuleDialogTableCombobox") self.directRuleDialogChainEntry = \ builder.get_object("directRuleDialogChainEntry") self.directRuleDialogPrioritySpinbutton = \ builder.get_object("directRuleDialogPrioritySpinbutton") self.directRuleDialogArgsEntry = \ builder.get_object("directRuleDialogArgsEntry") self.directPassthroughBox = builder.get_object("directPassthroughBox") self.directPassthroughView = builder.get_object("directPassthroughView") self.directPassthroughStore = Gtk.ListStore( GObject.TYPE_STRING, # ipv GObject.TYPE_STRING) # passthrough self.directPassthroughView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directPassthroughView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=1)) self.directPassthroughView.set_model(self.directPassthroughStore) self.directPassthroughView.get_selection().connect( \ "changed", self.change_passthrough_selection_cb) self.editDirectPassthroughButton = \ builder.get_object("editDirectPassthroughButton") self.removeDirectPassthroughButton = \ builder.get_object("removeDirectPassthroughButton") self.directPassthroughDialog = \ builder.get_object("directPassthroughDialog") self.directPassthroughDialogOkButton = \ builder.get_object("directPassthroughDialogOkButton") self.directPassthroughDialogCancelButton = \ builder.get_object("directPassthroughDialogCancelButton") self.directPassthroughDialogIPVCombobox = \ builder.get_object("directPassthroughDialogIPVCombobox") self.directPassthroughDialogArgsEntry = \ builder.get_object("directPassthroughDialogArgsEntry") self.mainVBox = builder.get_object("mainVBox") self.optionsMenuitem = builder.get_object("optionsMenuitem") self.viewMenuitem = builder.get_object("viewMenuitem") self.aboutDialog = builder.get_object("aboutDialog") self.aboutDialog.set_program_name(config.CONFIG_NAME) self.aboutDialog.set_version(config.VERSION) self.aboutDialog.set_authors(config.AUTHORS) self.aboutDialog.set_license(config.LICENSE) self.aboutDialog.set_wrap_license(True) self.aboutDialog.set_copyright(config.COPYRIGHT) self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.set_modal(True) self.aboutDialog.set_icon(self.icon) self.aboutDialog.set_logo(self.logo) self.aboutDialog.set_website(config.WEBSITE) self.currentViewCombobox = builder.get_object("currentViewCombobox") self.currentViewCombobox.append_text(_("Runtime")) self.currentViewCombobox.append_text(_("Permanent")) self.runtime_view = True self.zoneView = builder.get_object("zoneView") self.zoneStore = Gtk.ListStore(GObject.TYPE_STRING, # name GObject.TYPE_INT) # weight self.zoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.zoneView.set_model(self.zoneStore) self.zoneStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.zoneView.get_selection().connect("changed", self.onChangeZone) self.zoneNotebook = builder.get_object("zoneNotebook") self.defaultZoneLabel = builder.get_object("defaultZoneLabel") self.defaultZoneDialog = builder.get_object("defaultZoneDialog") self.defaultZoneDialogOkButton = \ builder.get_object("defaultZoneDialogOkButton") self.defaultZoneView = builder.get_object("defaultZoneView") self.defaultZoneStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_INT) self.defaultZoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.defaultZoneView.set_model(self.defaultZoneStore) self.defaultZoneView.get_selection().connect(\ "changed", self.on_defaultZoneViewSelection_changed) self.logDeniedLabel = builder.get_object("logDeniedLabel") self.logDeniedDialog = builder.get_object("logDeniedDialog") self.logDeniedDialogOkButton = \ builder.get_object("logDeniedDialogOkButton") self.logDeniedDialogValueCombobox = \ builder.get_object("logDeniedDialogValueCombobox") for value in config.LOG_DENIED_VALUES: self.logDeniedDialogValueCombobox.append_text(value) self.automaticHelpersLabel = builder.get_object("automaticHelpersLabel") self.automaticHelpersDialog = builder.get_object("automaticHelpersDialog") self.automaticHelpersDialogOkButton = \ builder.get_object("automaticHelpersDialogOkButton") self.automaticHelpersDialogValueCombobox = \ builder.get_object("automaticHelpersDialogValueCombobox") for value in config.AUTOMATIC_HELPERS_VALUES: self.automaticHelpersDialogValueCombobox.append_text(value) self.zoneEditBox = builder.get_object("zoneEditBox") self.zoneEditBox.hide() self.zoneEditLoadDefaultsButton = \ builder.get_object("zoneEditLoadDefaultsButton") self.zoneEditEditButton = builder.get_object("zoneEditEditButton") self.zoneEditRemoveButton = builder.get_object("zoneEditRemoveButton") self.zoneBaseDialog = builder.get_object("zoneBaseDialog") self.zoneBaseDialogOkButton = \ builder.get_object("zoneBaseDialogOkButton") self.zoneBaseDialogNameEntry = \ builder.get_object("zoneBaseDialogNameEntry") self.zoneBaseDialogVersionEntry = \ builder.get_object("zoneBaseDialogVersionEntry") self.zoneBaseDialogShortEntry = \ builder.get_object("zoneBaseDialogShortEntry") self.zoneBaseDialogDescText = \ builder.get_object("zoneBaseDialogDescText") self.zoneBaseDialogDescText.get_buffer().connect(\ "changed", self.onZoneBaseDialogChanged) self.zoneBaseDialogTargetCheck = \ builder.get_object("zoneBaseDialogTargetCheck") self.zoneBaseDialogTargetCombobox = \ builder.get_object("zoneBaseDialogTargetCombobox") self.serviceView = builder.get_object("serviceView") self.serviceStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.service_toggle_cb, self.serviceStore, 0) self.serviceView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.serviceView.append_column( Gtk.TreeViewColumn(_("Service"), Gtk.CellRendererText(), text=1)) self.serviceView.set_model(self.serviceStore) self.serviceStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView = builder.get_object("portView") self.portStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.portView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.portView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.portView.set_model(self.portStore) self.portStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView.get_selection().connect("changed", self.change_port_selection_cb) self.editPortButton = builder.get_object("editPortButton") self.removePortButton = builder.get_object("removePortButton") self.portDialog = builder.get_object("portDialog") self.portDialogOkButton = builder.get_object("portDialogOkButton") self.portDialogCancelButton = \ builder.get_object("portDialogCancelButton") self.portDialogPortEntry = builder.get_object("portDialogPortEntry") self.portDialogProtoCombobox = \ builder.get_object("portDialogProtoCombobox") self.protocolView = builder.get_object("protocolView") self.protocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.protocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.protocolView.set_model(self.protocolStore) self.protocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.protocolView.get_selection().connect( "changed", self.change_protocol_selection_cb) self.editProtocolButton = builder.get_object("editProtocolButton") self.removeProtocolButton = builder.get_object("removeProtocolButton") self.protoDialog = builder.get_object("protoDialog") self.protoDialogOkButton = builder.get_object("protoDialogOkButton") self.protoDialogCancelButton = \ builder.get_object("protoDialogCancelButton") self.protoDialogProtoLabel = builder.get_object("protoDialogProtoLabel") self.protoDialogProtoCombobox = \ builder.get_object("protoDialogProtoCombobox") self.protoDialogOtherProtoCheck = \ builder.get_object("protoDialogOtherProtoCheck") self.protoDialogOtherProtoEntry = \ builder.get_object("protoDialogOtherProtoEntry") self.sourcePortView = builder.get_object("sourcePortView") self.sourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.sourcePortView.set_model(self.sourcePortStore) self.sourcePortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.sourcePortView.get_selection().connect( "changed", self.change_source_port_selection_cb) self.editSourcePortButton = builder.get_object("editSourcePortButton") self.removeSourcePortButton = \ builder.get_object("removeSourcePortButton") self.masqueradeCheck = builder.get_object("masqueradeCheck") self.masqueradeEventbox = builder.get_object("masqueradeEventbox") self.masqueradeEventbox.connect("button-press-event", self.masquerade_check_cb) self.forwardView = builder.get_object("forwardView") self.forwardStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING) self.forwardView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.forwardView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Port"), Gtk.CellRendererText(), text=2)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Address"), Gtk.CellRendererText(), text=3)) self.forwardView.set_model(self.forwardStore) self.forwardStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.forwardView.get_selection().connect(\ "changed", self.change_forward_selection_cb) self.editForwardButton = builder.get_object("editForwardButton") self.removeForwardButton = builder.get_object("removeForwardButton") self.forwardDialog = builder.get_object("forwardDialog") self.forwardDialogOkButton = builder.get_object("forwardDialogOkButton") self.forwardDialogCancelButton = \ builder.get_object("forwardDialogCancelButton") self.forwardDialogPortEntry = \ builder.get_object("forwardDialogPortEntry") self.forwardDialogProtoCombobox = \ builder.get_object("forwardDialogProtoCombobox") self.forwardDialogLocalCheck = \ builder.get_object("forwardDialogLocalCheck") self.forwardDialogToPortCheck = \ builder.get_object("forwardDialogToPortCheck") self.forwardDialogToPortLabel = \ builder.get_object("forwardDialogToPortLabel") self.forwardDialogToPortEntry = \ builder.get_object("forwardDialogToPortEntry") self.forwardDialogToAddrLabel = \ builder.get_object("forwardDialogToAddrLabel") self.forwardDialogToAddrEntry = \ builder.get_object("forwardDialogToAddrEntry") # bindings Expander self.bindingsBox = builder.get_object("bindingsBox") self.bindingsExpanderButton = \ builder.get_object("bindingsExpanderButton") self.bindingsUnexpanderButton = \ builder.get_object("bindingsUnexpanderButton") self.bindingsExpander = NiceExpander( self.bindingsExpanderButton, self.bindingsUnexpanderButton, self.mainPaned, self.bindingsBox) self.bindingsExpander.connect("notify::expanded", self.bindings_expander_changed) # bindings View self.bindingsView = builder.get_object("bindingsView") self.bindingsStore = Gtk.TreeStore(GObject.TYPE_STRING, # label GObject.TYPE_STRING, # connection/interface/source GObject.TYPE_STRING) # real zone self.bindingsView.set_model(self.bindingsStore) self.bindingsView.append_column( Gtk.TreeViewColumn(_("Bindings"), Gtk.CellRendererText(), markup=0)) self.connectionsIter = self.bindingsStore.append( None, [ _("Connections"), "", "" ]) self.interfacesIter = self.bindingsStore.append( None, [ _("Interfaces"), "", "" ]) self.sourcesIter = self.bindingsStore.append( None, [ _("Sources"), "", "" ]) self.bindingsView.get_selection().connect("changed", self.onSelectBinding) self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.bindingsView.set_show_expanders(False) self.bindingsView.set_level_indentation(10) self.changeBindingsButton = builder.get_object("changeBindingsButton") self.changeBindingsButton.connect("clicked", self.onChangeBinding) #self.editBindingsButton = builder.get_object("editBindingsButton") #self.editBindingsButton.connect("clicked", self.onEditBinding) self.ipsetConfIPSetView = builder.get_object("ipsetConfIPSetView") self.ipsetConfIPSetStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.ipsetConfIPSetView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.ipsetConfIPSetView.set_model(self.ipsetConfIPSetStore) self.ipsetConfIPSetStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.ipsetConfIPSetView.get_selection().connect("changed", self.onChangeIPSet) self.ipsetConfNotebook = builder.get_object("ipsetConfNotebook") self.ipsetConfEntryLabel = builder.get_object("ipsetConfEntryLabel") self.ipsetConfTimeoutLabel = builder.get_object("ipsetConfTimeoutLabel") self.ipsetConfEntrySW = builder.get_object("ipsetConfEntrySW") self.ipsetConfEntryView = builder.get_object("ipsetConfEntryView") self.ipsetConfEntryStore = Gtk.ListStore(GObject.TYPE_STRING) self.ipsetConfEntryView.append_column( Gtk.TreeViewColumn(_("Entry"), Gtk.CellRendererText(), text=0)) self.ipsetConfEntryView.set_model(self.ipsetConfEntryStore) self.ipsetConfEntryStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.ipsetConfEntryView.get_selection().connect(\ "changed", self.change_ipset_conf_entry_selection_cb) self.ipsetConfIPSetEditBox = \ builder.get_object("ipsetConfIPSetEditBox") self.ipsetConfEntryBox = \ builder.get_object("ipsetConfEntryBox") self.ipsetConfEditIPSetButton = \ builder.get_object("ipsetConfEditIPSetButton") self.ipsetConfRemoveIPSetButton = \ builder.get_object("ipsetConfRemoveIPSetButton") self.ipsetConfLoadDefaultsIPSetButton = \ builder.get_object("ipsetConfLoadDefaultsIPSetButton") self.ipsetConfAddEntryBox = \ builder.get_object("ipsetConfAddEntryBox") self.ipsetConfAddEntryMenu = \ builder.get_object("ipsetConfAddEntryMenu") self.ipsetConfAddEntryMenubutton = \ builder.get_object("ipsetConfAddEntryMenubutton") self.ipsetConfEditEntryButton = \ builder.get_object("ipsetConfEditEntryButton") self.ipsetConfRemoveEntryBox = \ builder.get_object("ipsetConfRemoveEntryBox") self.ipsetConfRemoveEntryMenu = \ builder.get_object("ipsetConfRemoveEntryMenu") self.ipsetConfRemoveEntryMenubutton = \ builder.get_object("ipsetConfRemoveEntryMenubutton") self.ipsetConfRemoveEntryMenuitem = \ builder.get_object("ipsetConfRemoveEntryMenuitem") self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) self.ipsetEntryDialog = \ builder.get_object("ipsetEntryDialog") self.ipsetEntryDialogCancelButton = \ builder.get_object("ipsetEntryDialogCancelButton") self.ipsetEntryDialogOkButton = \ builder.get_object("ipsetEntryDialogOkButton") self.ipsetEntryDialogEntryEntry = \ builder.get_object("ipsetEntryDialogEntryEntry") self.ipsetEntryDialogTypeLabel = \ builder.get_object("ipsetEntryDialogTypeLabel") self.ipsetBaseDialog = builder.get_object("ipsetBaseDialog") self.ipsetBaseDialogOkButton = \ builder.get_object("ipsetBaseDialogOkButton") self.ipsetBaseDialogNameEntry = \ builder.get_object("ipsetBaseDialogNameEntry") self.ipsetBaseDialogVersionEntry = \ builder.get_object("ipsetBaseDialogVersionEntry") self.ipsetBaseDialogShortEntry = \ builder.get_object("ipsetBaseDialogShortEntry") self.ipsetBaseDialogDescText = \ builder.get_object("ipsetBaseDialogDescText") self.ipsetBaseDialogDescText.get_buffer().connect(\ "changed", self.onIPSetBaseDialogChanged) self.ipsetBaseDialogTypeCombobox = \ builder.get_object("ipsetBaseDialogTypeCombobox") self.ipsetBaseDialogBadTypeLabel = \ builder.get_object("ipsetBaseDialogBadTypeLabel") self.ipsetBaseDialogFamilyLabel = \ builder.get_object("ipsetBaseDialogFamilyLabel") self.ipsetBaseDialogFamilyCombobox = \ builder.get_object("ipsetBaseDialogFamilyCombobox") self.ipsetBaseDialogTimeoutEntry = \ builder.get_object("ipsetBaseDialogTimeoutEntry") self.ipsetBaseDialogHashsizeEntry = \ builder.get_object("ipsetBaseDialogHashsizeEntry") self.ipsetBaseDialogMaxelemEntry = \ builder.get_object("ipsetBaseDialogMaxelemEntry") self.helperConfHelperNotebook = \ builder.get_object("helperConfHelperNotebook") self.helperConfHelperEditBox = \ builder.get_object("helperConfHelperEditBox") self.helperConfPortBox = \ builder.get_object("helperConfPortBox") self.helperConfEditHelperButton = \ builder.get_object("helperConfEditHelperButton") self.helperConfRemoveHelperButton = \ builder.get_object("helperConfRemoveHelperButton") self.helperConfLoadDefaultsHelperButton = \ builder.get_object("helperConfLoadDefaultsHelperButton") self.helperConfAddPortButton = \ builder.get_object("helperConfAddPortButton") self.helperConfEditPortButton = \ builder.get_object("helperConfEditPortButton") self.helperConfRemovePortButton = \ builder.get_object("helperConfRemovePortButton") self.helperBaseDialog = builder.get_object("helperBaseDialog") self.helperBaseDialogOkButton = \ builder.get_object("helperBaseDialogOkButton") self.helperBaseDialogNameEntry = \ builder.get_object("helperBaseDialogNameEntry") self.helperBaseDialogVersionEntry = \ builder.get_object("helperBaseDialogVersionEntry") self.helperBaseDialogShortEntry = \ builder.get_object("helperBaseDialogShortEntry") self.helperBaseDialogDescText = \ builder.get_object("helperBaseDialogDescText") self.helperBaseDialogDescText.get_buffer().connect(\ "changed", self.onHelperBaseDialogChanged) self.helperBaseDialogModuleChooser = \ ChooserButton(builder.get_object("helperBaseDialogModuleChooser")) self.helperBaseDialogFamilyCombobox = \ builder.get_object("helperBaseDialogFamilyCombobox") self.icmpView = builder.get_object("icmpView") self.icmpStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.icmp_toggle_cb, self.icmpStore, 0) self.icmpView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.icmpView.append_column( Gtk.TreeViewColumn(_("Icmp Type"), Gtk.CellRendererText(), text=1)) self.icmpView.set_model(self.icmpStore) self.icmpStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.icmpBlockInversionCheck = \ builder.get_object("icmpBlockInversionCheck") self.icmpBlockInversionEventbox = \ builder.get_object("icmpBlockInversionEventbox") self.icmpBlockInversionEventbox.connect( "button-press-event", self.icmp_block_inversion_check_cb) self.helperConfHelperView = builder.get_object("helperConfHelperView") self.helperConfHelperStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.helperConfHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperConfHelperView.set_model(self.helperConfHelperStore) self.helperConfHelperStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.helperConfHelperView.get_selection().connect("changed", self.onChangeHelper) self.helperConfPortView = builder.get_object("helperConfPortView") self.helperConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.helperConfPortView.set_model(self.helperConfPortStore) self.helperConfPortStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.helperConfPortView.get_selection().connect(\ "changed", self.change_helper_conf_port_selection_cb) self.richRuleView = builder.get_object("richRuleView") self.richRuleStore = Gtk.ListStore(GObject.TYPE_PYOBJECT, # the rule obj GObject.TYPE_STRING, # ipv4/ipv6 GObject.TYPE_INT, # priority GObject.TYPE_STRING, # action GObject.TYPE_STRING, # element GObject.TYPE_STRING, # source GObject.TYPE_STRING, # destination GObject.TYPE_STRING, # log GObject.TYPE_STRING) # audit self.richRuleView.append_column( Gtk.TreeViewColumn(_("Family"), Gtk.CellRendererText(), text=1)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=2)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=3)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=4)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=5)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=6)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=7)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=8)) self.richRuleView.set_model(self.richRuleStore) self.richRuleStore.set_sort_column_id(2, Gtk.SortType.ASCENDING) self.richRuleView.get_selection().connect( \ "changed", self.change_rich_rule_selection_cb) self.addRichRuleButton = builder.get_object("addRichRuleButton") self.editRichRuleButton = builder.get_object("editRichRuleButton") self.removeRichRuleButton = builder.get_object("removeRichRuleButton") self.richRuleDialog = builder.get_object("richRuleDialog") self.richRuleDialogOkButton = builder.get_object( \ "richRuleDialogOkButton") self.richRuleDialogCancelButton = builder.get_object( \ "richRuleDialogCancelButton") self.richRuleDialogFamilyCombobox = builder.get_object( \ "richRuleDialogFamilyCombobox") self.richRuleDialogPriorityEntry = builder.get_object( \ "richRuleDialogPriorityEntry") self.richRuleDialogElementCheck = builder.get_object( \ "richRuleDialogElementCheck") self.richRuleDialogElementBox = builder.get_object( \ "richRuleDialogElementBox") self.richRuleDialogElementCombobox = builder.get_object( \ "richRuleDialogElementCombobox") self.richRuleDialogElementChooser = ChooserButton(builder.get_object( \ "richRuleDialogElementChooser")) self.richRuleDialogActionCheck = builder.get_object( \ "richRuleDialogActionCheck") self.richRuleDialogActionBox = builder.get_object( \ "richRuleDialogActionBox") self.richRuleDialogActionCombobox = builder.get_object( \ "richRuleDialogActionCombobox") self.richRuleDialogActionRejectBox = builder.get_object( \ "richRuleDialogActionRejectBox") self.richRuleDialogActionRejectTypeCheck = builder.get_object( \ "richRuleDialogActionRejectTypeCheck") self.richRuleDialogActionRejectTypeCombobox = builder.get_object( \ "richRuleDialogActionRejectTypeCombobox") self.richRuleDialogActionMarkBox = builder.get_object( \ "richRuleDialogActionMarkBox") self.richRuleDialogActionMarkChooser = ChooserButton(builder.get_object( \ "richRuleDialogActionMarkChooser")) self.richRuleDialogActionLimitCheck = builder.get_object( \ "richRuleDialogActionLimitCheck") self.richRuleDialogActionLimitBox = builder.get_object( \ "richRuleDialogActionLimitBox") self.richRuleDialogActionLimitRateEntry = builder.get_object( \ "richRuleDialogActionLimitRateEntry") self.richRuleDialogActionLimitDurationCombobox = builder.get_object( \ "richRuleDialogActionLimitDurationCombobox") self.richRuleDialogSourceLabel = builder.get_object( \ "richRuleDialogSourceLabel") self.richRuleDialogSourceInvertCheck = builder.get_object( \ "richRuleDialogSourceInvertCheck") self.richRuleDialogSourceTypeCombobox = builder.get_object( \ "richRuleDialogSourceTypeCombobox") self.richRuleDialogSourceChooser = ChooserButton(builder.get_object( \ "richRuleDialogSourceChooser")) self.richRuleDialogDestinationLabel = builder.get_object( \ "richRuleDialogDestinationLabel") self.richRuleDialogDestinationBox = builder.get_object( \ "richRuleDialogDestinationBox") self.richRuleDialogDestinationInvertCheck = builder.get_object( \ "richRuleDialogDestinationInvertCheck") self.richRuleDialogDestinationChooser = \ ChooserButton(builder.get_object( \ "richRuleDialogDestinationChooser")) self.richRuleDialogLogCheck = builder.get_object( \ "richRuleDialogLogCheck") self.richRuleDialogLogGrid = builder.get_object( \ "richRuleDialogLogGrid") self.richRuleDialogLogPrefixEntry = builder.get_object( \ "richRuleDialogLogPrefixEntry") self.richRuleDialogLogLevelCombobox = builder.get_object( \ "richRuleDialogLogLevelCombobox") self.richRuleDialogLogLimitCheck = builder.get_object( \ "richRuleDialogLogLimitCheck") self.richRuleDialogLogLimitBox = builder.get_object( \ "richRuleDialogLogLimitBox") self.richRuleDialogLogLimitRateEntry = builder.get_object( \ "richRuleDialogLogLimitRateEntry") self.richRuleDialogLogLimitDurationCombobox = builder.get_object( \ "richRuleDialogLogLimitDurationCombobox") self.richRuleDialogAuditCheck = builder.get_object( \ "richRuleDialogAuditCheck") self.richRuleDialogAuditBox = builder.get_object( \ "richRuleDialogAuditBox") self.richRuleDialogAuditLimitBox = builder.get_object( \ "richRuleDialogAuditLimitBox") self.richRuleDialogAuditLimitCheck = builder.get_object( \ "richRuleDialogAuditLimitCheck") self.richRuleDialogAuditLimitRateEntry = builder.get_object( \ "richRuleDialogAuditLimitRateEntry") self.richRuleDialogAuditLimitDurationCombobox = builder.get_object( \ "richRuleDialogAuditLimitDurationCombobox") self.interfaceView = builder.get_object("interfaceView") self.interfaceStore = Gtk.ListStore(GObject.TYPE_STRING, # interface GObject.TYPE_STRING) # comment self.interfaceView.append_column( Gtk.TreeViewColumn(_("Interface"), Gtk.CellRendererText(), text=0)) self.interfaceView.append_column( Gtk.TreeViewColumn(_("Comment"), Gtk.CellRendererText(), text=1)) self.interfaceView.set_model(self.interfaceStore) self.interfaceView.get_selection().connect( "changed", self.change_interface_selection_cb) self.interfaceDialog = builder.get_object("interfaceDialog") self.interfaceDialogOkButton = builder.get_object( "interfaceDialogOkButton") self.interfaceDialogCancelButton = builder.get_object( "interfaceDialogCancelButton") self.interfaceDialogInterfaceEntry = builder.get_object( "interfaceDialogInterfaceEntry") self.editInterfaceButton = builder.get_object("editInterfaceButton") self.removeInterfaceButton = builder.get_object("removeInterfaceButton") self.sourceView = builder.get_object("sourceView") self.sourceStore = Gtk.ListStore(GObject.TYPE_STRING) # source self.sourceView.append_column( Gtk.TreeViewColumn(_("Source"), Gtk.CellRendererText(), text=0)) self.sourceView.set_model(self.sourceStore) self.sourceView.get_selection().connect( "changed", self.change_source_selection_cb) self.editSourceButton = builder.get_object("editSourceButton") self.removeSourceButton = builder.get_object("removeSourceButton") self.serviceConfServiceNotebook = \ builder.get_object("serviceConfServiceNotebook") self.serviceConfServiceEditBox = \ builder.get_object("serviceConfServiceEditBox") self.serviceConfEditServiceButton = \ builder.get_object("serviceConfEditServiceButton") self.serviceConfRemoveServiceButton = \ builder.get_object("serviceConfRemoveServiceButton") self.serviceConfLoadDefaultsServiceButton = \ builder.get_object("serviceConfLoadDefaultsServiceButton") self.serviceConfServiceView = \ builder.get_object("serviceConfServiceView") self.serviceConfServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfServiceView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.serviceConfServiceView.set_model(self.serviceConfServiceStore) self.serviceConfServiceStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfServiceView.get_selection().connect(\ "changed", self.onChangeService) self.serviceConfPortView = builder.get_object("serviceConfPortView") self.serviceConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfPortView.set_model(self.serviceConfPortStore) self.serviceConfPortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.serviceConfPortView.get_selection().connect(\ "changed", self.change_service_dialog_port_selection_cb) self.serviceConfEditPortButton = \ builder.get_object("serviceConfEditPortButton") self.serviceConfRemovePortButton = \ builder.get_object("serviceConfRemovePortButton") self.serviceConfProtocolView = \ builder.get_object("serviceConfProtocolView") self.serviceConfProtocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfProtocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.serviceConfProtocolView.set_model(self.serviceConfProtocolStore) self.serviceConfProtocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.serviceConfProtocolView.get_selection().connect(\ "changed", self.change_service_dialog_protocol_selection_cb) self.serviceConfEditProtocolButton = \ builder.get_object("serviceConfEditProtocolButton") self.serviceConfRemoveProtocolButton = \ builder.get_object("serviceConfRemoveProtocolButton") self.serviceConfSourcePortView = \ builder.get_object("serviceConfSourcePortView") self.serviceConfSourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfSourcePortView.set_model(self.serviceConfSourcePortStore) self.serviceConfSourcePortStore.set_sort_column_id( 1, Gtk.SortType.ASCENDING) self.serviceConfSourcePortView.get_selection().connect(\ "changed", self.change_service_dialog_source_port_selection_cb) self.serviceConfEditSourcePortButton = \ builder.get_object("serviceConfEditSourcePortButton") self.serviceConfRemoveSourcePortButton = \ builder.get_object("serviceConfRemoveSourcePortButton") self.serviceConfModuleView = \ builder.get_object("serviceConfModuleView") self.serviceConfModuleStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfModuleView.append_column( Gtk.TreeViewColumn("Module", Gtk.CellRendererText(), text=0)) self.serviceConfModuleView.set_model(self.serviceConfModuleStore) self.serviceConfModuleStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfModuleView.get_selection().connect(\ "changed", self.change_service_dialog_module_selection_cb) self.serviceConfEditModuleButton = \ builder.get_object("serviceConfEditModuleButton") self.serviceConfRemoveModuleButton = \ builder.get_object("serviceConfRemoveModuleButton") self.serviceConfDestIpv4Chooser = ChooserButton( builder.get_object("serviceConfDestIpv4Chooser"), "") self.serviceConfDestIpv6Chooser = ChooserButton( builder.get_object("serviceConfDestIpv6Chooser"), "") self.addressDialog = builder.get_object("addressDialog") self.addressDialogLabel = builder.get_object("addressDialogLabel") self.addressDialogLabel2 = builder.get_object("addressDialogLabel2") self.addressDialogOkButton = \ builder.get_object("addressDialogOkButton") self.addressDialogCancelButton = \ builder.get_object("addressDialogCancelButton") self.addressDialogAddressEntry = \ builder.get_object("addressDialogAddressEntry") self.macDialog = builder.get_object("macDialog") self.macDialogOkButton = \ builder.get_object("macDialogOkButton") self.macDialogCancelButton = \ builder.get_object("macDialogCancelButton") self.macDialogMacEntry = \ builder.get_object("macDialogMacEntry") self.ipsetDialog = builder.get_object("ipsetDialog") self.ipsetDialogOkButton = \ builder.get_object("ipsetDialogOkButton") self.ipsetDialogCancelButton = \ builder.get_object("ipsetDialogCancelButton") self.ipsetDialogIPSetView = \ builder.get_object("ipsetDialogIPSetView") self.ipsetDialogIPSetStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("IPSet", Gtk.CellRendererText(), text=0)) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("Type", Gtk.CellRendererText(), text=1)) self.ipsetDialogIPSetView.set_model(self.ipsetDialogIPSetStore) self.ipsetDialogIPSetView.get_selection().connect( \ "changed", self.change_ipset_selection_cb) self.helperDialog = builder.get_object("helperDialog") self.helperDialogOkButton = \ builder.get_object("helperDialogOkButton") self.helperDialogCancelButton = \ builder.get_object("helperDialogCancelButton") self.helperDialogHelperView = \ builder.get_object("helperDialogHelperView") self.helperDialogHelperStore = Gtk.ListStore(GObject.TYPE_STRING) self.helperDialogHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperDialogHelperView.set_model(self.helperDialogHelperStore) self.helperDialogHelperView.get_selection().connect( \ "changed", self.change_helper_selection_cb) self.moduleDialog = builder.get_object("moduleDialog") self.moduleDialogOkButton = builder.get_object("moduleDialogOkButton") self.moduleDialogCancelButton = \ builder.get_object("moduleDialogCancelButton") self.moduleDialogModuleLabel = builder.get_object("moduleDialogModuleLabel") self.moduleDialogModuleCombobox = \ builder.get_object("moduleDialogModuleCombobox") self.moduleDialogOtherModuleCheck = \ builder.get_object("moduleDialogOtherModuleCheck") self.moduleDialogOtherModuleEntry = \ builder.get_object("moduleDialogOtherModuleEntry") self.sourceDialog = builder.get_object("sourceDialog") self.sourceDialogOkButton = \ builder.get_object("sourceDialogOkButton") self.sourceDialogCancelButton = \ builder.get_object("sourceDialogCancelButton") self.sourceDialogSourceTypeCombobox = \ builder.get_object("sourceDialogSourceTypeCombobox") self.sourceDialogSourceChooser = ChooserButton(builder.get_object( \ "sourceDialogSourceChooser")) self.markDialog = builder.get_object("markDialog") self.markDialogOkButton = \ builder.get_object("markDialogOkButton") self.markDialogCancelButton = \ builder.get_object("markDialogCancelButton") self.markDialogMarkEntry = \ builder.get_object("markDialogMarkEntry") self.markDialogMaskEntry = \ builder.get_object("markDialogMaskEntry") self.serviceBaseDialog = builder.get_object("serviceBaseDialog") self.serviceBaseDialogOkButton = \ builder.get_object("serviceBaseDialogOkButton") self.serviceBaseDialogNameEntry = \ builder.get_object("serviceBaseDialogNameEntry") self.serviceBaseDialogVersionEntry = \ builder.get_object("serviceBaseDialogVersionEntry") self.serviceBaseDialogShortEntry = \ builder.get_object("serviceBaseDialogShortEntry") self.serviceBaseDialogDescText = \ builder.get_object("serviceBaseDialogDescText") self.serviceBaseDialogDescText.get_buffer().connect(\ "changed", self.onServiceBaseDialogChanged) self.icmpDialogIcmpNotebook = \ builder.get_object("icmpDialogIcmpNotebook") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.icmpDialogEditIcmpButton = \ builder.get_object("icmpDialogEditIcmpButton") self.icmpDialogRemoveIcmpButton = \ builder.get_object("icmpDialogRemoveIcmpButton") self.icmpDialogLoadDefaultsIcmpButton = \ builder.get_object("icmpDialogLoadDefaultsIcmpButton") self.icmpDialogIcmpView = \ builder.get_object("icmpDialogIcmpView") self.icmpDialogIcmpStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmpDialogIcmpView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.icmpDialogIcmpView.set_model(self.icmpDialogIcmpStore) self.icmpDialogIcmpStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.icmpDialogIcmpView.get_selection().connect(\ "changed", self.onChangeIcmp) self.icmpDialogDestIpv4Check = \ builder.get_object("icmpDialogDestIpv4Check") self.icmpDialogDestIpv6Check = \ builder.get_object("icmpDialogDestIpv6Check") self.icmpDialogDestIpv4Eventbox = \ builder.get_object("icmpDialogDestIpv4Eventbox") self.icmpDialogDestIpv4Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv4_check_cb) self.icmpDialogDestIpv6Eventbox = \ builder.get_object("icmpDialogDestIpv6Eventbox") self.icmpDialogDestIpv6Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv6_check_cb) self.icmpBaseDialog = builder.get_object("icmpBaseDialog") self.icmpBaseDialogOkButton = \ builder.get_object("icmpBaseDialogOkButton") self.icmpBaseDialogNameEntry = \ builder.get_object("icmpBaseDialogNameEntry") self.icmpBaseDialogVersionEntry = \ builder.get_object("icmpBaseDialogVersionEntry") self.icmpBaseDialogShortEntry = \ builder.get_object("icmpBaseDialogShortEntry") self.icmpBaseDialogDescText = \ builder.get_object("icmpBaseDialogDescText") self.icmpBaseDialogDescText.get_buffer().connect(\ "changed", self.onIcmpBaseDialogChanged) # service dialog self.serviceDialog = builder.get_object("serviceDialog") self.serviceDialogOkButton = builder.get_object("serviceDialogOkButton") self.serviceDialogCancelButton = \ builder.get_object("serviceDialogCancelButton") self.serviceDialogServiceView = \ builder.get_object("serviceDialogServiceView") self.serviceDialogServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceDialogServiceView.append_column( Gtk.TreeViewColumn("Service", Gtk.CellRendererText(), text=0)) self.serviceDialogServiceView.set_model(self.serviceDialogServiceStore) self.serviceDialogServiceView.get_selection().connect( \ "changed", self.change_service_selection_cb) # icmptype dialog self.icmptypeDialog = builder.get_object("icmptypeDialog") self.icmptypeDialogOkButton = \ builder.get_object("icmptypeDialogOkButton") self.icmptypeDialogCancelButton = \ builder.get_object("icmptypeDialogCancelButton") self.icmptypeDialogIcmptypeView = \ builder.get_object("icmptypeDialogIcmptypeView") self.icmptypeDialogIcmptypeStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmptypeDialogIcmptypeView.append_column( Gtk.TreeViewColumn("ICMP Type", Gtk.CellRendererText(), text=0)) self.icmptypeDialogIcmptypeView.set_model( self.icmptypeDialogIcmptypeStore) self.icmptypeDialogIcmptypeView.get_selection().connect( \ "changed", self.change_icmptype_selection_cb) # firewall client self.fw = client.FirewallClient(wait=1) self.__use_exception_handler = True self.fw.setExceptionHandler(self._exception_handler) self.fw.setNotAuthorizedLoop(True) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled_cb) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled_cb) self.fw.connect("connection-changed", self.connection_changed) self.fw.connect("default-zone-changed", self.default_zone_changed_cb) self.fw.connect("reloaded", self.reload_cb) self.fw.connect("lockdown-enabled", self.lockdown_enabled_cb) self.fw.connect("lockdown-disabled", self.lockdown_disabled_cb) self.fw.connect("log-denied-changed", self.log_denied_changed_cb) self.fw.connect("service-added", self.service_added_cb) self.fw.connect("service-removed", self.service_removed_cb) self.fw.connect("port-added", self.port_added_cb) self.fw.connect("port-removed", self.port_removed_cb) self.fw.connect("protocol-added", self.protocol_added_cb) self.fw.connect("protocol-removed", self.protocol_removed_cb) self.fw.connect("source-port-added", self.source_port_added_cb) self.fw.connect("source-port-removed", self.source_port_removed_cb) self.fw.connect("masquerade-added", self.masquerade_added_cb) self.fw.connect("masquerade-removed", self.masquerade_removed_cb) self.fw.connect("forward-port-added", self.forward_port_added_cb) self.fw.connect("forward-port-removed", self.forward_port_removed_cb) self.fw.connect("icmp-block-added", self.icmp_added_cb) self.fw.connect("icmp-block-removed", self.icmp_removed_cb) self.fw.connect("icmp-block-inversion-added", self.icmp_inversion_added_cb) self.fw.connect("icmp-block-inversion-removed", self.icmp_inversion_removed_cb) self.fw.connect("richrule-added", self.richrule_added_cb) self.fw.connect("richrule-removed", self.richrule_removed_cb) self.fw.connect("interface-added", self.interface_added_cb) self.fw.connect("interface-removed", self.interface_removed_cb) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed_cb) self.fw.connect("source-added", self.source_added_cb) self.fw.connect("source-removed", self.source_removed_cb) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed_cb) self.fw.connect("ipset-entry-added", self.ipset_entry_added_cb) self.fw.connect("ipset-entry-removed", self.ipset_entry_removed_cb) self.fw.connect("lockdown-whitelist-command-added", self.lockdown_whitelist_command_added_cb) self.fw.connect("lockdown-whitelist-command-removed", self.lockdown_whitelist_command_removed_cb) self.fw.connect("lockdown-whitelist-context-added", self.lockdown_whitelist_context_added_cb) self.fw.connect("lockdown-whitelist-context-removed", self.lockdown_whitelist_context_removed_cb) self.fw.connect("lockdown-whitelist-uid-added", self.lockdown_whitelist_uid_added_cb) self.fw.connect("lockdown-whitelist-uid-removed", self.lockdown_whitelist_uid_removed_cb) self.fw.connect("lockdown-whitelist-user-added", self.lockdown_whitelist_user_added_cb) self.fw.connect("lockdown-whitelist-user-removed", self.lockdown_whitelist_user_removed_cb) self.fw.connect("direct:chain-added", self.direct_chain_added_cb) self.fw.connect("direct:chain-removed", self.direct_chain_removed_cb) self.fw.connect("direct:rule-added", self.direct_rule_added_cb) self.fw.connect("direct:rule-removed", self.direct_rule_removed_cb) self.fw.connect("direct:passthrough-added", self.direct_passthrough_added_cb) self.fw.connect("direct:passthrough-removed", self.direct_passthrough_removed_cb) self.fw.connect("config:direct:updated", self.direct_updated_cb) self.fw.connect("config:zone-added", self.conf_zone_added_cb) self.fw.connect("config:zone-updated", self.conf_zone_updated_cb) self.fw.connect("config:zone-removed", self.conf_zone_removed_cb) self.fw.connect("config:zone-renamed", self.conf_zone_renamed_cb) self.fw.connect("config:ipset-added", self.conf_ipset_added_cb) self.fw.connect("config:ipset-updated", self.conf_ipset_updated_cb) self.fw.connect("config:ipset-removed", self.conf_ipset_removed_cb) self.fw.connect("config:ipset-renamed", self.conf_ipset_renamed_cb) self.fw.connect("config:service-added", self.conf_service_added_cb) self.fw.connect("config:service-updated", self.conf_service_updated_cb) self.fw.connect("config:service-removed", self.conf_service_removed_cb) self.fw.connect("config:service-renamed", self.conf_service_renamed_cb) self.fw.connect("config:icmptype-added", self.conf_icmp_added_cb) self.fw.connect("config:icmptype-updated", self.conf_icmp_updated_cb) self.fw.connect("config:icmptype-removed", self.conf_icmp_removed_cb) self.fw.connect("config:icmptype-renamed", self.conf_icmp_renamed_cb) self.fw.connect("config:helper-added", self.conf_helper_added_cb) self.fw.connect("config:helper-updated", self.conf_helper_updated_cb) self.fw.connect("config:helper-removed", self.conf_helper_removed_cb) self.fw.connect("config:helper-renamed", self.conf_helper_renamed_cb) self.fw.connect("config:policies:lockdown-whitelist-updated", self.lockdown_whitelist_updated_cb) # settings self.settings.connect("changed::show-ipsets", self.settings_show_ipsets_changed) self.settings_show_ipsets_changed(self.settings, "show-ipsets") self.settings.connect("changed::show-icmp-types", self.settings_show_icmp_types_changed) self.settings_show_icmp_types_changed(self.settings, "show-icmp-types") self.settings.connect("changed::show-direct", self.settings_show_direct_changed) self.settings_show_direct_changed(self.settings, "show-direct") self.settings.connect("changed::show-helpers", self.settings_show_helpers_changed) self.settings_show_helpers_changed(self.settings, "show-helpers") self.settings.connect("changed::show-lockdown-whitelist", self.settings_show_lockdown_whitelist_changed) self.settings_show_lockdown_whitelist_changed(self.settings, "show-lockdown-whitelist") self.settings.connect("changed::show-active-bindings", self.settings_show_active_bindings_changed) self.settings_show_active_bindings_changed(self.settings, "show-active-bindings") # connect self.connections = { } self.connections_name = { } if nm_is_imported(): self.fw.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') else: text = _("No NetworkManager imports available") self._warning(text) self.nm_signal_receiver() # start with no connection self.connection_changed() # mainloop self.mainWindow.show() self.mainloop = GLib.MainLoop() try: self.mainloop.run() except KeyboardInterrupt: self.onQuit() def add_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def remove_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def hide_and_remove_visible_dialogs(self): while len(self.visible_dialogs) > 0: dialog = self.visible_dialogs.pop() dialog.hide() def left_menu_cb(self, widget, menu): menu.show_all() def no_select(self, item): item.deselect() def change_zone_interface_editor(self, item, interface, zone): if interface in self.zone_interface_editors: return self.zone_interface_editors[interface].present() editor = ZoneInterfaceEditor(self.fw, interface, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_interface_editors[interface] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfInterface(editor.get_zone(), interface) del self.zone_interface_editors[interface] def change_zone_connection_editor(self, item, connection, connection_name, zone): if connection in self.zone_connection_editors: return self.zone_connection_editors[connection].present() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_connection_editors[connection] = editor editor.show_all() editor.run() editor.hide() del self.zone_connection_editors[connection] def change_zone_source_editor(self, item, source, zone): if source in self.zone_source_editors: return self.zone_source_editors[source].present() editor = ZoneSourceEditor(self.fw, source, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_source_editors[source] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfSource(editor.get_zone(), source) del self.zone_source_editors[source] def onViewIPSet_toggled(self, button): self.settings.set_boolean("show-ipsets", button.get_active()) def settings_show_ipsets_changed(self, settings, key): self.show_ipsets = settings.get_boolean(key) self.ipsetsBox.set_visible(self.show_ipsets) self.ipsetsMenuitem.set_active(self.show_ipsets) if self.show_ipsets: if self.fw.connected: self.load_ipsets() else: self.ipsetConfIPSetStore.clear() def onViewICMPTypes_toggled(self, button): self.settings.set_boolean("show-icmp-types", button.get_active()) def settings_show_icmp_types_changed(self, settings, key): self.show_icmp_types = settings.get_boolean(key) self.icmpTypesBox.set_visible(self.show_icmp_types) self.icmpTypesMenuitem.set_active(self.show_icmp_types) if self.show_icmp_types: if self.fw.connected: self.load_icmps() else: self.icmpDialogIcmpStore.clear() def onViewHelpers_toggled(self, button): self.settings.set_boolean("show-helpers", button.get_active()) def settings_show_helpers_changed(self, settings, key): self.show_helpers = settings.get_boolean(key) self.helpersBox.set_visible(self.show_helpers) self.helpersMenuitem.set_active(self.show_helpers) if self.show_helpers: if self.fw.connected: self.load_helpers() else: self.helperConfHelperStore.clear() def onViewDirect_toggled(self, button): self.settings.set_boolean("show-direct", button.get_active()) def settings_show_direct_changed(self, settings, key): self.show_direct = settings.get_boolean(key) self.directBox.set_visible(self.show_direct) self.directMenuitem.set_active(self.show_direct) if self.show_direct: if self.fw.connected: self.load_direct() else: self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() def onViewLockdownWhitelist_toggled(self, button): self.settings.set_boolean("show-lockdown-whitelist", button.get_active()) def settings_show_lockdown_whitelist_changed(self, settings, key): self.show_lockdown_whitelist = settings.get_boolean(key) self.lockdownWhitelistBox.set_visible(self.show_lockdown_whitelist) self.lockdownWhitelistMenuitem.set_active(self.show_lockdown_whitelist) if self.show_lockdown_whitelist: if self.fw.connected: self.load_lockdown_whitelist() else: self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() def settings_show_active_bindings_changed(self, settings, key): self.show_active_bindings = settings.get_boolean(key) self.activeBindingsMenuitem.set_active(self.show_active_bindings) if self.show_active_bindings != self.bindingsExpander.get_expanded(): self.bindingsExpander.set_expanded(self.show_active_bindings) def onViewActiveBindings_toggled(self, button): self.settings.set_boolean("show-active-bindings", button.get_active()) def bindings_expander_changed(self, *args): self.show_active_bindings = self.bindingsExpander.get_expanded() self.settings.set_boolean("show-active-bindings", self.show_active_bindings) self.activeBindingsMenuitem.set_active(self.show_active_bindings) def nm_signal_receiver(self, *args, **kwargs): #print("nm_signal_receiver", args, kwargs) self.update_active_zones() self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): try: nm_get_connections(self.connections, self.connections_name) except Exception: text = _("Failed to get connections from NetworkManager") self._warning(text) iter = self.interfaceStore.get_iter_first() while iter: interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) if zone == "": comment = self.default_zone_used_by_label % \ connection_name else: comment = self.used_by_label % connection_name self.interfaceStore.set_value(iter, 1, comment) iter = self.interfaceStore.iter_next(iter) self.change_interface_selection_cb(self.interfaceView.get_selection()) def _dialog(self, text, msg=None, title=None, message_type=Gtk.MessageType.INFO, buttons=[("gtk-close", 1)]): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=message_type) dialog.set_markup(text) if title: dialog.set_title(title) if msg: dialog.format_secondary_markup(msg) if len(buttons) > 0: for button,id in buttons: dialog.add_button(button, id) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) result = dialog.run() dialog.hide() return result def _warning(self, msg): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=Gtk.MessageType.WARNING) dialog.set_markup("" + _("Warning") + "") dialog.format_secondary_markup(msg) dialog.add_button("gtk-close", 1) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) dialog.run() dialog.hide() def _error(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=(("gtk-ok", 0),("gtk-quit", 1))) == 1: self.onQuit() def connection_failed(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=[("gtk-quit", 1)]) == 1: self.onQuit() def connection_changed(self): if self.connection_timer: GLib.source_remove(self.connection_timer) self.connection_timer = None if self.fw.connected: self.fw.authorizeAll() self.statusLabel.set_text(self.connected_label) self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) lockdown = self.fw.queryLockdown() if lockdown: self.lockdownLabel.set_text(self.enabled) else: self.lockdownLabel.set_text(self.disabled) panic = self.fw.queryPanicMode() if panic: self.panicLabel.set_text(self.enabled) else: self.panicLabel.set_text(self.disabled) self.modifiedLabel.set_text("") self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(lockdown) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(panic) self.panicMenuitem.handler_unblock(self.panic_check_id) self.nf_conntrack_helpers = \ self.fw.get_property("nf_conntrack_helpers") for x in self.nf_conntrack_helpers.keys(): self.moduleDialogModuleCombobox.append_text(x) if self.connection_lost: self.onChangeView() else: self.currentViewCombobox.set_active(0) self.waitingWindow.hide() self.waitingWindowSpinner.stop() else: if self.statusLabel.get_text() == self.connected_label: self.connection_lost = True self.statusLabel.set_text(self.trying_to_connect_label) self.defaultZoneLabel.set_text("-") self.lockdownLabel.set_text("-") self.panicLabel.set_text("-") self.moduleDialogModuleCombobox.remove_all() self.nf_conntrack_helpers.clear() self.hide_and_remove_visible_dialogs() self.waitingWindow.show() self.waitingWindowLabel.set_text(self.trying_to_connect_label) self.waitingWindowSpinner.start() self.connection_timer = GLib.timeout_add_seconds( 15, self.connection_failed, self.failed_to_connect_label) self.update_active_zones() self.mainPaned.set_sensitive(self.fw.connected) # make all entries in options menu (in)sensitive for child in self.optionsMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) # make all entries in view menu (in)sensitive for child in self.viewMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) def changes_applied(self): self.modifiedLabel.set_text(self.changes_applied_label) if self.modified_timer: GLib.source_remove(self.modified_timer) self.modified_timer = GLib.timeout_add_seconds( 5, self.clear_changes_applied, None) def clear_changes_applied(self, *args): self.modifiedLabel.set_text("") self.modified_timer = None def panic_mode_enabled_cb(self): self.panicLabel.set_text(self.enabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(True) self.panicMenuitem.handler_unblock(self.panic_check_id) def panic_mode_disabled_cb(self): self.panicLabel.set_text(self.disabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(False) self.panicMenuitem.handler_unblock(self.panic_check_id) def reload_cb(self): self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() self.update_active_zones() def load_zones(self): selected_zone = self.get_selected_zone() if self.runtime_view: zones = self.fw.getZones() else: zones = self.fw.config().getZoneNames() # reset and fill notebook content according to view selection = self.zoneView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) self.zoneStore.clear() self.serviceStore.clear() self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.icmpStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() if self.runtime_view: for item in self.fw.listServices(): self.serviceStore.append([False, item]) for item in self.fw.listIcmpTypes(): self.icmpStore.append([False, item]) else: for item in self.fw.config().getServiceNames(): self.serviceStore.append([False, item]) for item in self.fw.config().getIcmpTypeNames(): self.icmpStore.append([False, item]) # zones active_zones = self.active_zones.keys() for zone in zones: if zone in active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) if selected_zone in zones: _zone = selected_zone else: _zone = self.defaultZoneLabel.get_text() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == _zone: selection.select_iter(iter) return iter = self.zoneStore.iter_next(iter) # fallback selection.select_path(0) if not self.get_selected_zone(): self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) def get_active_service(self): selection = self.serviceConfServiceView.get_selection() (model, iter) = selection.get_selected() if iter: return self.serviceConfServiceStore.get_value(iter, 0) return None def load_services(self): active_service = self.get_active_service() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() selection = self.serviceConfServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.serviceConfServiceStore.clear() # services for service in services: self.serviceConfServiceStore.append([service]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == \ active_service: selection.select_iter(iter) return iter = self.serviceConfServiceStore.iter_next(iter) selection.select_path(0) if not self.get_active_service(): self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) def change_rich_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editRichRuleButton.set_sensitive(True) self.removeRichRuleButton.set_sensitive(True) else: self.editRichRuleButton.set_sensitive(False) self.removeRichRuleButton.set_sensitive(False) def service_added_cb(self, zone, service, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, True) break iter = self.serviceStore.iter_next(iter) def service_removed_cb(self, zone, service): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, False) break iter = self.serviceStore.iter_next(iter) def service_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addService(selected_zone, name) else: self.fw.removeService(selected_zone, name) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addService(name) else: zone.removeService(name) self.changes_applied() def change_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editPortButton.set_sensitive(True) self.removePortButton.set_sensitive(True) else: self.editPortButton.set_sensitive(False) self.removePortButton.set_sensitive(False) def change_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourcePortButton.set_sensitive(True) self.removeSourcePortButton.set_sensitive(True) else: self.editSourcePortButton.set_sensitive(False) self.removeSourcePortButton.set_sensitive(False) def change_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editProtocolButton.set_sensitive(True) self.removeProtocolButton.set_sensitive(True) else: self.editProtocolButton.set_sensitive(False) self.removeProtocolButton.set_sensitive(False) def change_forward_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editForwardButton.set_sensitive(True) self.removeForwardButton.set_sensitive(True) else: self.editForwardButton.set_sensitive(False) self.removeForwardButton.set_sensitive(False) def masquerade_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.masqueradeCheck.get_active(): if not self.fw.queryMasquerade(selected_zone): self.fw.addMasquerade(selected_zone) self.changes_applied() else: if self.fw.queryMasquerade(selected_zone): self.fw.removeMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setMasquerade(not self.masqueradeCheck.get_active()) self.changes_applied() def masquerade_added_cb(self, zone, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(True) def masquerade_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(False) def icmp_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addIcmpBlock(selected_zone, name) else: self.fw.removeIcmpBlock(selected_zone, name) else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addIcmpBlock(name) else: zone.removeIcmpBlock(name) self.changes_applied() def icmp_added_cb(self, zone, icmp, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, True) break iter = self.icmpStore.iter_next(iter) def icmp_removed_cb(self, zone, icmp): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, False) break iter = self.icmpStore.iter_next(iter) def icmp_block_inversion_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.icmpBlockInversionCheck.get_active(): if not self.fw.queryIcmpBlockInversion(selected_zone): self.fw.addIcmpBlockInversion(selected_zone) self.changes_applied() else: if self.fw.queryIcmpBlockInversion(selected_zone): self.fw.removeIcmpBlockInversion(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setIcmpBlockInversion(not self.icmpBlockInversionCheck.get_active()) self.changes_applied() def icmp_inversion_added_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(True) def icmp_inversion_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(False) def _add_rich_rule(self, obj): family = "all" priority = 0 src = "" dest = "" elem = "" log = "" audit = "" action = "" if obj.family: family = obj.family if obj.priority: priority = obj.priority if obj.action: if type(obj.action) == rich.Rich_Accept: action = _("accept") elif type(obj.action) == rich.Rich_Reject: action = _("reject") if obj.action.type is not None: action += "\n" + obj.action.type elif type(obj.action) == rich.Rich_Drop: action = _("drop") elif type(obj.action) == rich.Rich_Mark: action = _("mark") action += "\nset " + obj.action.set if obj.action.limit: action += "\n" + _("limit") + " " + obj.action.limit.value if obj.source: if obj.source.invert: src = "! " if obj.source.addr: src += "IP: %s" % obj.source.addr elif obj.source.mac: src += "MAC: %s" % obj.source.mac elif obj.source.ipset: src += "ipset:%s" % obj.source.ipset if obj.destination: dest = obj.destination.addr if obj.destination.invert: dest = "! %s" % dest if obj.element: if type(obj.element) == rich.Rich_Service: elem = _("service") + "\n" + obj.element.name elif type(obj.element) == rich.Rich_Port: elem = _("port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) elif type(obj.element) == rich.Rich_Protocol: elem = _("protocol") + "\n" + obj.element.value elif type(obj.element) == rich.Rich_Masquerade: elem = _("masquerade") elif type(obj.element) == rich.Rich_IcmpBlock: elem = _("icmp-block") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_IcmpType: elem = _("icmp-type") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_ForwardPort: elem = _("forward-port") + "\n%s" % self.create_fwp_string( obj.element.port, obj.element.protocol, obj.element.to_port, obj.element.to_address) elif type(obj.element) == rich.Rich_SourcePort: elem = _("source-port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) else: elem = str(obj.element) if obj.log: if obj.log.prefix: log = '"%s"' % obj.log.prefix if obj.log.level: log += "\n" + _("level") + " " + obj.log.level if obj.log.limit: log += "\n" + _("limit") + " " + obj.log.limit.value if log == "": log = _("yes") if obj.audit: if obj.audit.limit: audit += "\n" + _("limit") + " " + obj.audit.limit.value if audit == "": audit = _("yes") self.richRuleStore.append([obj, family, priority, action, elem, src, dest, log, audit]) def richrule_added_cb(self, zone, rule, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): # already there return iter = self.richRuleStore.iter_next(iter) # nothing found, so add it self._add_rich_rule(obj) def richrule_removed_cb(self, zone, rule): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): self.richRuleStore.remove(iter) break iter = self.richRuleStore.iter_next(iter) def _add_interface(self, interface): comment = "" if interface in self.connections: zone = nm_get_zone_of_connection(self.connections[interface]) if zone == "": comment = self.default_zone_used_by_label % \ self.connections[interface] else: comment = self.used_by_label % self.connections[interface] self.interfaceStore.append([interface, comment]) def interface_added_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # already there return iter = self.interfaceStore.iter_next(iter) # nothing found, so add it self._add_interface(interface) def interface_removed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: self.interfaceStore.remove(iter) break iter = self.interfaceStore.iter_next(iter) def zone_of_interface_changed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view: return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # it is here, remove it self.interfaceStore.remove(iter) iter = self.interfaceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self._add_interface(interface) def source_added_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # already there return iter = self.sourceStore.iter_next(iter) # nothing found, so add it self.sourceStore.append([source]) def source_removed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: self.sourceStore.remove(iter) break iter = self.sourceStore.iter_next(iter) def zone_of_source_changed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view: return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # it is here, remove it self.sourceStore.remove(iter) iter = self.sourceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self.sourceStore.append([source]) def conf_zone_added_cb(self, zone): if self.runtime_view: return # check if zone is in store iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: return iter = self.zoneStore.iter_next(iter) # not in list, append if zone in self.active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.zoneView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_zone_updated_cb(self, zone): if self.runtime_view or zone != self.get_selected_zone(): return self.onChangeZone() def conf_zone_removed_cb(self, zone): if self.runtime_view: return iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: self.zoneStore.remove(iter) break iter = self.zoneStore.iter_next(iter) def conf_zone_renamed_cb(self, zone): if self.runtime_view: return # Get all zones, renamed the one that is missing. # If more or less than one is missing, update zone store. zones = self.fw.config().getZoneNames() use_iter = None iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) not in zones: if use_iter is not None: return self.load_zones() use_iter = iter iter = self.zoneStore.iter_next(iter) if use_iter is None: return self.load_zones() self.zoneStore.set_value(use_iter, 0, zone) def deactivate_exception_handler(self): self.__use_exception_handler = False def activate_exception_handler(self): self.__use_exception_handler = True def _exception_handler(self, exception_message): if not self.__use_exception_handler: raise if "NotAuthorizedException" in exception_message: self._error(_("Authorization failed.")) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", functions.b2u(_("Invalid name"))) self._warning(msg) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace( "NAME_CONFLICT", functions.b2u(_("Name already exists"))) self._warning(msg) elif "NO_DEFAULTS" in exception_message: pass else: self._error(exception_message) def get_selected_zone(self): selection = self.zoneView.get_selection() (model, iter) = selection.get_selected() if iter: return self.zoneStore.get_value(iter, 0) return None def onQuit(self, *args): self.mainloop.quit() sys.exit() def onAbout(self, *args): self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.show_all() self.aboutDialog.run() self.aboutDialog.hide() def onReloadFirewalld(self, *args): self.fw.reload() def onChangeView(self, *args): # Fix interaction problem of changed event of gtk combobox with # polkit-kde by processing all remaining events. # # The changed callback is signaled before the popup window has been # destroyed and before the focus (keyboard and mouse) has been reset. # This results in a deadlock in KDE and Qt, because the polkit KDE # agent can not get the focus and the user has no chance to enter the # desired password into the agent and is also not able to close the # agent with the mouse. The focus is still on the combobox popup. Gdk.DisplayManager.get().get_default_display().flush() self.fw.authorizeAll() self.runtime_view = (self.currentViewCombobox.get_active_text() == \ _("Runtime")) self.zoneEditBox.set_sensitive(not self.runtime_view) self.serviceConfDestinationGrid.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv4Check.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv6Check.set_sensitive(not self.runtime_view) self.ipsetConfEntryBox.set_sensitive(False) if self.runtime_view: self.zoneEditBox.hide() self.ipsetConfIPSetEditBox.hide() self.serviceConfServiceEditBox.hide() self.serviceConfPortBox.hide() self.serviceConfProtocolBox.hide() self.serviceConfSourcePortBox.hide() self.serviceConfModuleBox.hide() self.icmpDialogIcmpEditBox.hide() self.helperConfHelperEditBox.hide() self.helperConfPortBox.hide() else: self.zoneEditBox.show() self.ipsetConfIPSetEditBox.show() self.serviceConfServiceEditBox.show() self.serviceConfPortBox.show() self.serviceConfProtocolBox.show() self.serviceConfSourcePortBox.show() self.serviceConfModuleBox.show() self.icmpDialogIcmpEditBox.show() self.helperConfHelperEditBox.show() self.helperConfPortBox.show() self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu left_menu_children = self.left_menu.get_children() for child in left_menu_children: self.left_menu.remove(child) child.destroy() # add connecitons entry item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Connections"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if self.fw.connected: self.active_zones = self.fw.getActiveZones() else: self.active_zones = { } # clean bindingsView, leave connections, interfaces and sources entries self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.NONE) iter = self.bindingsStore.iter_children(self.connectionsIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.connectionsIter) iter = self.bindingsStore.iter_children(self.interfacesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.interfacesIter) iter = self.bindingsStore.iter_children(self.sourcesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.sourcesIter) self.changeBindingsButton.set_sensitive(False) # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in connections: zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, [ interface, ] ] else: connections[connection][1].append(interface) # add NM controlled entries for connection in sorted(connections): [ zone, _interfaces ] = connections[connection] connection_name = self.connections_name[connection] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() if zone == "": label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Default Zone")), self.default_zone)) else: label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_connection_editor, connection, connection_name, zone) self.left_menu.append(item) if zone == "": self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Default Zone: %s") % self.default_zone), connection, zone ]) else: self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Zone: %s") % zone), connection, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Interfaces"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(interfaces) > 0: # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (interface, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_interface_editor, interface, zone) self.left_menu.append(item) self.bindingsStore.append( self.interfacesIter, [ "%s\n%s" % (interface, _("Zone: %s") % zone), interface, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Sources"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(sources) > 0: for source in sorted(sources): zone = sources[source] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (source, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_source_editor, source, zone) self.left_menu.append(item) self.bindingsStore.append( self.sourcesIter, [ "%s\n%s" % (source, _("Zone: %s") % zone), source, zone ]) self.bindingsView.expand_all() self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) in self.active_zones.keys(): self.zoneStore.set_value(iter, 1, Pango.Weight.BOLD) else: self.zoneStore.set_value(iter, 1, Pango.Weight.NORMAL) iter = self.zoneStore.iter_next(iter) def onChangeDefaultZone(self, *args): self.defaultZoneStore.clear() zones = self.fw.getZones() # self.default_zone = self.fw.getDefaultZone() for zone in zones: if zone == self.default_zone: self.defaultZoneStore.append([zone, Pango.Weight.BOLD]) else: self.defaultZoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.defaultZoneView.get_selection() if self.default_zone in zones: selection.select_path(zones.index(self.default_zone)) else: selection.set_mode(Gtk.SelectionMode.NONE) self.defaultZoneDialogOkButton.set_sensitive(False) self.defaultZoneDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.defaultZoneDialog.set_transient_for(self.mainWindow) self.defaultZoneDialog.show_all() self.add_visible_dialog(self.defaultZoneDialog) result = self.defaultZoneDialog.run() self.defaultZoneDialog.hide() self.remove_visible_dialog(self.defaultZoneDialog) if result == 1: (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] if new_default_zone != self.default_zone: self.fw.setDefaultZone(new_default_zone) self.default_zone = new_default_zone self.changes_applied() def on_logDeniedDialogValueCombobox_changed(self, combo): self.logDeniedDialogOkButton.set_sensitive( combo.get_active_text() != self.log_denied) def onChangeLogDenied(self, *args): combobox_select_text(self.logDeniedDialogValueCombobox, self.fw.getLogDenied()) self.logDeniedDialogOkButton.set_sensitive(False) self.logDeniedDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.logDeniedDialog.set_transient_for(self.mainWindow) self.logDeniedDialog.show_all() self.add_visible_dialog(self.logDeniedDialog) result = self.logDeniedDialog.run() self.logDeniedDialog.hide() self.remove_visible_dialog(self.logDeniedDialog) if result == 1: value = self.logDeniedDialogValueCombobox.get_active_text() if value != self.log_denied: self.fw.setLogDenied(value) self.log_denied = value self.changes_applied() def log_denied_changed_cb(self, value): self.logDeniedLabel.set_text(value) combobox_select_text(self.logDeniedDialogValueCombobox, value) def set_automaticHelpersLabel(self, value): if value == "system": self.automaticHelpersLabel.set_text( "%s (%s)" % (value, { 0:"off", 1:"on" }[ self.fw.get_property("nf_conntrack_helper_setting")])) else: self.automaticHelpersLabel.set_text(value) def on_automaticHelpersDialogValueCombobox_changed(self, combo): self.automaticHelpersDialogOkButton.set_sensitive( combo.get_active_text() != self.automatic_helpers) def onChangeAutomaticHelpers(self, *args): combobox_select_text(self.automaticHelpersDialogValueCombobox, self.fw.getAutomaticHelpers()) self.automaticHelpersDialogOkButton.set_sensitive(False) self.automaticHelpersDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.automaticHelpersDialog.set_transient_for(self.mainWindow) self.automaticHelpersDialog.show_all() self.add_visible_dialog(self.automaticHelpersDialog) result = self.automaticHelpersDialog.run() self.automaticHelpersDialog.hide() self.remove_visible_dialog(self.automaticHelpersDialog) if result == 1: value = self.automaticHelpersDialogValueCombobox.get_active_text() if value != self.automatic_helpers: self.fw.setAutomaticHelpers(value) self.automatic_helpers = value self.changes_applied() def automatic_helpers_changed_cb(self, value): self.set_automaticHelpersLabel(value) combobox_select_text(self.automaticHelpersDialogValueCombobox, value) def onRuntimeToPermanent(self, *args): self.fw.runtimeToPermanent() def on_defaultZoneViewSelection_changed(self, selection): (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] self.defaultZoneDialogOkButton.set_sensitive( \ new_default_zone != self.default_zone) def default_zone_changed_cb(self, zone): self.default_zone = zone self.defaultZoneLabel.set_text(zone) self.update_active_zones() def onSelectBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: self.changeBindingsButton.set_sensitive(False) return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: selection.unselect_all() self.changeBindingsButton.set_sensitive(False) #self.editBindingsButton.set_sensitive(False) return if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(False) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) def onBindingClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onChangeBinding() def onChangeBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: return item = self.bindingsStore.get_value(iter, 1) zone = self.bindingsStore.get_value(iter, 2) if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.change_zone_connection_editor(None, item, self.connections_name[item], zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.change_zone_interface_editor(None, item, zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.change_zone_source_editor(None, item, zone) #def onEditBindingClicked(self, widget, event): # if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: # self.onEditBinding() #def onEditBinding(self, *args): # return def onChangeZone(self, *args): selected_zone = self.get_selected_zone() ### load zone settings self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.sourcePortStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() self.serviceView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.portView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.zoneNotebook.set_tooltip_markup("") if not selected_zone: self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) iter = self.serviceStore.get_iter_first() while iter: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) self.masqueradeCheck.set_active(False) iter = self.icmpStore.get_iter_first() while iter: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(False) return self.zoneEditEditButton.set_sensitive(True) self.zoneNotebook.set_sensitive(True) if self.runtime_view: # load runtime configuration try: settings = self.fw.getZoneSettings(selected_zone) except: return default = False builtin = False else: # load permanent configuration try: zone = self.fw.config().getZoneByName(selected_zone) except: return settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] services = settings.getServices() ports = settings.getPorts() protocols = settings.getProtocols() masquerade = settings.getMasquerade() forward_ports = settings.getForwardPorts() source_ports = settings.getSourcePorts() icmpblocks = settings.getIcmpBlocks() rules = settings.getRichRules() interfaces = settings.getInterfaces() sources = settings.getSources() icmp_block_inversion = settings.getIcmpBlockInversion() self.zoneNotebook.set_sensitive(True) self.zoneEditRemoveButton.set_sensitive(not builtin and default) self.zoneEditLoadDefaultsButton.set_sensitive(not default) # set services _services = services[:] iter = self.serviceStore.get_iter_first() while iter: name = self.serviceStore.get_value(iter, 1) if name in _services: self.serviceStore.set_value(iter, 0, True) _services.remove(name) else: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) # handle unknown services for name in _services: text = _("Zone '%s': Service '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1), (_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeService(selected_zone, name) else: settings.removeService(name) zone.update(settings) self.changes_applied() # set ports for item in ports: self.portStore.append(item) # set protocols for item in protocols: self.protocolStore.append([item]) # set masquerade self.masqueradeCheck.set_active(masquerade) # set forward ports for item in forward_ports: self.forwardStore.append(item) # set source ports for item in source_ports: self.sourcePortStore.append(item) # set icmpblocks _icmpblocks = icmpblocks[:] iter = self.icmpStore.get_iter_first() while iter: name = self.icmpStore.get_value(iter, 1) if name in _icmpblocks: self.icmpStore.set_value(iter, 0, True) _icmpblocks.remove(name) else: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(icmp_block_inversion) # handle unknown icmpblocks for name in _icmpblocks: text = _("Zone '%s': ICMP type '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1),(_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeIcmpBlock(selected_zone, name) else: settings.removeIcmpBlock(name) zone.update(settings) self.changes_applied() # set rich rules for item in rules: rule = rich.Rich_Rule(rule_str=item) self._add_rich_rule(rule) # set interfaces for item in interfaces: self._add_interface(item) # set sources for item in sources: self.sourceStore.append([item]) self.serviceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.portView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.interfaceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) def onAddZone(self, *args): if self.runtime_view: return self.add_edit_zone(True) def onRemoveZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.remove() self.changes_applied() self.load_zones() self.onChangeZone() def onEditZone(self, *args): if self.runtime_view: return self.add_edit_zone(False) def onLoadDefaultsZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.loadDefaults() self.changes_applied() self.onChangeZone() def entry_changed(self, entry, allowed_chars, modify=None): "Remove all disallowed characters and truncate length." origtext = entry.get_text() newtext = origtext for char in origtext: if char not in allowed_chars: newtext = newtext.replace(char, "") OK = len(newtext) > 0 if modify: OK, newtext = modify(newtext) if newtext != origtext: entry.set_text(newtext) return OK def onZoneBaseDialogChanged(self, *args): def check_zone_name(zone): max_len = functions.max_zone_name_len() parts = zone.split('/') if len(parts) < 2: return (True, zone) if len(parts[0]) > max_len: parts[0] = parts[0][:max_len] zone = '/'.join(parts[:2]) OK = len(zone) > 1 and zone[0] != '/' and zone[-1] != '/' return (OK, zone) OK=True if args and (args[0] == self.zoneBaseDialogNameEntry): additional_chars = "".join(Zone.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_zone_name) self.zoneBaseDialogOkButton.set_sensitive(OK) def onZoneBaseDialogTargetCheckToggled(self, check): val = check.get_active() self.zoneBaseDialogTargetCombobox.set_sensitive(not val) def add_edit_zone(self, add): l = functions.max_zone_name_len() self.zoneBaseDialogNameEntry.set_max_length(l) self.zoneBaseDialogNameEntry.set_width_chars(l) self.zoneBaseDialogNameEntry.set_max_width_chars(l) if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_target = None self.zoneBaseDialogNameEntry.set_text("") self.zoneBaseDialogVersionEntry.set_text("") self.zoneBaseDialogShortEntry.set_text("") self.zoneBaseDialogDescText.get_buffer().set_text("") self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] old_name = zone.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_target = settings.getTarget() self.zoneBaseDialogNameEntry.set_text(old_name) self.zoneBaseDialogVersionEntry.set_text(old_version) self.zoneBaseDialogShortEntry.set_text(old_short) self.zoneBaseDialogDescText.get_buffer().set_text(old_desc) if old_target == "default" or \ old_target == DEFAULT_ZONE_TARGET: self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: self.zoneBaseDialogTargetCheck.set_active(False) combobox_select_text(self.zoneBaseDialogTargetCombobox, old_target if old_target != "%%REJECT%%" else "REJECT") self.zoneBaseDialogOkButton.set_sensitive(False) if builtin: self.zoneBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in zone, rename not supported.")) else: self.zoneBaseDialogNameEntry.set_tooltip_markup("") self.zoneBaseDialogNameEntry.set_sensitive(not builtin and default) self.zoneBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.zoneBaseDialog.set_transient_for(self.mainWindow) self.zoneBaseDialog.show_all() self.add_visible_dialog(self.zoneBaseDialog) result = self.zoneBaseDialog.run() self.zoneBaseDialog.hide() self.remove_visible_dialog(self.zoneBaseDialog) if result != 1: return name = self.zoneBaseDialogNameEntry.get_text() version = self.zoneBaseDialogVersionEntry.get_text() short = self.zoneBaseDialogShortEntry.get_text() buffer = self.zoneBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) target = "default" # this has been DEFAULT_ZONE_TARGET before if not self.zoneBaseDialogTargetCheck.get_active(): target = self.zoneBaseDialogTargetCombobox.get_active_text() if target == "REJECT": target = "%%REJECT%%" if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_target == target: # no changes return if not add: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() else: settings = client.FirewallClientZoneSettings() if old_version != version or old_short != short or \ old_desc != desc or old_target != target: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setTarget(target) if not add: zone.update(settings) if not add: if old_name == name: return zone.rename(name) else: self.fw.config().addZone(name, settings) self.changes_applied() def onAddRichRule(self, *args): self.add_edit_rich_rule(True) def onEditRichRule(self, *args): self.add_edit_rich_rule(False) def onRichRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_rich_rule(False) def onRemoveRichRule(self, *args): selected_zone = self.get_selected_zone() selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return obj = self.richRuleStore.get_value(iter, 0) if self.runtime_view: self.fw.removeRichRule(selected_zone, str(obj)) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeRichRule(str(obj)) self.changes_applied() def add_edit_rich_rule(self, add): self.richRuleDialogFamilyCombobox.set_active(0) self.richRuleDialogPriorityEntry.set_value(0) self.richRuleDialogElementCheck.set_active(False) self.richRuleDialogElementCombobox.set_active(0) self.richRuleDialogElementChooser.set_text("") self.richRuleDialogActionCheck.set_active(False) self.richRuleDialogActionCombobox.set_active(0) self.richRuleDialogActionRejectTypeCheck.set_active(False) self.richRuleDialogActionRejectTypeCombobox.set_active(0) self.richRuleDialogActionMarkChooser.set_text("") self.richRuleDialogActionLimitCheck.set_active(False) self.richRuleDialogActionLimitRateEntry.set_text("") self.richRuleDialogActionLimitDurationCombobox.set_active(0) self.richRuleDialogSourceInvertCheck.set_active(False) self.richRuleDialogSourceTypeCombobox.set_active(0) self.richRuleDialogSourceChooser.set_text("") self.richRuleDialogDestinationInvertCheck.set_active(False) self.richRuleDialogDestinationChooser.set_text("") self.richRuleDialogLogCheck.set_active(False) self.richRuleDialogLogPrefixEntry.set_text("") self.richRuleDialogLogLevelCombobox.set_active(4) self.richRuleDialogLogLimitCheck.set_active(False) self.richRuleDialogLogLimitRateEntry.set_text("") self.richRuleDialogLogLimitDurationCombobox.set_active(0) self.richRuleDialogAuditCheck.set_active(False) self.richRuleDialogAuditLimitCheck.set_active(False) self.richRuleDialogAuditLimitRateEntry.set_text("") self.richRuleDialogAuditLimitDurationCombobox.set_active(0) smhd = { "s": _("second"), "m": _("minute"), "h": _("hour"), "d": _("day") } loglevel = { "emerg": _("emergency"), "alert": _("alert"), "crit": _("critical"), "error": _("error"), "warning": _("warning"), "notice": _("notice"), "info": _("info"), "debug": _("debug"), } selected_zone = self.get_selected_zone() old_obj = None iter = None if not add: selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_obj = self.richRuleStore.get_value(iter, 0) self.richRuleDialog.old_obj = old_obj if old_obj: if old_obj.family in [ "ipv4", "ipv6" ]: combobox_select_text(self.richRuleDialogFamilyCombobox, old_obj.family, insensitive=True) if old_obj.priority != 0: self.richRuleDialogPriorityEntry.set_value(old_obj.priority) if old_obj.element: self.richRuleDialogElementCheck.set_active(True) # element if type(old_obj.element) == rich.Rich_Service: combobox_select_text(self.richRuleDialogElementCombobox, _("service")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_Port: combobox_select_text(self.richRuleDialogElementCombobox, _("port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) elif type(old_obj.element) == rich.Rich_Protocol: combobox_select_text(self.richRuleDialogElementCombobox, _("protocol")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.value) elif type(old_obj.element) == rich.Rich_Masquerade: combobox_select_text(self.richRuleDialogElementCombobox, _("masquerade")) elif type(old_obj.element) == rich.Rich_IcmpBlock: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-block")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_IcmpType: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-type")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_ForwardPort: combobox_select_text(self.richRuleDialogElementCombobox, _("forward-port")) s = "%s/%s" % (old_obj.element.port, old_obj.element.protocol) if old_obj.element.to_port != "": s += " >%s" % old_obj.element.to_port if old_obj.element.to_address != "": s += " @%s" % old_obj.element.to_address self.richRuleDialogElementChooser.set_text(s) elif type(old_obj.element) == rich.Rich_SourcePort: combobox_select_text(self.richRuleDialogElementCombobox, _("source-port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) # action if old_obj.action: self.richRuleDialogActionCheck.set_active(True) action = None if type(old_obj.action) == rich.Rich_Accept: action = _("accept") elif type(old_obj.action) == rich.Rich_Reject: action = _("reject") self.richRuleDialogActionRejectTypeCombobox.remove_all() if old_obj.family is not None: for icmp in REJECT_TYPES[old_obj.family]: self.richRuleDialogActionRejectTypeCombobox. \ append(icmp, icmp) if old_obj.action.type: self.richRuleDialogActionRejectTypeCheck. \ set_active(True) self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[old_obj.family][0]) elif type(old_obj.action) == rich.Rich_Drop: action = _("drop") elif type(old_obj.action) == rich.Rich_Mark: action = _("mark") self.richRuleDialogActionMarkChooser.set_text(old_obj.action.set) combobox_select_text(self.richRuleDialogActionCombobox, action) if old_obj.action.limit: self.richRuleDialogActionLimitCheck.set_active(True) (rate, duration) = old_obj.action.limit.value.split("/") self.richRuleDialogActionLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogActionLimitDurationCombobox, smhd[duration], insensitive=True) # source if old_obj.source: if old_obj.source.addr: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "IP") self.richRuleDialogSourceChooser.set_text(old_obj.source.addr) elif old_obj.source.mac: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "MAC") self.richRuleDialogSourceChooser.set_text(old_obj.source.mac) elif old_obj.source.ipset: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "ipset") self.richRuleDialogSourceChooser.set_text(old_obj.source.ipset) self.richRuleDialogSourceInvertCheck.set_active( \ old_obj.source.invert) # destination if old_obj.destination: self.richRuleDialogDestinationChooser.set_text( \ old_obj.destination.addr) self.richRuleDialogDestinationInvertCheck.set_active( \ old_obj.destination.invert) # log if old_obj.log: self.richRuleDialogLogCheck.set_active(True) if old_obj.log.prefix: self.richRuleDialogLogPrefixEntry.set_text( \ old_obj.log.prefix) log_level = "warning" if old_obj.log.level and old_obj.log.level != log_level: log_level = old_obj.log.level combobox_select_text(self.richRuleDialogLogLevelCombobox, loglevel[log_level]) if old_obj.log.limit: self.richRuleDialogLogLimitCheck.set_active(True) (rate, duration) = old_obj.log.limit.value.split("/") self.richRuleDialogLogLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogLogLimitDurationCombobox, smhd[duration], insensitive=True) # audit if old_obj.audit: self.richRuleDialogAuditCheck.set_active(True) if old_obj.audit.limit: self.richRuleDialogAuditLimitCheck.set_active(True) (rate, duration) = old_obj.audit.limit.value.split("/") self.richRuleDialogAuditLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogAuditLimitDurationCombobox, smhd[duration], insensitive=True) self.richRuleDialogOkButton.set_sensitive(False) self.on_richRuleDialog_changed() self.richRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.richRuleDialog.set_transient_for(self.mainWindow) self.richRuleDialog.show_all() self.add_visible_dialog(self.richRuleDialog) result = self.richRuleDialog.run() self.richRuleDialog.hide() self.remove_visible_dialog(self.richRuleDialog) if result != 1: return obj = self.richRuleDialog_getRule() old_rule = str(old_obj) rule = str(obj) if old_rule == rule: # nothing to change return if self.runtime_view: if not self.fw.queryRichRule(selected_zone, rule): self.fw.addRichRule(selected_zone, rule) if not add: self.fw.removeRichRule(selected_zone, old_rule) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryRichRule(rule): if not add: zone.removeRichRule(old_rule) zone.addRichRule(rule) self.changes_applied() def on_richRuleDialogElementChooser_clicked(self, *args): combolabel = self.richRuleDialogElementCombobox.get_active_text() old_value = self.richRuleDialogElementChooser.get_text() familylabel = self.richRuleDialogFamilyCombobox.get_active_text() if familylabel == _("ipv4"): family = "ipv4" elif familylabel == _("ipv6"): family = "ipv6" else: family = None value = None if combolabel == _("service"): value = self.service_select_dialog(old_value) elif combolabel == _("port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) elif combolabel == _("protocol"): value = self.protocol_select_dialog(old_value) elif combolabel == _("icmp-block"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("icmp-type"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("forward-port"): value = self.forwardport_select_dialog(family, old_value) elif combolabel == _("source-port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) if value is None: return self.richRuleDialogElementChooser.set_text(value) def port_select_dialog(self, old_port, old_proto): self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return None port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return None return "%s/%s" % (port, proto) def onProtoChanged(self, *args): if self.protoDialogOtherProtoCheck.get_active(): self.protoDialogProtoLabel.set_sensitive(False) self.protoDialogProtoCombobox.set_sensitive(False) self.protoDialogOtherProtoEntry.set_sensitive(True) proto = self.protoDialogOtherProtoEntry.get_text() else: self.protoDialogProtoLabel.set_sensitive(True) self.protoDialogProtoCombobox.set_sensitive(True) self.protoDialogOtherProtoEntry.set_sensitive(False) proto = self.protoDialogProtoCombobox.get_active_text() if functions.checkProtocol(proto): self.protoDialogOkButton.set_sensitive(True) else: self.protoDialogOkButton.set_sensitive(False) def protocol_select_dialog(self, old_proto): self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) self.protoDialogOtherProtoEntry.set_text("") if old_proto: if not combobox_select_text(self.protoDialogProtoCombobox, old_proto): self.protoDialogOtherProtoCheck.set_active(True) self.protoDialogOtherProtoEntry.set_text(old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return None if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return None return proto def change_service_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceDialogOkButton.set_sensitive(True) else: self.serviceDialogOkButton.set_sensitive(False) def service_select_dialog(self, old_service=""): self.serviceDialogServiceStore.clear() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() for service in services: self.serviceDialogServiceStore.append([service]) selection = self.serviceDialogServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.serviceDialogServiceStore.get_iter_first() while iter: if self.serviceDialogServiceStore.get_value(iter, 0) == \ old_service: selection.select_iter(iter) iter = self.serviceDialogServiceStore.iter_next(iter) self.serviceDialogOkButton.set_sensitive(False) self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceDialog.set_transient_for(self.mainWindow) self.serviceDialog.show_all() self.add_visible_dialog(self.serviceDialog) result = self.serviceDialog.run() self.serviceDialog.hide() self.remove_visible_dialog(self.serviceDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None service = self.serviceDialogServiceStore.get_value(iter, 0) if old_service == service: return None return service def change_icmptype_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.icmptypeDialogOkButton.set_sensitive(True) else: self.icmptypeDialogOkButton.set_sensitive(False) def icmptype_select_dialog(self, old_icmptype=""): self.icmptypeDialogIcmptypeStore.clear() if self.runtime_view: icmptypes = self.fw.listIcmpTypes() else: icmptypes = self.fw.config().getIcmpTypeNames() for icmptype in icmptypes: self.icmptypeDialogIcmptypeStore.append([icmptype]) selection = self.icmptypeDialogIcmptypeView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.icmptypeDialogIcmptypeStore.get_iter_first() while iter: if self.icmptypeDialogIcmptypeStore.get_value(iter, 0) == \ old_icmptype: selection.select_iter(iter) iter = self.icmptypeDialogIcmptypeStore.iter_next(iter) self.icmptypeDialogOkButton.set_sensitive(False) self.icmptypeDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmptypeDialog.set_transient_for(self.mainWindow) self.icmptypeDialog.show_all() self.add_visible_dialog(self.icmptypeDialog) result = self.icmptypeDialog.run() self.icmptypeDialog.hide() self.remove_visible_dialog(self.icmptypeDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None icmptype = self.icmptypeDialogIcmptypeStore.get_value(iter, 0) if old_icmptype == icmptype: return None return icmptype def on_richRuleDialogSourceChooser_clicked(self, *args): old_address = self.richRuleDialogSourceChooser.get_text() _type = self.richRuleDialogSourceTypeCombobox.get_active_text() combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None if _type == "IP": address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, family) if address is not None: self.richRuleDialogSourceChooser.set_text(address) def on_richRuleDialogDestinationChooser_clicked(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None old_address = self.richRuleDialogDestinationChooser.get_text() address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogDestinationChooser.set_text(address) def create_fwp_string(self, port, proto, to_port, to_addr): _to_port = "" if to_port != "": _to_port = " >%s" % to_port _to_addr = "" if to_addr != "": _to_addr = " @%s" % to_addr return "%s/%s%s%s" % (port, proto, _to_port, _to_addr) def split_fwp_string(self, text): port = "" proto = "" to_port = "" to_addr = "" if ">" in text: # to_port splits = text.split(">") (port,proto) = splits[0].split("/") if "@" in splits[1]: (to_port,to_addr) = splits[1].split("@") else: to_port = splits[1] elif "@" in text: splits = text.split("@") (port,proto) = splits[0].split("/") to_addr = splits[1] return (port.strip(), proto.strip(), to_port.strip(), to_addr.strip()) def richRuleDialog_getRule(self): smhd = { _("second"): "s", _("minute"): "m", _("hour"): "h", _("day"): "d" } loglevel = { _("emergency"): "emerg", # 0, system is unusable _("alert"): "alert", # 1, action must be taken immediately _("critical"): "crit", # 2, critical conditions _("error"): "error", # 3, error conditions _("warning"): "warning", # 4, warning conditions _("notice"): "notice", # 5, normal but significant condition _("info"): "info", # 6, informational _("debug"): "debug", } # 7, debug-level messages # family combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): rule = rich.Rich_Rule("ipv4") # ipv4 rule elif combolabel == _("ipv6"): rule = rich.Rich_Rule("ipv6") # ipv6 rule else: rule = rich.Rich_Rule() # ipv4+ipv6 rule # priority priority = self.richRuleDialogPriorityEntry.get_value_as_int() if priority != 0: rule.priority = priority # element if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("service"): rule.element = rich.Rich_Service( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_Port(port, proto) elif combolabel == _("protocol"): rule.element = rich.Rich_Protocol( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-block"): rule.element = rich.Rich_IcmpBlock( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-type"): rule.element = rich.Rich_IcmpType( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("forward-port"): text = self.richRuleDialogElementChooser.get_text() try: (port, proto, to_port, to_addr) = \ self.split_fwp_string(text) except: return None rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr) elif combolabel == _("masquerade"): rule.element = rich.Rich_Masquerade() elif combolabel == _("source-port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_SourcePort(port, proto) # action if self.richRuleDialogActionCheck.is_sensitive() and \ self.richRuleDialogActionCheck.get_active(): limit = None if self.richRuleDialogActionLimitCheck.get_active(): value = self.richRuleDialogActionLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogActionLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) combolabel = self.richRuleDialogActionCombobox.get_active_text() if combolabel == _("accept"): rule.action = rich.Rich_Accept(limit) elif combolabel == _("reject"): _type = None if self.richRuleDialogActionRejectTypeCheck.get_active(): _type = self.richRuleDialogActionRejectTypeCombobox.get_active_text() rule.action = rich.Rich_Reject(_type, limit) elif combolabel == _("drop"): rule.action = rich.Rich_Drop(limit) elif combolabel == _("mark"): _set = self.richRuleDialogActionMarkChooser.get_text() rule.action = rich.Rich_Mark(_set, limit) # source if self.richRuleDialogSourceChooser.is_sensitive() \ and (self.richRuleDialogSourceChooser.get_text() != "" \ or self.richRuleDialogSourceInvertCheck.get_active()): txt = self.richRuleDialogSourceTypeCombobox.get_active_text() addr = mac = ipset = None if txt == "IP": addr = self.richRuleDialogSourceChooser.get_text() if txt == "MAC": mac = self.richRuleDialogSourceChooser.get_text() if txt == "ipset": ipset = self.richRuleDialogSourceChooser.get_text() rule.source = rich.Rich_Source( addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()) # destination if self.richRuleDialogDestinationBox.is_sensitive() \ and (self.richRuleDialogDestinationChooser.get_text() != "" \ or self.richRuleDialogDestinationInvertCheck.get_active()): rule.destination = rich.Rich_Destination( self.richRuleDialogDestinationChooser.get_text(), self.richRuleDialogDestinationInvertCheck.get_active()) # log if self.richRuleDialogLogCheck.is_sensitive() and \ self.richRuleDialogLogCheck.get_active(): limit = None if self.richRuleDialogLogLimitCheck.get_active(): value = self.richRuleDialogLogLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogLogLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) level = self.richRuleDialogLogLevelCombobox.get_active_text() rule.log = rich.Rich_Log( self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit) # audit if self.richRuleDialogAuditCheck.is_sensitive() and \ self.richRuleDialogAuditCheck.get_active(): limit = None if self.richRuleDialogAuditLimitCheck.get_active(): value = self.richRuleDialogAuditLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogAuditLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) rule.audit = rich.Rich_Audit(limit) return rule def on_richRuleDialogFamilyCombobox_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None self.richRuleDialogActionRejectTypeCombobox.remove_all() if family is not None: for icmp in REJECT_TYPES[family]: self.richRuleDialogActionRejectTypeCombobox.append(icmp, icmp) old_obj = self.richRuleDialog.old_obj if old_obj and old_obj.family == family and \ hasattr(old_obj.action, 'type') and old_obj.action.type: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[family][0]) def on_richRuleDialogElementCombobox_changed(self, *args): self.richRuleDialogElementChooser.set_text("") def on_richRuleDialogActionMarkChooser_clicked(self, *args): old_value = self.richRuleDialogActionMarkChooser.get_text() if "/" in old_value: try: (old_mark, old_mask) = old_value.split("/") except: return else: old_mark = old_value old_mask = "" _value = self.mark_select_dialog(old_mark, old_mask) if _value is None: return (mark, mask) = _value if mask != "": value = "%s/%s" % (mark, mask) else: value = mark self.richRuleDialogActionMarkChooser.set_text(value) def on_richRuleDialog_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None v4v6_source = (self.richRuleDialogSourceTypeCombobox.get_active_text() == "MAC" or \ self.richRuleDialogSourceTypeCombobox.get_active_text() == "ipset") if family is None: self.richRuleDialogSourceChooser.set_sensitive(v4v6_source) self.richRuleDialogSourceInvertCheck.set_sensitive(v4v6_source) self.richRuleDialogDestinationLabel.set_sensitive(False) self.richRuleDialogDestinationBox.set_sensitive(False) else: self.richRuleDialogSourceChooser.set_sensitive(True) self.richRuleDialogSourceInvertCheck.set_sensitive(True) self.richRuleDialogDestinationLabel.set_sensitive(True) self.richRuleDialogDestinationBox.set_sensitive(True) self.richRuleDialogActionCheck.set_sensitive(True) self.richRuleDialogActionBox.set_sensitive( self.richRuleDialogActionCheck.get_active()) self.richRuleDialogElementChooser.set_sensitive(True) self.richRuleDialogElementBox.set_sensitive( self.richRuleDialogElementCheck.get_active()) self.richRuleDialogLogCheck.set_sensitive(True) self.richRuleDialogAuditCheck.set_sensitive(True) self.richRuleDialogActionLimitBox.set_sensitive( self.richRuleDialogActionLimitCheck.get_active()) self.richRuleDialogActionRejectTypeCombobox.set_sensitive( self.richRuleDialogActionRejectTypeCheck.get_active()) self.richRuleDialogActionRejectBox.set_sensitive(family is not None and \ self.richRuleDialogActionCombobox.get_active_text() == _("reject")) self.richRuleDialogActionMarkBox.set_sensitive(self.richRuleDialogActionCombobox.get_active_text() == _("mark")) self.richRuleDialogLogGrid.set_sensitive( self.richRuleDialogLogCheck.get_active()) self.richRuleDialogLogLimitBox.set_sensitive( self.richRuleDialogLogLimitCheck.get_active()) self.richRuleDialogAuditBox.set_sensitive( self.richRuleDialogAuditCheck.get_active()) self.richRuleDialogAuditLimitBox.set_sensitive( self.richRuleDialogAuditLimitCheck.get_active()) if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("masquerade"): self.richRuleDialogElementChooser.set_sensitive(False) self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("forward-port"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("icmp-block"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) rule = self.richRuleDialog_getRule() try: rule.check() except Exception as msg: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text(str(msg)) else: if str(self.richRuleDialog.old_obj) != str(rule): self.richRuleDialogOkButton.set_sensitive(True) else: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text("") def onAddInterface(self, *args): self.add_edit_interface(True) def onEditInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] if selected_zone == self.default_zone: selected_zone = nm_get_zone_of_connection(connection) editor = ZoneConnectionEditor(self.fw, connection, connection_name, selected_zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) editor.show_all() try: editor.run() except Exception: text = _("Failed to set zone {zone} " "for connection {connection_name}") self._warning(text.format(zone=editor.get_zone(), connection_name=editor.connection_name)) editor.hide() else: self.add_edit_interface(False) self.changes_applied() def onInterfaceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onEditInterface() def onRemoveInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeInterface(selected_zone, interface) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeInterface(interface) self.changes_applied() def change_interface_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editInterfaceButton.set_sensitive(True) interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: self.removeInterfaceButton.set_sensitive(False) else: self.removeInterfaceButton.set_sensitive(True) else: self.editInterfaceButton.set_sensitive(False) self.removeInterfaceButton.set_sensitive(False) def add_edit_interface(self, add): selected_zone = self.get_selected_zone() old_interface = None if add: self.interfaceDialogInterfaceEntry.set_text("") else: selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_interface = self.interfaceStore.get_value(iter, 0) self.interfaceDialogInterfaceEntry.set_text(old_interface) self.interfaceDialogOkButton.set_sensitive(False) self.interfaceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.interfaceDialog.set_transient_for(self.mainWindow) self.interfaceDialog.show_all() self.add_visible_dialog(self.interfaceDialog) result = self.interfaceDialog.run() self.interfaceDialog.hide() self.remove_visible_dialog(self.interfaceDialog) if result != 1: return interface = self.interfaceDialogInterfaceEntry.get_text() if old_interface == interface: # nothing to change return if self.runtime_view: if not self.fw.queryInterface(selected_zone, interface): self.fw.addInterface(selected_zone, interface) if not add: self.fw.removeInterface(selected_zone, old_interface) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryInterface(interface): if not add: zone.removeInterface(old_interface) zone.addInterface(interface) self.changes_applied() def onInterfaceChanged(self, *args): text = self.interfaceDialogInterfaceEntry.get_text() if text != "" and functions.checkInterface(text): self.interfaceDialogOkButton.set_sensitive(True) else: self.interfaceDialogOkButton.set_sensitive(False) def onAddSource(self, *args): self.add_edit_source(True) def onEditSource(self, *args): self.add_edit_source(False) def onSourceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source(False) def onRemoveSource(self, *args): selected_zone = self.get_selected_zone() selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return source = self.sourceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeSource(selected_zone, source) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSource(source) self.changes_applied() def change_source_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourceButton.set_sensitive(True) self.removeSourceButton.set_sensitive(True) else: self.editSourceButton.set_sensitive(False) self.removeSourceButton.set_sensitive(False) def add_edit_source(self, add): selected_zone = self.get_selected_zone() old_source = "" if not add: selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_source = self.sourceStore.get_value(iter, 0) #source = self.address_select_dialog(None, old_source, True, True) source = self.source_select_dialog(old_source) if not source: return if self.runtime_view: if not self.fw.querySource(selected_zone, source): self.fw.addSource(selected_zone, source) if not add: self.fw.removeSource(selected_zone, old_source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySource(source): if not add: zone.removeSource(old_source) zone.addSource(source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) def on_markDialog_changed(self, entry, old_mark, old_mask): mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if not functions.checkUINT32(mark): self.markDialogOkButton.set_sensitive(False) else: if mask != "" and not functions.checkUINT32(mask): self.markDialogOkButton.set_sensitive(False) else: if old_mark != mark or old_mask != mask: self.markDialogOkButton.set_sensitive(True) def mark_select_dialog(self, old_mark, old_mask): self.markDialogMarkEntry.set_text(old_mark) self.markDialogMaskEntry.set_text(old_mask) handler_id1 = self.markDialogMarkEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) handler_id2 = self.markDialogMaskEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) self.markDialogOkButton.set_sensitive(False) self.markDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.markDialog.set_transient_for(self.mainWindow) self.markDialog.show_all() self.add_visible_dialog(self.markDialog) result = self.markDialog.run() self.markDialog.hide() self.remove_visible_dialog(self.markDialog) self.markDialogMarkEntry.disconnect(handler_id1) self.markDialogMaskEntry.disconnect(handler_id2) mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if result != 1 or (old_mark == mark and old_mask == mask): return None return (mark, mask) def on_macDialog_changed(self, entry, old_mac): text = entry.get_text() if text == "": self.macDialogOkButton.set_sensitive(True) return self.macDialogOkButton.set_sensitive(False) if functions.check_mac(text) and text != old_mac: self.macDialogOkButton.set_sensitive(True) def mac_select_dialog(self, old_mac): self.macDialogMacEntry.set_text(old_mac) handler_id = self.macDialogMacEntry.connect("changed", self.on_macDialog_changed, old_mac) self.macDialogOkButton.set_sensitive(False) self.macDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.macDialog.set_transient_for(self.mainWindow) self.macDialog.show_all() self.add_visible_dialog(self.macDialog) result = self.macDialog.run() self.macDialog.hide() self.remove_visible_dialog(self.macDialog) self.macDialogMacEntry.disconnect(handler_id) mac = self.macDialogMacEntry.get_text() if result != 1 or old_mac == mac: return None return mac.upper() def change_ipset_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetDialogOkButton.set_sensitive(True) else: self.ipsetDialogOkButton.set_sensitive(False) def ipset_select_dialog(self, old_ipset="", ipv=None): self.ipsetDialogIPSetStore.clear() ipsets = { } if self.runtime_view: for x in self.fw.getIPSets(): self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(x) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: continue raise self.activate_exception_handler() if settings.getType() not in ZONE_SOURCE_IPSET_TYPES: continue ipsets[x] = settings else: for i in self.fw.config().listIPSets(): obj = self.fw.config().getIPSet(i) ipsets[obj.get_property("name")] = obj.getSettings() for i in sorted(ipsets.keys()): # for all hash:ip and hash:net types, ipv has to match the family # of the set ipset_type = ipsets[i].getType() if ipset_type.startswith("hash:ip") or \ ipset_type.startswith("hash:net"): opts = ipsets[i].getOptions() if "family" in opts: if opts["family"] == "inet6" and \ (ipv != "ipv6" and ipv != "all"): continue else: if ipv == "ipv6" or ipv is None: continue self.ipsetDialogIPSetStore.append([i, ipset_type]) selection = self.ipsetDialogIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) #selection.select_path(0) iter = self.ipsetDialogIPSetStore.get_iter_first() while iter: if self.ipsetDialogIPSetStore.get_value(iter, 0) == old_ipset: selection.select_iter(iter) iter = self.ipsetDialogIPSetStore.iter_next(iter) self.ipsetDialogOkButton.set_sensitive(False) self.ipsetDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetDialog.set_transient_for(self.mainWindow) self.ipsetDialog.show_all() self.add_visible_dialog(self.ipsetDialog) result = self.ipsetDialog.run() self.ipsetDialog.hide() self.remove_visible_dialog(self.ipsetDialog) #self.ipsetDialogIPSetEntry.disconnect(handler_id) #ipset = self.ipsetDialogIPSetEntry.get_text() if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None ipset = self.ipsetDialogIPSetStore.get_value(iter, 0) if old_ipset == ipset: return None return ipset def change_helper_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperDialogOkButton.set_sensitive(True) else: self.helperDialogOkButton.set_sensitive(False) def on_sourceDialog_changed(self, arg, old_type, old_source): _type = self.sourceDialogSourceTypeCombobox.get_active_text() _source = self.sourceDialogSourceChooser.get_text() self.sourceDialogOkButton.set_sensitive(False) if old_source != _source: if _type == "MAC" and functions.check_mac(_source): self.sourceDialogOkButton.set_sensitive(True) elif _type == "IP" and (functions.checkIPnMask(_source) or \ functions.checkIP6nMask(_source)): self.sourceDialogOkButton.set_sensitive(True) elif _type == "ipset": self.sourceDialogOkButton.set_sensitive(True) def on_sourceDialogSourceChooser_clicked(self, *args): old_address = self.sourceDialogSourceChooser.get_text() _type = self.sourceDialogSourceTypeCombobox.get_active_text() if _type == "IP": address = self.address_select_dialog(None, old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, "all") if address is not None: self.sourceDialogSourceChooser.set_text(address) def source_select_dialog(self, old_source): if old_source: if old_source.startswith("ipset:"): old_type = "ipset" old_source = old_source[6:] elif functions.check_mac(old_source): old_type = "MAC" else: old_type = "IP" combobox_select_text(self.sourceDialogSourceTypeCombobox, old_type) else: old_type = None self.sourceDialogSourceTypeCombobox.set_active(0) self.sourceDialogSourceChooser.set_text(old_source) h_type_id = self.sourceDialogSourceTypeCombobox.connect( "changed", self.on_sourceDialog_changed, old_type, old_source) h_addr_id = self.sourceDialogSourceChooser.connect( "clicked", self.on_sourceDialog_changed, old_type, old_source) self.sourceDialogOkButton.set_sensitive(False) self.sourceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.sourceDialog.set_transient_for(self.mainWindow) self.sourceDialog.show_all() self.add_visible_dialog(self.sourceDialog) result = self.sourceDialog.run() self.sourceDialog.hide() self.remove_visible_dialog(self.sourceDialog) self.sourceDialogSourceTypeCombobox.disconnect(h_type_id) self.sourceDialogSourceChooser.disconnect(h_addr_id) source = self.sourceDialogSourceChooser.get_text() if self.sourceDialogSourceTypeCombobox.get_active_text() == "ipset": source = "ipset:%s" % source if result != 1 or old_source == source: return None return source def onAddPort(self, *args): self.add_edit_port(True) def onEditPort(self, *args): self.add_edit_port(False) def onPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_port(False) def onRemovePort(self, *args): selected_zone = self.get_selected_zone() selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.portStore.get_value(iter, 0) proto = self.portStore.get_value(iter, 1) if self.runtime_view: self.fw.removePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removePort(port, proto) self.changes_applied() def onPortChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def add_edit_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.portStore.get_value(iter, 0) old_proto = self.portStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryPort(selected_zone, port, proto): self.fw.addPort(selected_zone, port, proto) if not add: self.fw.removePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryPort(port, proto): if not add: zone.removePort(old_port, old_proto) zone.addPort(port, proto) self.changes_applied() def onPortProtoChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def onPortProtoDialogOtherProtoCheckToggled(self, check, *args): self.portDialogPortEntry.set_sensitive(not check.get_active()) self.portDialogProtoCombobox.set_sensitive(not check.get_active()) def service_conf_add_edit_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfPortStore.get_value(iter, 0) old_proto = self.serviceConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryPort(port, proto): if not add: service.removePort(old_port, old_proto) service.addPort(port, proto) self.changes_applied() def port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: # already there return iter = self.portStore.iter_next(iter) # nothing found, so add it self.portStore.append([port, protocol]) def port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: self.portStore.remove(iter) break iter = self.portStore.iter_next(iter) def onAddSourcePort(self, *args): self.add_edit_source_port(True) def onEditSourcePort(self, *args): self.add_edit_source_port(False) def onSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source_port(False) def onRemoveSourcePort(self, *args): selected_zone = self.get_selected_zone() selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.sourcePortStore.get_value(iter, 0) proto = self.sourcePortStore.get_value(iter, 1) if self.runtime_view: self.fw.removeSourcePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSourcePort(port, proto) self.changes_applied() def add_edit_source_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.sourcePortStore.get_value(iter, 0) old_proto = self.sourcePortStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.querySourcePort(selected_zone, port, proto): self.fw.addSourcePort(selected_zone, port, proto) if not add: self.fw.removeSourcePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySourcePort(port, proto): if not add: zone.removeSourcePort(old_port, old_proto) zone.addSourcePort(port, proto) self.changes_applied() def service_conf_add_edit_source_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfSourcePortStore.get_value(iter, 0) old_proto = self.serviceConfSourcePortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.querySourcePort(port, proto): if not add: service.removeSourcePort(old_port, old_proto) service.addSourcePort(port, proto) self.changes_applied() def source_port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: # already there return iter = self.sourcePortStore.iter_next(iter) # nothing found, so add it self.sourcePortStore.append([port, protocol]) def source_port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: self.sourcePortStore.remove(iter) break iter = self.sourcePortStore.iter_next(iter) def onAddProtocol(self, *args): self.add_edit_protocol(True) def onEditProtocol(self, *args): self.add_edit_protocol(False) def onProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_protocol(False) def onRemoveProtocol(self, *args): selected_zone = self.get_selected_zone() selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.protocolStore.get_value(iter, 0) if self.runtime_view: self.fw.removeProtocol(selected_zone, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeProtocol(proto) self.changes_applied() def add_edit_protocol(self, add): selected_zone = self.get_selected_zone() old_proto = None if not add: selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.protocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryProtocol(selected_zone, proto): self.fw.addProtocol(selected_zone, proto) if not add: self.fw.removeProtocol(selected_zone, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryProtocol(proto): if not add: zone.removeProtocol(old_proto) zone.addProtocol(proto) self.changes_applied() def service_conf_add_edit_protocol(self, add): active_service = self.get_active_service() old_proto = None if not add: selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.serviceConfProtocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryProtocol(proto): if not add: service.removeProtocol(old_proto) service.addProtocol(proto) self.changes_applied() def protocol_added_cb(self, zone, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: # already there return iter = self.protocolStore.iter_next(iter) # nothing found, so add it self.protocolStore.append([protocol]) def protocol_removed_cb(self, zone, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: self.protocolStore.remove(iter) break iter = self.protocolStore.iter_next(iter) def onForwardDialogChecksToggled(self, check, *args): val1 = self.forwardDialogLocalCheck.get_active() val2 = self.forwardDialogToPortCheck.get_active() self.forwardDialogToAddrLabel.set_sensitive(not val1) self.forwardDialogToAddrEntry.set_sensitive(not val1) self.forwardDialogToPortCheck.set_sensitive(not val1) self.forwardDialogToPortLabel.set_sensitive(val1 or val2) self.forwardDialogToPortEntry.set_sensitive(val1 or val2) self.onForwardChanged(None) def onForwardDialogToPortCheckToggled(self, check, *args): toport = check.get_active() self.forwardDialogToPortLabel.set_sensitive(toport) self.forwardDialogToPortEntry.set_sensitive(toport) self.onForwardChanged(None) def _check_forward(self): ports = self.forwardDialogPortEntry.get_text() to_ports = self.forwardDialogToPortEntry.get_text() to_addr = self.forwardDialogToAddrEntry.get_text() local_check = self.forwardDialogLocalCheck.get_active() to_port_check = self.forwardDialogToPortCheck.get_active() ports = functions.getPortRange(ports) to_ports = functions.getPortRange(to_ports) ports_ok = False if ports and (isinstance(ports, list) or \ isinstance(ports, tuple)): ports_ok = True to_ports_ok = False if to_ports and (isinstance(to_ports, list) or \ isinstance(to_ports, tuple)): to_ports_ok = True to_addr_ok = False if to_addr != "": if self.forwardDialog.family == "ipv4" and \ functions.checkIP(to_addr): to_addr_ok = True if self.forwardDialog.family == "ipv6" and \ functions.checkIP6(to_addr): to_addr_ok = True if self.forwardDialog.family is None and \ (functions.checkIP(to_addr) or functions.checkIP6(to_addr)): to_addr_ok = True ok = False if ports_ok: if local_check: if to_ports_ok and ports != to_ports: ok = True elif to_addr_ok: if to_port_check: if to_ports_ok: ok = True else: ok = True return ok def onForwardChanged(self, arg): ok = False if arg == self.forwardDialogProtoCombobox: if self._check_forward(): ok = True else: ok = self._check_forward() self.forwardDialogOkButton.set_sensitive(ok) def onAddForwardPort(self, *args): self.add_edit_forward_port(True) def onEditForwardPort(self, *args): self.add_edit_forward_port(False) def onForwardPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_forward_port(False) def forwardport_select_dialog(self, family, old_value=None): self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = family (old_port, old_proto, old_to_port, old_to_addr) = \ self.split_fwp_string(old_value) self.forwardDialogPortEntry.set_text("") if old_port is not None: self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text("") if old_to_port is not None: self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text("") if old_to_addr is not None: self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return None port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" value = self.create_fwp_string(port, proto, to_port, to_addr) if old_value == value: return None return value def add_edit_forward_port(self, add): selected_zone = self.get_selected_zone() self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = None old_port = None old_proto = None old_to_port = None old_to_addr = None iter = None if add: self.forwardDialogPortEntry.set_text("") self.forwardDialogProtoCombobox.set_active(0) self.forwardDialogToPortEntry.set_text("") self.forwardDialogToAddrEntry.set_text("") else: selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.forwardStore.get_value(iter, 0) old_proto = self.forwardStore.get_value(iter, 1) old_to_port = self.forwardStore.get_value(iter, 2) old_to_addr = self.forwardStore.get_value(iter, 3) self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" if not add and (old_port == port and old_proto == proto and \ old_to_port == to_port and old_to_addr == to_addr): # nothing to change return if self.runtime_view: if not self.fw.queryForwardPort(selected_zone, port, proto, to_port, to_addr): self.fw.addForwardPort(selected_zone, port, proto, to_port, to_addr) if not add: self.fw.removeForwardPort(selected_zone, old_port, old_proto, old_to_port, old_to_addr) if add and to_addr and not self.fw.queryMasquerade(selected_zone): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: self.fw.addMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryForwardPort(port, proto, to_port, to_addr): if not add: zone.removeForwardPort(old_port, old_proto, old_to_port, old_to_addr) zone.addForwardPort(port, proto, to_port, to_addr) if add and to_addr and not zone.getMasquerade(): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: zone.setMasquerade(True) self.changes_applied() def masqueradeQueryDialog(self): text = _("Forwarding to another system is only useful if the interface is masqueraded.\nDo you want to masquerade this zone ?") return self._dialog(text=text, buttons=((Gtk.STOCK_YES, Gtk.ResponseType.YES), (Gtk.STOCK_NO, Gtk.ResponseType.NO))) def forward_port_added_cb(self, zone, port, protocol, to_port, to_address, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_added_cb(zone, port, protocol, to_port, to_address) def forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_removed_cb(zone, port, protocol, to_port, to_address) def _forward_port_added_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: # already there return iter = self.forwardStore.iter_next(iter) # nothing found, so add it self.forwardStore.append([port, protocol, to_port, to_address]) def _forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: self.forwardStore.remove(iter) break iter = self.forwardStore.iter_next(iter) def onRemoveForwardPort(self, *args): selected_zone = self.get_selected_zone() selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.forwardStore.get_value(iter, 0) proto = self.forwardStore.get_value(iter, 1) to_port = self.forwardStore.get_value(iter, 2) to_addr = self.forwardStore.get_value(iter, 3) if self.runtime_view: self.fw.removeForwardPort(selected_zone, port, proto, to_port, to_addr) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeForwardPort(port, proto, to_port, to_addr) self.changes_applied() def onChangeService(self, *args): active_service = self.get_active_service() ### load service settings self.serviceConfPortStore.clear() self.serviceConfProtocolStore.clear() self.serviceConfSourcePortStore.clear() self.serviceConfModuleStore.clear() self.serviceConfDestIpv4Chooser.set_text("") self.serviceConfDestIpv6Chooser.set_text("") self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_service: self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) return self.serviceConfEditServiceButton.set_sensitive(True) self.serviceConfServiceNotebook.set_sensitive(True) ports = [ ] protocols = [ ] source_ports = [ ] modules = [ ] destination = { } if self.runtime_view: # load runtime configuration settings = self.fw.getServiceSettings(active_service) ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() default = False builtin = False else: try: service = self.fw.config().getServiceByName(active_service) except: return # load permanent configuration settings = service.getSettings() ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() props = service.get_properties() default = props["default"] builtin = props["builtin"] self.serviceConfRemoveServiceButton.set_sensitive(not builtin and default) self.serviceConfLoadDefaultsServiceButton.set_sensitive(not default) # set ports for item in ports: self.serviceConfPortStore.append(item) # set protocols for item in protocols: self.serviceConfProtocolStore.append([item]) # set ports for item in source_ports: self.serviceConfSourcePortStore.append(item) # set modules for item in modules: self.serviceConfModuleStore.append([item]) # set destination if "ipv4" in destination: self.serviceConfDestIpv4Chooser.set_text(destination["ipv4"]) if "ipv6" in destination: self.serviceConfDestIpv6Chooser.set_text(destination["ipv6"]) self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) def conf_service_added_cb(self, service): if self.runtime_view: return # check if service is in store iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: return iter = self.serviceConfServiceStore.iter_next(iter) # not in list, append self.serviceConfServiceStore.append([service]) def conf_service_updated_cb(self, service): self.onChangeService() def conf_service_removed_cb(self, service): if self.runtime_view: return iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: self.serviceConfServiceStore.remove(iter) break iter = self.serviceConfServiceStore.iter_next(iter) def conf_service_renamed_cb(self, service): if self.runtime_view: return # Get all services, renamed the one that is missing. # If more or less than one is missing, update service store. services = self.fw.config().getServiceNames() use_iter = None iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) not in services: if use_iter is not None: return self.load_services() use_iter = iter iter = self.serviceConfServiceStore.iter_next(iter) if use_iter is None: return self.load_services() self.serviceConfServiceStore.set_value(use_iter, 0, service) def onServiceConfAddService(self, *args): self.add_edit_service(True) def onServiceConfRemoveService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.remove() self.changes_applied() self.load_services() self.onChangeService() def onServiceConfEditService(self, *args): self.add_edit_service(False) def onServiceBaseDialogChanged(self, *args): if args and (args[0] == self.serviceBaseDialogNameEntry): additional_chars = "".join(Service.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.serviceBaseDialogOkButton.set_sensitive(True) def onServiceConfAddPort(self, *args): self.service_conf_add_edit_port(True) def onServiceConfEditPort(self, *args): self.service_conf_add_edit_port(False) def onServiceConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_port(False) def onServiceConfRemovePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfPortStore.get_value(iter, 0) proto = self.serviceConfPortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removePort(port, proto) self.changes_applied() def change_service_dialog_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditPortButton.set_sensitive(True) self.serviceConfRemovePortButton.set_sensitive(True) else: self.serviceConfEditPortButton.set_sensitive(False) self.serviceConfRemovePortButton.set_sensitive(False) def onServiceConfAddProtocol(self, *args): self.service_conf_add_edit_protocol(True) def onServiceConfEditProtocol(self, *args): self.service_conf_add_edit_protocol(False) def onServiceConfProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_protocol(False) def onServiceConfRemoveProtocol(self, *args): active_service = self.get_active_service() selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.serviceConfProtocolStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeProtocol(proto) self.changes_applied() def change_service_dialog_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditProtocolButton.set_sensitive(True) self.serviceConfRemoveProtocolButton.set_sensitive(True) else: self.serviceConfEditProtocolButton.set_sensitive(False) self.serviceConfRemoveProtocolButton.set_sensitive(False) def onServiceConfAddSourcePort(self, *args): self.service_conf_add_edit_source_port(True) def onServiceConfEditSourcePort(self, *args): self.service_conf_add_edit_source_port(False) def onServiceConfSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_source_port(False) def onServiceConfRemoveSourcePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfSourcePortStore.get_value(iter, 0) proto = self.serviceConfSourcePortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removeSourcePort(port, proto) self.changes_applied() def change_service_dialog_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditSourcePortButton.set_sensitive(True) self.serviceConfRemoveSourcePortButton.set_sensitive(True) else: self.serviceConfEditSourcePortButton.set_sensitive(False) self.serviceConfRemoveSourcePortButton.set_sensitive(False) def add_edit_service(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.serviceBaseDialogNameEntry.set_text("") self.serviceBaseDialogVersionEntry.set_text("") self.serviceBaseDialogShortEntry.set_text("") self.serviceBaseDialogDescText.get_buffer().set_text("") else: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() props = service.get_properties() default = props["default"] builtin = props["builtin"] old_name = service.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.serviceBaseDialogNameEntry.set_text(old_name) self.serviceBaseDialogVersionEntry.set_text(old_version) self.serviceBaseDialogShortEntry.set_text(old_short) self.serviceBaseDialogDescText.get_buffer().set_text(old_desc) self.serviceBaseDialogOkButton.set_sensitive(False) if builtin: self.serviceBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in service, rename not supported.")) else: self.serviceBaseDialogNameEntry.set_tooltip_markup("") self.serviceBaseDialogNameEntry.set_sensitive(not builtin and default) self.serviceBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceBaseDialog.set_transient_for(self.mainWindow) self.serviceBaseDialog.show_all() self.add_visible_dialog(self.serviceBaseDialog) result = self.serviceBaseDialog.run() self.serviceBaseDialog.hide() self.remove_visible_dialog(self.serviceBaseDialog) if result != 1: return name = self.serviceBaseDialogNameEntry.get_text() version = self.serviceBaseDialogVersionEntry.get_text() short = self.serviceBaseDialogShortEntry.get_text() buffer = self.serviceBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() else: settings = client.FirewallClientServiceSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: service.update(settings) if not add: if old_name == name: return service.rename(name) else: self.fw.config().addService(name, settings) self.changes_applied() def onServiceConfLoadDefaultsService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.loadDefaults() self.changes_applied() self.onChangeService() def onServiceConfAddModule(self, *args): self.add_edit_module(True) def onServiceConfEditModule(self, *args): self.add_edit_module(False) def onServiceConfModuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_module(False) def onServiceConfRemoveModule(self, *args): active_service = self.get_active_service() selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return module = self.serviceConfModuleStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeModule(module) self.changes_applied() def change_service_dialog_module_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditModuleButton.set_sensitive(True) self.serviceConfRemoveModuleButton.set_sensitive(True) else: self.serviceConfEditModuleButton.set_sensitive(False) self.serviceConfRemoveModuleButton.set_sensitive(False) def helper_select_dialog(self, old_helper=""): self.helperDialogHelperStore.clear() helpers = [ ] if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() for helper in sorted(helpers): self.helperDialogHelperStore.append([helper]) selection = self.helperDialogHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperDialogHelperStore.get_iter_first() while iter: if self.helperDialogHelperStore.get_value(iter, 0) == old_helper: selection.select_iter(iter) iter = self.helperDialogHelperStore.iter_next(iter) self.helperDialogOkButton.set_sensitive(False) self.helperDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperDialog.set_transient_for(self.mainWindow) self.helperDialog.show_all() self.add_visible_dialog(self.helperDialog) result = self.helperDialog.run() self.helperDialog.hide() self.remove_visible_dialog(self.helperDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None helper = self.helperDialogHelperStore.get_value(iter, 0) if old_helper == helper: return None return helper def add_edit_module(self, add): active_service = self.get_active_service() old_helper = None if not add: selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_helper = self.serviceConfModuleStore.get_value(iter, 0) helper = self.helper_select_dialog(old_helper) if helper is None: return if old_helper == helper: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryModule(helper): if not add: service.removeModule(old_helper) service.addModule(helper) self.changes_applied() def onChangeServiceConfDestIpv4(self, *args): old_addr = self.serviceConfDestIpv4Chooser.get_text() addr = self.address_select_dialog("ipv4", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv4", addr): if addr != "": service.setDestination("ipv4", addr) else: service.removeDestination("ipv4") self.changes_applied() def onChangeServiceConfDestIpv6(self, *args): old_addr = self.serviceConfDestIpv6Chooser.get_text() addr = self.address_select_dialog("ipv6", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv6", addr): if addr != "": service.setDestination("ipv6", addr) else: service.removeDestination("ipv6") self.changes_applied() def onAddressChanged(self, entry, addr_type, old_address): text = entry.get_text() if text == "": self.addressDialogOkButton.set_sensitive(True) return self.addressDialogOkButton.set_sensitive(False) if addr_type == "ipv4": if functions.checkIPnMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) elif addr_type == "ipv6": if functions.checkIP6nMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) else: if (functions.checkIPnMask(text) or functions.checkIP6nMask(text)) \ and text != old_address: self.addressDialogOkButton.set_sensitive(True) def address_select_dialog(self, addr_type, old_address): if addr_type == "ipv4": label1 = _("Please enter an ipv4 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number.") elif addr_type == "ipv6": label1 = _("Please enter an ipv6 address with the form address[/mask].") label2 = _("The mask is a number.") else: label1 = _("Please enter an ipv4 or ipv6 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number for ipv4.\nThe mask is a number for ipv6.") self.addressDialogLabel.set_markup(label1) self.addressDialogLabel2.set_markup(label2) self.addressDialogAddressEntry.set_text(old_address) handler_id = self.addressDialogAddressEntry.connect( "changed", self.onAddressChanged, addr_type, old_address) self.addressDialogOkButton.set_sensitive(False) self.addressDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.addressDialog.set_transient_for(self.mainWindow) self.addressDialog.show_all() self.add_visible_dialog(self.addressDialog) result = self.addressDialog.run() self.addressDialog.hide() self.remove_visible_dialog(self.addressDialog) self.addressDialogAddressEntry.disconnect(handler_id) address = self.addressDialogAddressEntry.get_text() if functions.check_mac(address): address = address.upper() if result != 1 or old_address == address: return None return address def get_active_ipset(self): selection = self.ipsetConfIPSetView.get_selection() (model, iter) = selection.get_selected() if iter: return self.ipsetConfIPSetStore.get_value(iter, 0) return None def load_ipsets(self): if not self.show_ipsets: return active_ipset = self.get_active_ipset() if self.runtime_view: ipsets = self.fw.getIPSets() else: ipsets = self.fw.config().getIPSetNames() selection = self.ipsetConfIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.ipsetConfIPSetStore.clear() # ipsets for ipset in ipsets: self.ipsetConfIPSetStore.append([ipset]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == \ active_ipset: selection.select_iter(iter) return iter = self.ipsetConfIPSetStore.iter_next(iter) selection.select_path(0) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) if not self.get_active_ipset(): self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) def onIPSetConfAddIPSet(self, *args): self.add_edit_ipset(True) def onIPSetConfRemoveIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.remove() self.changes_applied() self.load_ipsets() self.onChangeIPSet() def onIPSetConfEditIPSet(self, *args): self.add_edit_ipset(False) def onIPSetConfLoadDefaultsIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.loadDefaults() self.changes_applied() self.onChangeIPSet() def onIPSetBaseDialogChanged(self, *args): def check_ipset_name(ipset): return (len(ipset) <= IPSET_MAXNAMELEN, ipset) OK=True if args and (args[0] == self.ipsetBaseDialogNameEntry): additional_chars = "".join(IPSet.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_ipset_name) self.ipsetBaseDialogOkButton.set_sensitive(OK) def add_edit_ipset(self, add): self.ipsetBaseDialogTypeCombobox.remove_all() ipset_types = self.fw.get_property("IPSetTypes") for x in ipset_types: self.ipsetBaseDialogTypeCombobox.append_text(x) self.ipsetBaseDialogBadTypeLabel.set_text("") if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_ipset_type = None old_options = { } self.ipsetBaseDialogNameEntry.set_text("") self.ipsetBaseDialogVersionEntry.set_text("") self.ipsetBaseDialogShortEntry.set_text("") self.ipsetBaseDialogDescText.get_buffer().set_text("") combobox_select_text(self.ipsetBaseDialogTypeCombobox, "hash:ip") self.ipsetBaseDialogFamilyCombobox.set_active(0) self.ipsetBaseDialogTimeoutEntry.set_text("") self.ipsetBaseDialogHashsizeEntry.set_text("") self.ipsetBaseDialogMaxelemEntry.set_text("") else: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] old_name = ipset.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_ipset_type = settings.getType() old_options = settings.getOptions() self.ipsetBaseDialogNameEntry.set_text(old_name) self.ipsetBaseDialogVersionEntry.set_text(old_version) self.ipsetBaseDialogShortEntry.set_text(old_short) self.ipsetBaseDialogDescText.get_buffer().set_text(old_desc) if old_ipset_type not in ipset_types: self.ipsetBaseDialogBadTypeLabel.set_text(old_ipset_type) else: combobox_select_text(self.ipsetBaseDialogTypeCombobox, old_ipset_type) if "family" in old_options and \ old_options["family"] in [ "inet", "inet6" ]: combobox_select_text(self.ipsetBaseDialogFamilyCombobox, old_options["family"]) else: self.ipsetBaseDialogFamilyCombobox.set_active(0) if "timeout" in old_options: self.ipsetBaseDialogTimeoutEntry.set_text( old_options["timeout"]) else: self.ipsetBaseDialogTimeoutEntry.set_text("") if "hashsize" in old_options: self.ipsetBaseDialogHashsizeEntry.set_text( old_options["hashsize"]) else: self.ipsetBaseDialogHashsizeEntry.set_text("") if "maxelem" in old_options: self.ipsetBaseDialogMaxelemEntry.set_text( old_options["maxelem"]) else: self.ipsetBaseDialogMaxelemEntry.set_text("") self.ipsetBaseDialogOkButton.set_sensitive(False) if builtin: self.ipsetBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in ipset, rename not supported.")) else: self.ipsetBaseDialogNameEntry.set_tooltip_markup("") self.ipsetBaseDialogNameEntry.set_sensitive(not builtin and default) self.ipsetBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetBaseDialog.set_transient_for(self.mainWindow) self.ipsetBaseDialog.show_all() self.add_visible_dialog(self.ipsetBaseDialog) result = self.ipsetBaseDialog.run() self.ipsetBaseDialog.hide() self.remove_visible_dialog(self.ipsetBaseDialog) if result != 1: return name = self.ipsetBaseDialogNameEntry.get_text() version = self.ipsetBaseDialogVersionEntry.get_text() short = self.ipsetBaseDialogShortEntry.get_text() buffer = self.ipsetBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) ipset_type = self.ipsetBaseDialogBadTypeLabel.get_text() ipset_type = self.ipsetBaseDialogTypeCombobox.get_active_text() options = { } if self.ipsetBaseDialogFamilyCombobox.is_sensitive(): x = self.ipsetBaseDialogFamilyCombobox.get_active_text() if x != "inet": options["family"] = x if self.ipsetBaseDialogTimeoutEntry.is_sensitive(): x = self.ipsetBaseDialogTimeoutEntry.get_text() if x != "": options["timeout"] = x x = self.ipsetBaseDialogHashsizeEntry.get_text() if x != "": options["hashsize"] = x x = self.ipsetBaseDialogMaxelemEntry.get_text() if x != "": options["maxelem"] = x if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_ipset_type == ipset_type and \ old_options == options: # no changes return if not add: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() else: settings = client.FirewallClientIPSetSettings() if old_version != version or old_short != short or \ old_desc != desc or old_ipset_type != ipset_type or \ old_options != options: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setType(ipset_type) settings.setOptions(options) if not add: ipset.update(settings) if not add: if old_name == name: return ipset.rename(name) else: self.fw.config().addIPSet(name, settings) self.changes_applied() def onIPSetChanged(self, *args): if self.ipsetBaseDialogTypeCombobox.get_active_text() is None: # unsupported ipset type return if self.ipsetBaseDialogTypeCombobox.get_active_text() == "hash:mac": self.ipsetBaseDialogFamilyLabel.set_sensitive(False) self.ipsetBaseDialogFamilyCombobox.set_sensitive(False) else: self.ipsetBaseDialogFamilyLabel.set_sensitive(True) self.ipsetBaseDialogFamilyCombobox.set_sensitive(True) self.ipsetBaseDialogOkButton.set_sensitive(True) def onIPSetConfAddEntry(self, *args): self.add_edit_ipset_entry(True) def onIPSetConfAddEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry not in old_entries: old_entries.append(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if not settings.queryEntry(entry): settings.addEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfEditEntry(self, *args): self.add_edit_ipset_entry(False) def onIPSetConfEntryClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_ipset_entry(False) def onIPSetConfRemoveEntry(self, *args): active_ipset = self.get_active_ipset() selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return entry = self.ipsetConfEntryStore.get_value(iter, 0) if self.runtime_view: if self.fw.queryEntry(active_ipset, entry): self.fw.removeEntry(active_ipset, entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.removeEntry(entry) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetConfRemoveEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry in old_entries: old_entries.remove(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if settings.queryEntry(entry): settings.removeEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfRemoveAllEntries(self, *args): active_ipset = self.get_active_ipset() if self.runtime_view: self.fw.setEntries(active_ipset, [ ]) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.setEntries([ ]) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetEntryChanged(self, *args): settings = self.active_ipset_settings entry = self.ipsetEntryDialogEntryEntry.get_text() try: IPSet.check_entry(entry, settings.getOptions(), settings.getType()) except Exception: self.ipsetEntryDialogOkButton.set_sensitive(False) else: self.ipsetEntryDialogOkButton.set_sensitive(True) def change_ipset_conf_entry_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetConfEditEntryButton.set_sensitive(True) self.ipsetConfRemoveEntryMenuitem.set_sensitive(True) else: self.ipsetConfEditEntryButton.set_sensitive(False) self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) def add_edit_ipset_entry(self, add): active_ipset = self.get_active_ipset() if self.runtime_view: settings = self.fw.getIPSetSettings(active_ipset) else: settings = self.fw.config().getIPSetByName(active_ipset).getSettings() self.active_ipset_settings = settings self.ipsetEntryDialogTypeLabel.set_text(settings.getType()) self.ipsetEntryDialogEntryEntry.set_text("") old_entry = None if not add: selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_entry = self.ipsetConfEntryStore.get_value(iter, 0) if old_entry: self.ipsetEntryDialogEntryEntry.set_text(old_entry) self.ipsetEntryDialogOkButton.set_sensitive(False) self.ipsetEntryDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetEntryDialog.set_transient_for(self.mainWindow) self.ipsetEntryDialog.show_all() self.add_visible_dialog(self.ipsetEntryDialog) result = self.ipsetEntryDialog.run() self.ipsetEntryDialog.hide() self.active_ipset_settings = None self.remove_visible_dialog(self.ipsetEntryDialog) if result != 1: return entry = self.ipsetEntryDialogEntryEntry.get_text() if old_entry == entry: # nothing to change return if self.runtime_view: if not self.fw.queryEntry(active_ipset, entry): self.fw.addEntry(active_ipset, entry) if not add: self.fw.removeEntry(active_ipset, old_entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) if not ipset.queryEntry(entry): if not add: ipset.removeEntry(old_entry) ipset.addEntry(entry) self.changes_applied() def ipset_entry_added_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: # already there return iter = self.ipsetConfEntryStore.iter_next(iter) # nothing found, so add it self.ipsetConfEntryStore.append([entry]) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def ipset_entry_removed_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: self.ipsetConfEntryStore.remove(iter) break iter = self.ipsetConfEntryStore.iter_next(iter) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def conf_ipset_added_cb(self, ipset): if self.runtime_view: return # check if ipset is in store iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: return iter = self.ipsetConfIPSetStore.iter_next(iter) # not in list, append self.ipsetConfIPSetStore.append([ipset]) selection = self.ipsetConfIPSetView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_ipset_updated_cb(self, ipset): if self.runtime_view or ipset != self.get_active_ipset(): return self.onChangeIPSet() def conf_ipset_removed_cb(self, ipset): if self.runtime_view: return iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: self.ipsetConfIPSetStore.remove(iter) break iter = self.ipsetConfIPSetStore.iter_next(iter) def conf_ipset_renamed_cb(self, ipset): if self.runtime_view: return # Get all ipsets, renamed the one that is missing. # If more or less than one is missing, update ipset store. ipsets = self.fw.config().getIPSetNames() use_iter = None iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) not in ipsets: if use_iter is not None: return self.load_ipsets() use_iter = iter iter = self.ipsetConfIPSetStore.iter_next(iter) if use_iter is None: return self.load_ipsets() self.ipsetConfIPSetStore.set_value(use_iter, 0, ipset) def onChangeIPSet(self, *args): active_ipset = self.get_active_ipset() self.ipsetConfEntryStore.clear() self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_ipset: self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) return self.ipsetConfEditIPSetButton.set_sensitive(True) self.ipsetConfEntryBox.set_sensitive(True) entries = [ ] if self.runtime_view: # load runtime configuration self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(active_ipset) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: self.ipsetConfNotebook.set_sensitive(False) return raise else: self.ipsetConfNotebook.set_sensitive(True) self.activate_exception_handler() entries = settings.getEntries() options = settings.getOptions() default = False builtin = False else: try: ipset = self.fw.config().getIPSetByName(active_ipset) except: return # load permanent configuration settings = ipset.getSettings() entries = settings.getEntries() options = settings.getOptions() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] if "timeout" in options: self.ipsetConfEntrySW.hide() self.ipsetConfEntryBox.hide() self.ipsetConfEntryLabel.hide() self.ipsetConfTimeoutLabel.show() else: self.ipsetConfEntrySW.show() self.ipsetConfEntryBox.show() self.ipsetConfEntryLabel.show() self.ipsetConfTimeoutLabel.hide() # set entries for item in entries: self.ipsetConfEntryStore.append([item]) self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.ipsetConfRemoveIPSetButton.set_sensitive(not builtin and default) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(not default) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def get_active_helper(self): selection = self.helperConfHelperView.get_selection() (model, iter) = selection.get_selected() if iter: return self.helperConfHelperStore.get_value(iter, 0) return None def load_helpers(self): if not self.show_helpers: return active_helper = self.get_active_helper() if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() selection = self.helperConfHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.helperConfHelperStore.clear() # helpers for helper in helpers: self.helperConfHelperStore.append([helper]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == \ active_helper: selection.select_iter(iter) return iter = self.helperConfHelperStore.iter_next(iter) selection.select_path(0) if not self.get_active_helper(): self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) def onHelperConfAddHelper(self, *args): self.add_edit_helper(True) def onHelperConfRemoveHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.remove() self.changes_applied() self.load_helpers() self.onChangeHelper() def onHelperConfEditHelper(self, *args): self.add_edit_helper(False) def onHelperConfLoadDefaultsHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.loadDefaults() self.changes_applied() self.onChangeHelper() def onHelperBaseDialogModuleChooserClicked(self, *args): old_module = self.helperBaseDialogModuleChooser.get_text() module = self.module_select_dialog(old_module) if module is not None: self.helperBaseDialogModuleChooser.set_text(module) def onHelperBaseDialogChanged(self, *args): def check_helper_name(helper): return (len(helper) <= HELPER_MAXNAMELEN, helper) OK=True if args and (args[0] == self.helperBaseDialogNameEntry): additional_chars = "".join(Helper.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_helper_name) module = self.helperBaseDialogModuleChooser.get_text() if module is None or not module.startswith("nf_conntrack_") or \ len(module.replace("nf_conntrack_", "")) < 1: OK = False self.helperBaseDialogOkButton.set_sensitive(OK) def add_edit_helper(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_module = None old_family = None self.helperBaseDialogNameEntry.set_text("") self.helperBaseDialogVersionEntry.set_text("") self.helperBaseDialogShortEntry.set_text("") self.helperBaseDialogDescText.get_buffer().set_text("") self.helperBaseDialogModuleChooser.set_text("") self.helperBaseDialogFamilyCombobox.set_active(0) else: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() props = helper.get_properties() default = props["default"] builtin = props["builtin"] old_name = helper.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_module = settings.getModule() old_family = settings.getFamily() self.helperBaseDialogNameEntry.set_text(old_name) self.helperBaseDialogVersionEntry.set_text(old_version) self.helperBaseDialogShortEntry.set_text(old_short) self.helperBaseDialogDescText.get_buffer().set_text(old_desc) self.helperBaseDialogModuleChooser.set_text(old_module) self.helperBaseDialogFamilyCombobox.set_active(0) combobox_select_text(self.helperBaseDialogFamilyCombobox, { "": _("All") , "ipv4": _("IPv4"), "ipv6" : _("IPv6") }[old_family]) self.helperBaseDialogOkButton.set_sensitive(False) if builtin: self.helperBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in helper, rename not supported.")) else: self.helperBaseDialogNameEntry.set_tooltip_markup("") self.helperBaseDialogNameEntry.set_sensitive(not builtin and default) self.helperBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperBaseDialog.set_transient_for(self.mainWindow) self.helperBaseDialog.show_all() self.add_visible_dialog(self.helperBaseDialog) result = self.helperBaseDialog.run() self.helperBaseDialog.hide() self.remove_visible_dialog(self.helperBaseDialog) if result != 1: return name = self.helperBaseDialogNameEntry.get_text() version = self.helperBaseDialogVersionEntry.get_text() short = self.helperBaseDialogShortEntry.get_text() buffer = self.helperBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) module = self.helperBaseDialogModuleChooser.get_text() family = { _("All") : "", _("IPv4") : "ipv4", _("IPv6") : "ipv6" } \ [self.helperBaseDialogFamilyCombobox.get_active_text()] if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_module == module and \ old_family == family: # no changes return if not add: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() else: settings = client.FirewallClientHelperSettings() if old_version != version or old_short != short or \ old_desc != desc or old_family != family: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setModule(module) settings.setFamily(family) if not add: helper.update(settings) if not add: if old_name == name: return helper.rename(name) else: self.fw.config().addHelper(name, settings) self.changes_applied() def onHelperChanged(self, *args): self.helperBaseDialogOkButton.set_sensitive(True) def onHelperConfAddPort(self, *args): self.add_edit_helper_port(True) def onHelperConfEditPort(self, *args): self.add_edit_helper_port(False) def onHelperConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_helper_port(False) def onHelperConfRemovePort(self, *args): active_helper = self.get_active_helper() selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.helperConfPortStore.get_value(iter, 0) proto = self.helperConfPortStore.get_value(iter, 1) if self.runtime_view: if self.fw.queryPort(active_helper, port, proto): self.fw.removePort(active_helper, port, proto) self.changes_applied() else: helper = self.fw.config().getHelperByName(active_helper) helper.removePort(port, proto) self.changes_applied() def change_helper_conf_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperConfEditPortButton.set_sensitive(True) self.helperConfRemovePortButton.set_sensitive(True) else: self.helperConfEditPortButton.set_sensitive(False) self.helperConfRemovePortButton.set_sensitive(False) def add_edit_helper_port(self, add): active_helper = self.get_active_helper() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.helperConfPortStore.get_value(iter, 0) old_proto = self.helperConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return helper = self.fw.config().getHelperByName(active_helper) if not helper.queryPort(port, proto): if not add: helper.removePort(old_port, old_proto) helper.addPort(port, proto) self.changes_applied() def helper_port_added_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: # already there return iter = self.helperConfPortStore.iter_next(iter) # nothing found, so add it self.helperConfPortStore.append([entry]) def helper_port_removed_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: self.helperConfPortStore.remove(iter) break iter = self.helperConfPortStore.iter_next(iter) def conf_helper_added_cb(self, helper): if self.runtime_view: return # check if helper is in store iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: return iter = self.helperConfHelperStore.iter_next(iter) # not in list, append self.helperConfHelperStore.append([helper]) selection = self.helperConfHelperView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_helper_updated_cb(self, helper): if self.runtime_view or helper != self.get_active_helper(): return self.onChangeHelper() def conf_helper_removed_cb(self, helper): if self.runtime_view: return iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: self.helperConfHelperStore.remove(iter) break iter = self.helperConfHelperStore.iter_next(iter) def conf_helper_renamed_cb(self, helper): if self.runtime_view: return # Get all helpers, renamed the one that is missing. # If more or less than one is missing, update helper store. helpers = self.fw.config().getHelperNames() use_iter = None iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) not in helpers: if use_iter is not None: return self.load_helpers() use_iter = iter iter = self.helperConfHelperStore.iter_next(iter) if use_iter is None: return self.load_helpers() self.helperConfHelperStore.set_value(use_iter, 0, helper) def onChangeHelper(self, *args): active_helper = self.get_active_helper() self.helperConfPortStore.clear() self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_helper: self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) return self.helperConfEditHelperButton.set_sensitive(True) self.helperConfHelperNotebook.set_sensitive(True) ports = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getHelperSettings(active_helper) ports = settings.getPorts() default = False builtin = False else: try: helper = self.fw.config().getHelperByName(active_helper) except: return # load permanent configuration settings = helper.getSettings() ports = settings.getPorts() props = helper.get_properties() default = props["default"] builtin = props["builtin"] # set entries for item in ports: self.helperConfPortStore.append(item) self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.helperConfRemoveHelperButton.set_sensitive(not builtin and default) self.helperConfLoadDefaultsHelperButton.set_sensitive(not default) def onModuleChanged(self, *args): if self.moduleDialogOtherModuleCheck.get_active(): self.moduleDialogModuleLabel.set_sensitive(False) self.moduleDialogModuleCombobox.set_sensitive(False) self.moduleDialogOtherModuleEntry.set_sensitive(True) module = self.moduleDialogOtherModuleEntry.get_text() else: self.moduleDialogModuleLabel.set_sensitive(True) self.moduleDialogModuleCombobox.set_sensitive(True) self.moduleDialogOtherModuleEntry.set_sensitive(False) module = self.moduleDialogModuleCombobox.get_active_text() if module is not None and module.startswith("nf_conntrack_") and \ len(module.replace("nf_conntrack_", "")) > 1: self.moduleDialogOkButton.set_sensitive(True) else: self.moduleDialogOkButton.set_sensitive(False) def module_select_dialog(self, old_module): self.moduleDialogModuleCombobox.set_active(0) self.moduleDialogOtherModuleCheck.set_active(False) self.moduleDialogOtherModuleEntry.set_text("") if old_module: if not combobox_select_text(self.moduleDialogModuleCombobox, old_module): self.moduleDialogOtherModuleCheck.set_active(True) self.moduleDialogOtherModuleEntry.set_text(old_module) self.moduleDialogOkButton.set_sensitive(False) self.moduleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.moduleDialog.set_transient_for(self.mainWindow) self.moduleDialog.show_all() self.add_visible_dialog(self.moduleDialog) result = self.moduleDialog.run() self.moduleDialog.hide() self.remove_visible_dialog(self.moduleDialog) if result != 1: return None if self.moduleDialogOtherModuleCheck.get_active(): module = self.moduleDialogOtherModuleEntry.get_text() else: module = self.moduleDialogModuleCombobox.get_active_text() if old_module == module: # nothing to change return None return module def get_active_icmp(self): selection = self.icmpDialogIcmpView.get_selection() (model, iter) = selection.get_selected() if iter: return self.icmpDialogIcmpStore.get_value(iter, 0) return None def load_icmps(self): if not self.show_icmp_types: return active_icmp = self.get_active_icmp() if self.runtime_view: icmps = self.fw.listIcmpTypes() else: icmps = self.fw.config().getIcmpTypeNames() selection = self.icmpDialogIcmpView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.icmpDialogIcmpStore.clear() # icmps for icmp in icmps: self.icmpDialogIcmpStore.append([icmp]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == \ active_icmp: selection.select_iter(iter) return iter = self.icmpDialogIcmpStore.iter_next(iter) selection.select_path(0) if not self.get_active_icmp(): self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) def onChangeIcmp(self, *args): active_icmp = self.get_active_icmp() ### load service settings self.icmpDialogDestIpv4Check.set_active(True) self.icmpDialogDestIpv6Check.set_active(True) if not active_icmp: self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) return self.icmpDialogEditIcmpButton.set_sensitive(True) self.icmpDialogIcmpNotebook.set_sensitive(True) destination = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getIcmpTypeSettings(active_icmp) destination = settings.getDestinations() default = False builtin = False else: try: icmp = self.fw.config().getIcmpTypeByName(active_icmp) except: return # load permanent configuration settings = icmp.getSettings() destination = settings.getDestinations() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] self.icmpDialogRemoveIcmpButton.set_sensitive(not builtin and default) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(not default) ipv4 = "ipv4" in destination ipv6 = "ipv6" in destination # set destination if ipv4 != ipv6: if not ipv4: self.icmpDialogDestIpv4Check.set_active(False) if not ipv6: self.icmpDialogDestIpv6Check.set_active(False) def onIcmpDialogAddIcmp(self, *args): self.add_edit_icmp(True) def onIcmpDialogRemoveIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.remove() self.load_icmps() self.onChangeIcmp() def onIcmpDialogEditIcmp(self, *args): self.add_edit_icmp(False) def onIcmpBaseDialogChanged(self, *args): if args and (args[0] == self.icmpBaseDialogNameEntry): additional_chars = "".join(IcmpType.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.icmpBaseDialogOkButton.set_sensitive(True) def add_edit_icmp(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.icmpBaseDialogNameEntry.set_text("") self.icmpBaseDialogVersionEntry.set_text("") self.icmpBaseDialogShortEntry.set_text("") self.icmpBaseDialogDescText.get_buffer().set_text("") else: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] old_name = icmp.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.icmpBaseDialogNameEntry.set_text(old_name) self.icmpBaseDialogVersionEntry.set_text(old_version) self.icmpBaseDialogShortEntry.set_text(old_short) self.icmpBaseDialogDescText.get_buffer().set_text(old_desc) self.icmpBaseDialogOkButton.set_sensitive(False) if builtin: self.icmpBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in icmp, rename not supported.")) else: self.icmpBaseDialogNameEntry.set_tooltip_markup("") self.icmpBaseDialogNameEntry.set_sensitive(not builtin and default) self.icmpBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmpBaseDialog.set_transient_for(self.mainWindow) self.icmpBaseDialog.show_all() self.add_visible_dialog(self.icmpBaseDialog) result = self.icmpBaseDialog.run() self.icmpBaseDialog.hide() self.remove_visible_dialog(self.icmpBaseDialog) if result != 1: return name = self.icmpBaseDialogNameEntry.get_text() version = self.icmpBaseDialogVersionEntry.get_text() short = self.icmpBaseDialogShortEntry.get_text() buffer = self.icmpBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() else: settings = client.FirewallClientIcmpTypeSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: icmp.update(settings) if not add: if old_name == name: return icmp.rename(name) else: self.fw.config().addIcmpType(name, settings) self.changes_applied() def onIcmpDialogLoadDefaultsIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.loadDefaults() self.changes_applied() self.onChangeIcmp() def icmp_dialog_dest_ipv4_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv4Check.get_active(): if icmp.queryDestination("ipv4"): icmp.removeDestination("ipv4") self.changes_applied() elif not icmp.queryDestination("ipv4"): icmp.addDestination("ipv4") self.changes_applied() def icmp_dialog_dest_ipv6_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv6Check.get_active(): if icmp.queryDestination("ipv6"): icmp.removeDestination("ipv6") self.changes_applied() elif not icmp.queryDestination("ipv6"): icmp.addDestination("ipv6") self.changes_applied() def conf_icmp_added_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return # check if icmp is in store iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: return iter = self.icmpDialogIcmpStore.iter_next(iter) # not in list, append self.icmpDialogIcmpStore.append([icmp]) selection = self.icmpDialogIcmpView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_icmp_updated_cb(self, zone): if self.runtime_view: return if not self.show_icmp_types: return self.onChangeIcmp() def conf_icmp_removed_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: self.icmpDialogIcmpStore.remove(iter) break iter = self.icmpDialogIcmpStore.iter_next(iter) def conf_icmp_renamed_cb(self, icmp): if self.runtime_view: return # Get all icmps, renamed the one that is missing. # If more or less than one is missing, update icmp store. icmps = self.fw.config().getIcmpTypeNames() use_iter = None iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) not in icmps: if use_iter is not None: return self.load_icmps() use_iter = iter iter = self.icmpDialogIcmpStore.iter_next(iter) if use_iter is None: return self.load_icmps() self.icmpDialogIcmpStore.set_value(use_iter, 0, icmp) def lockdown_check_cb(self, *args): if self.fw.queryLockdown(): self.fw.config().set_property("Lockdown", "no") # permanent self.fw.disableLockdown() # runtime else: self.fw.config().set_property("Lockdown", "yes") # permanent self.fw.enableLockdown() # runtime self.changes_applied() def panic_check_cb(self, *args): if self.fw.queryPanicMode(): self.fw.disablePanicMode() else: self.fw.enablePanicMode() self.changes_applied() def load_direct(self): if not self.show_direct: return if self.runtime_view: chains = self.fw.getAllChains() rules = self.fw.getAllRules() passthroughs = self.fw.getAllPassthroughs() else: direct = self.fw.config().direct() settings = direct.getSettings() chains = settings.getAllChains() rules = settings.getAllRules() passthroughs = settings.getAllPassthroughs() self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() for x in chains: self.directChainStore.append(x) for (ipv, table, chain, priority, args) in rules: self.directRuleStore.append((ipv, table, chain, priority, functions.joinArgs(args))) for (ipv, args) in passthroughs: self.directPassthroughStore.append((ipv, functions.joinArgs(args))) def load_lockdown_whitelist(self): if not self.show_lockdown_whitelist: return if self.runtime_view: contexts = self.fw.getLockdownWhitelistContexts() commands = self.fw.getLockdownWhitelistCommands() users = self.fw.getLockdownWhitelistUsers() uids = self.fw.getLockdownWhitelistUids() else: whitelist = self.fw.config().policies().getLockdownWhitelist() contexts = whitelist.getContexts() commands = whitelist.getCommands() users = whitelist.getUsers() uids = whitelist.getUids() self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() for context in contexts: self.lockdownContextStore.append([context]) self.lockdownContextView.get_selection().select_path(0) for command in commands: self.lockdownCommandStore.append([command]) self.lockdownCommandView.get_selection().select_path(0) for user in users: self.lockdownUserStore.append([user]) self.lockdownUserView.get_selection().select_path(0) for uid in uids: self.lockdownUidStore.append([uid]) self.lockdownUidView.get_selection().select_path(0) def lockdown_enabled_cb(self): self.lockdownLabel.set_text(self.enabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(True) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def lockdown_disabled_cb(self): self.lockdownLabel.set_text(self.disabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(False) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def change_lockdown_context_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownContextButton.set_sensitive(True) self.removeLockdownContextButton.set_sensitive(True) else: self.editLockdownContextButton.set_sensitive(False) self.removeLockdownContextButton.set_sensitive(False) def change_lockdown_command_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownCommandButton.set_sensitive(True) self.removeLockdownCommandButton.set_sensitive(True) else: self.editLockdownCommandButton.set_sensitive(False) self.removeLockdownCommandButton.set_sensitive(False) def change_lockdown_user_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUserButton.set_sensitive(True) self.removeLockdownUserButton.set_sensitive(True) else: self.editLockdownUserButton.set_sensitive(False) self.removeLockdownUserButton.set_sensitive(False) def change_lockdown_uid_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUidButton.set_sensitive(True) self.removeLockdownUidButton.set_sensitive(True) else: self.editLockdownUidButton.set_sensitive(False) self.removeLockdownUidButton.set_sensitive(False) def onAddContext(self, button): self.add_edit_context(True) def onEditContext(self, button): self.add_edit_context(False) def onContextClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_context(False) def onRemoveContext(self, button): selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return context = self.lockdownContextStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistContext(context) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_context_added_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: return iter = self.lockdownContextStore.iter_next(iter) self.lockdownContextStore.append([context]) def lockdown_whitelist_context_removed_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: self.lockdownContextStore.remove(iter) break iter = self.lockdownContextStore.iter_next(iter) def add_edit_context(self, add): if add: old_context = "" else: selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_context = self.lockdownContextStore.get_value(iter, 0) self.contextDialogContextEntry.set_text(old_context) self.contextDialogOkButton.set_sensitive(False) self.contextDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.contextDialog.set_transient_for(self.mainWindow) self.contextDialog.show_all() self.add_visible_dialog(self.contextDialog) result = self.contextDialog.run() self.contextDialog.hide() self.remove_visible_dialog(self.contextDialog) if result != 1: return context = self.contextDialogContextEntry.get_text() if old_context == context: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistContext(context): self.fw.addLockdownWhitelistContext(context) if not add: self.fw.removeLockdownWhitelistContext(old_context) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryContext(context): if not add: whitelist.removeContext(old_context) whitelist.addContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onContextChanged(self, *args): text = self.contextDialogContextEntry.get_text() if text != "" and functions.checkContext(text): self.contextDialogOkButton.set_sensitive(True) else: self.contextDialogOkButton.set_sensitive(False) def onAddCommand(self, button): self.add_edit_command(True) def onEditCommand(self, button): self.add_edit_command(False) def onCommandClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_command(False) def onRemoveCommand(self, button): selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return command = self.lockdownCommandStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistCommand(command) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_command_added_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: return iter = self.lockdownCommandStore.iter_next(iter) self.lockdownCommandStore.append([command]) def lockdown_whitelist_command_removed_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: self.lockdownCommandStore.remove(iter) break iter = self.lockdownCommandStore.iter_next(iter) def add_edit_command(self, add): if add: old_command = "" else: selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_command = self.lockdownCommandStore.get_value(iter, 0) self.commandDialogCommandEntry.set_text(old_command) self.commandDialogOkButton.set_sensitive(False) self.commandDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.commandDialog.set_transient_for(self.mainWindow) self.commandDialog.show_all() self.add_visible_dialog(self.commandDialog) result = self.commandDialog.run() self.commandDialog.hide() self.remove_visible_dialog(self.commandDialog) if result != 1: return command = self.commandDialogCommandEntry.get_text() if old_command == command: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistCommand(command): self.fw.addLockdownWhitelistCommand(command) if not add: self.fw.removeLockdownWhitelistCommand(old_command) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryCommand(command): if not add: whitelist.removeCommand(old_command) whitelist.addCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onCommandChanged(self, *args): text = self.commandDialogCommandEntry.get_text() if functions.checkCommand(text): self.commandDialogOkButton.set_sensitive(True) else: self.commandDialogOkButton.set_sensitive(False) def onAddUser(self, button): self.add_edit_user(True) def onEditUser(self, button): self.add_edit_user(False) def onUserClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_user(False) def onRemoveUser(self, button): selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return user = self.lockdownUserStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUser(user) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_user_added_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: return iter = self.lockdownUserStore.iter_next(iter) self.lockdownUserStore.append([user]) def lockdown_whitelist_user_removed_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: self.lockdownUserStore.remove(iter) break iter = self.lockdownUserStore.iter_next(iter) def add_edit_user(self, add): if add: old_user = "" else: selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_user = self.lockdownUserStore.get_value(iter, 0) self.userDialogUserEntry.set_text(old_user) self.userDialogOkButton.set_sensitive(False) self.userDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.userDialog.set_transient_for(self.mainWindow) self.userDialog.show_all() self.add_visible_dialog(self.userDialog) result = self.userDialog.run() self.userDialog.hide() self.remove_visible_dialog(self.userDialog) if result != 1: return user = self.userDialogUserEntry.get_text() if old_user == user: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUser(user): self.fw.addLockdownWhitelistUser(user) if not add: self.fw.removeLockdownWhitelistUser(old_user) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUser(user): if not add: whitelist.removeUser(old_user) whitelist.addUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUserChanged(self, *args): text = self.userDialogUserEntry.get_text() if text != "" and functions.checkUser(text): self.userDialogOkButton.set_sensitive(True) else: self.userDialogOkButton.set_sensitive(False) def onAddUid(self, button): self.add_edit_uid(True) def onEditUid(self, button): self.add_edit_uid(False) def onUidClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_uid(False) def onRemoveUid(self, button): selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return uid = self.lockdownUidStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUid(uid) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_uid_added_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: return iter = self.lockdownUidStore.iter_next(iter) self.lockdownUidStore.append([uid]) def lockdown_whitelist_uid_removed_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: self.lockdownUidStore.remove(iter) break iter = self.lockdownUidStore.iter_next(iter) def add_edit_uid(self, add): if add: old_uid = "" else: selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_uid = self.lockdownUidStore.get_value(iter, 0) self.uidDialogUidEntry.set_text("%s" % old_uid) self.uidDialogOkButton.set_sensitive(False) self.uidDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.uidDialog.set_transient_for(self.mainWindow) self.uidDialog.show_all() self.add_visible_dialog(self.uidDialog) result = self.uidDialog.run() self.uidDialog.hide() self.remove_visible_dialog(self.uidDialog) if result != 1: return uid = int(self.uidDialogUidEntry.get_text()) if old_uid == uid: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUid(uid): self.fw.addLockdownWhitelistUid(uid) if not add: self.fw.removeLockdownWhitelistUid(old_uid) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUid(uid): if not add: whitelist.removeUid(old_uid) whitelist.addUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUidChanged(self, *args): text = self.uidDialogUidEntry.get_text() if text != "" and functions.checkUid(text): self.uidDialogOkButton.set_sensitive(True) else: self.uidDialogOkButton.set_sensitive(False) def lockdown_whitelist_updated_cb(self): self.load_lockdown_whitelist() def change_chain_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectChainButton.set_sensitive(True) self.removeDirectChainButton.set_sensitive(True) else: self.editDirectChainButton.set_sensitive(False) self.removeDirectChainButton.set_sensitive(False) def onAddChain(self, button): self.add_edit_direct_chain(True) def onEditChain(self, button): self.add_edit_direct_chain(False) def onChainClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_chain(False) def onRemoveChain(self, button): selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directChainStore.get_value(iter, 0) table = self.directChainStore.get_value(iter, 1) chain = self.directChainStore.get_value(iter, 2) if self.runtime_view: self.fw.removeChain(ipv, table, chain) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryChain(ipv, table, chain): direct.removeChain(ipv, table, chain) self.changes_applied() def direct_updated_cb(self): if not self.show_direct: return if self.runtime_view: return self.load_direct() def direct_chain_added_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: return iter = self.directChainStore.iter_next(iter) self.directChainStore.append([ipv, table, chain]) def direct_chain_removed_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: self.directChainStore.remove(iter) break iter = self.directChainStore.iter_next(iter) def add_edit_direct_chain(self, add): if add: old_ipv = "" old_table = "" old_chain = "" else: selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directChainStore.get_value(iter, 0) old_table = self.directChainStore.get_value(iter, 1) old_chain = self.directChainStore.get_value(iter, 2) self.directChainDialogIPVCombobox.set_active(0) combobox_select_text(self.directChainDialogIPVCombobox, old_ipv) combobox_select_text(self.directChainDialogTableCombobox, old_table) self.directChainDialogChainEntry.set_text("%s" % old_chain) self.directChainDialogOkButton.set_sensitive(False) self.directChainDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directChainDialog.set_transient_for(self.mainWindow) self.directChainDialog.show_all() self.add_visible_dialog(self.directChainDialog) result = self.directChainDialog.run() self.directChainDialog.hide() self.remove_visible_dialog(self.directChainDialog) if result != 1: return ipv = self.directChainDialogIPVCombobox.get_active_text() table = self.directChainDialogTableCombobox.get_active_text() chain = self.directChainDialogChainEntry.get_text() if self.runtime_view: if not self.fw.queryChain(ipv, table, chain): self.fw.addChain(ipv, table, chain) if not add: self.fw.removeChain(old_ipv, old_table, old_chain) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryChain(ipv, table, chain): if not add: direct.removeChain(old_ipv, old_table, old_chain) direct.addChain(ipv, table, chain) self.changes_applied() def onDirectChainDialogChanged(self, *args): self.directChainDialogOkButton.set_sensitive(True) def onDirectChainDialogIPVChanged(self, *args): old_table = self.directChainDialogTableCombobox.get_active_text() ipv = self.directChainDialogIPVCombobox.get_active_text() self.directChainDialogTableCombobox.remove_all() self.directChainDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directChainDialogTableCombobox.append_text("nat") self.directChainDialogTableCombobox.append_text("mangle") self.directChainDialogTableCombobox.append_text("raw") self.directChainDialogTableCombobox.append_text("security") else: self.directChainDialogTableCombobox.append_text("broute") combobox_select_text(self.directChainDialogTableCombobox, old_table) def change_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectRuleButton.set_sensitive(True) self.removeDirectRuleButton.set_sensitive(True) else: self.editDirectRuleButton.set_sensitive(False) self.removeDirectRuleButton.set_sensitive(False) def onAddRule(self, button): self.add_edit_direct_rule(True) def onEditRule(self, button): self.add_edit_direct_rule(False) def onRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_rule(False) def onRemoveRule(self, button): selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directRuleStore.get_value(iter, 0) table = self.directRuleStore.get_value(iter, 1) chain = self.directRuleStore.get_value(iter, 2) priority = self.directRuleStore.get_value(iter, 3) args = self.directRuleStore.get_value(iter, 4) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryRule(ipv, table, chain, priority, split_args): direct.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() def direct_rule_added_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: return iter = self.directRuleStore.iter_next(iter) self.directRuleStore.append([ipv, table, chain, priority, joined_args]) def direct_rule_removed_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: self.directRuleStore.remove(iter) break iter = self.directRuleStore.iter_next(iter) def add_edit_direct_rule(self, add): if add: old_ipv = "" old_table = "" old_chain = "" old_priority = 0 old_args = "" else: selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directRuleStore.get_value(iter, 0) old_table = self.directRuleStore.get_value(iter, 1) old_chain = self.directRuleStore.get_value(iter, 2) old_priority = self.directRuleStore.get_value(iter, 3) old_args = self.directRuleStore.get_value(iter, 4) self.directRuleDialogIPVCombobox.set_active(0) combobox_select_text(self.directRuleDialogIPVCombobox, old_ipv) combobox_select_text(self.directRuleDialogTableCombobox, old_table) self.directRuleDialogChainEntry.set_text("%s" % old_chain) self.directRuleDialogPrioritySpinbutton.set_value(old_priority) self.directRuleDialogArgsEntry.set_text("%s" % old_args) self.directRuleDialogOkButton.set_sensitive(False) self.directRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directRuleDialog.set_transient_for(self.mainWindow) self.directRuleDialog.show_all() self.add_visible_dialog(self.directRuleDialog) result = self.directRuleDialog.run() self.directRuleDialog.hide() self.remove_visible_dialog(self.directRuleDialog) if result != 1: return ipv = self.directRuleDialogIPVCombobox.get_active_text() table = self.directRuleDialogTableCombobox.get_active_text() chain = self.directRuleDialogChainEntry.get_text() priority = self.directRuleDialogPrioritySpinbutton.get_value_as_int() args = self.directRuleDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryRule(ipv, table, chain, priority, split_args): self.fw.addRule(ipv, table, chain, priority, split_args) if not add: self.fw.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryRule(ipv, table, chain, priority, split_args): if not add: direct.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) direct.addRule(ipv, table, chain, priority, split_args) self.changes_applied() def onDirectRuleDialogChanged(self, *args): self.directRuleDialogOkButton.set_sensitive(True) def onDirectRuleDialogIPVChanged(self, *args): old_table = self.directRuleDialogTableCombobox.get_active_text() ipv = self.directRuleDialogIPVCombobox.get_active_text() self.directRuleDialogTableCombobox.remove_all() self.directRuleDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directRuleDialogTableCombobox.append_text("nat") self.directRuleDialogTableCombobox.append_text("mangle") self.directRuleDialogTableCombobox.append_text("raw") self.directRuleDialogTableCombobox.append_text("security") else: self.directRuleDialogTableCombobox.append_text("broute") combobox_select_text(self.directRuleDialogTableCombobox, old_table) def change_passthrough_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectPassthroughButton.set_sensitive(True) self.removeDirectPassthroughButton.set_sensitive(True) else: self.editDirectPassthroughButton.set_sensitive(False) self.removeDirectPassthroughButton.set_sensitive(False) def onAddPassthrough(self, button): self.add_edit_direct_passthrough(True) def onEditPassthrough(self, button): self.add_edit_direct_passthrough(False) def onPassthroughClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_passthrough(False) def onRemovePassthrough(self, button): selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directPassthroughStore.get_value(iter, 0) args = self.directPassthroughStore.get_value(iter, 1) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removePassthrough(ipv, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryPassthrough(ipv, split_args): direct.removePassthrough(ipv, split_args) self.changes_applied() def direct_passthrough_added_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: return iter = self.directPassthroughStore.iter_next(iter) self.directPassthroughStore.append([ipv, joined_args]) def direct_passthrough_removed_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: self.directPassthroughStore.remove(iter) break iter = self.directPassthroughStore.iter_next(iter) def add_edit_direct_passthrough(self, add): if add: old_ipv = "" old_args = "" else: selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directPassthroughStore.get_value(iter, 0) old_args = self.directPassthroughStore.get_value(iter, 1) self.directPassthroughDialogIPVCombobox.set_active(0) combobox_select_text(self.directPassthroughDialogIPVCombobox, old_ipv) self.directPassthroughDialogArgsEntry.set_text("%s" % old_args) self.directPassthroughDialogOkButton.set_sensitive(False) self.directPassthroughDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directPassthroughDialog.set_transient_for(self.mainWindow) self.directPassthroughDialog.show_all() self.add_visible_dialog(self.directPassthroughDialog) result = self.directPassthroughDialog.run() self.directPassthroughDialog.hide() self.remove_visible_dialog(self.directPassthroughDialog) if result != 1: return ipv = self.directPassthroughDialogIPVCombobox.get_active_text() args = self.directPassthroughDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryPassthrough(ipv, split_args): self.fw.addPassthrough(ipv, split_args) if not add: self.fw.removePassthrough(old_ipv, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryPassthrough(ipv, split_args): if not add: direct.removePassthrough(old_ipv, split_old_args) direct.addPassthrough(ipv, split_args) self.changes_applied() def onDirectPassthroughDialogChanged(self, *args): self.directPassthroughDialogOkButton.set_sensitive(True) def get_ipset_entries_from_file(self, filename): entries = [ ] try: f = open(filename) except Exception as ex: self._error(_("Failed to read file '%s': %s") % (filename, ex)) else: for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue if line not in entries: entries.append(line) f.close() return entries def combobox_select_text(combobox, value, insensitive=False): model = combobox.get_model() iter = model.get_iter_first() while iter: if (not insensitive and model.get_value(iter, 0) == value) or \ (insensitive and \ model.get_value(iter, 0).lower() == value.lower()): combobox.set_active_iter(iter) return True iter = model.iter_next(iter) combobox.set_active(0) return False class ZoneInterfaceEditor(Gtk.Dialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def create_ui(self, zone): self.set_property("width-request", 100) self.resize_to_geometry(100, 50) self.set_resizable(True) self.add_button("gtk-close", 1) self.ok_button = self.add_button("gtk-ok", 2) self.ok_button.set_sensitive(False) vbox = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=6) vbox.set_border_width(12) vbox.set_homogeneous(False) label = Gtk.Label() label.set_text(self.title) label.set_line_wrap(True) label.set_justify(Gtk.Justification.LEFT) label.set_alignment(0, 0.5) vbox.pack_start(label, True, True, 0) self.combo = Gtk.ComboBoxText() self.fill_zone_combo() vbox.pack_start(self.combo, True, True, 0) box = self.get_content_area() box.set_border_width(6) box.set_homogeneous(False) box.pack_start(vbox, False, True, 0) self.combo.connect("changed", self.combo_changed) self.set_zone(zone) def combo_changed(self, combo): self.ok_button.set_sensitive(self.get_zone() != self.zone) def set_zone(self, zone): old_zone = self.zone self.zone = zone if self.get_zone() == old_zone: if zone == "": combobox_select_text(self.combo, _("Default Zone")) else: combobox_select_text(self.combo, self.zone) else: self.combo_changed(None) def get_zone(self): text = self.combo.get_active_text() if text == _("Default Zone"): text = "" return text def fill_zone_combo(self): self.combo.remove_all() for zone in self.fw.getZones(): self.combo.append_text(zone) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfInterface(self.get_zone(), self.interface) class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def fill_zone_combo(self): self.combo.remove_all() self.combo.append_text(_("Default Zone")) for zone in self.fw.getZones(): self.combo.append_text(zone) def run(self): if Gtk.Dialog.run(self) != 2: return nm_set_zone_of_connection(self.get_zone(), self.connection) class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source %s") % self.source Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfSource(self.get_zone(), self.source) # MAIN if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) app = FirewallConfig() sys.exit(0) firewalld-0.8.2/src/Makefile.in0000664007115300711530000007415313641123177017527 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = src DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(srcdir)/firewall-applet.in $(srcdir)/firewall-cmd.in \ $(srcdir)/firewall-offline-cmd.in $(srcdir)/firewall-config.in \ $(srcdir)/firewalld.in $(dist_bin_SCRIPTS) \ $(dist_sbin_SCRIPTS) $(dist_glade_DATA) $(dist_gtkextra_DATA) \ $(nobase_dist_python_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = firewall-applet firewall-cmd firewall-offline-cmd \ firewall-config firewalld CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(gladedir)" "$(DESTDIR)$(gtkextradir)" \ "$(DESTDIR)$(pythondir)" SCRIPTS = $(dist_bin_SCRIPTS) $(dist_sbin_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac DATA = $(dist_glade_DATA) $(dist_gtkextra_DATA) \ $(nobase_dist_python_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = icons tests dist_bin_SCRIPTS_in = firewall-applet.in firewall-cmd.in firewall-offline-cmd.in firewall-config.in dist_sbin_SCRIPTS_in = firewalld.in dist_bin_SCRIPTS = $(dist_bin_SCRIPTS_in:.in=) dist_sbin_SCRIPTS = $(dist_sbin_SCRIPTS_in:.in=) gladedir = $(pkgdatadir) dist_glade_DATA = firewall-config.glade gtkextradir = $(pkgdatadir) dist_gtkextra_DATA = gtk3_chooserbutton.py gtk3_niceexpander.py nobase_dist_python_DATA = \ firewall/client.py \ firewall/command.py \ firewall/config/dbus.py \ firewall/config/__init__.py \ firewall/core/base.py \ firewall/core/ebtables.py \ firewall/core/fw_config.py \ firewall/core/fw_direct.py \ firewall/core/fw_helper.py \ firewall/core/fw_icmptype.py \ firewall/core/fw_ifcfg.py \ firewall/core/fw_ipset.py \ firewall/core/fw_nm.py \ firewall/core/fw_policies.py \ firewall/core/fw.py \ firewall/core/fw_service.py \ firewall/core/fw_transaction.py \ firewall/core/fw_zone.py \ firewall/core/helper.py \ firewall/core/icmp.py \ firewall/core/__init__.py \ firewall/core/io/direct.py \ firewall/core/io/firewalld_conf.py \ firewall/core/io/functions.py \ firewall/core/io/helper.py \ firewall/core/io/icmptype.py \ firewall/core/io/ifcfg.py \ firewall/core/io/__init__.py \ firewall/core/io/io_object.py \ firewall/core/io/ipset.py \ firewall/core/io/lockdown_whitelist.py \ firewall/core/io/service.py \ firewall/core/io/zone.py \ firewall/core/ipset.py \ firewall/core/ipXtables.py \ firewall/core/logger.py \ firewall/core/modules.py \ firewall/core/nftables.py \ firewall/core/prog.py \ firewall/core/rich.py \ firewall/core/watcher.py \ firewall/dbus_utils.py \ firewall/errors.py \ firewall/functions.py \ firewall/fw_types.py \ firewall/__init__.py \ firewall/server/config_helper.py \ firewall/server/config_icmptype.py \ firewall/server/config_ipset.py \ firewall/server/config.py \ firewall/server/config_service.py \ firewall/server/config_zone.py \ firewall/server/decorators.py \ firewall/server/firewalld.py \ firewall/server/__init__.py \ firewall/server/server.py EXTRA_DIST = \ firewall/config/__init__.py.in \ $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) CLEANFILES = *~ *\# .\#* *.py? FLAKE8_IGNORE = E121,E122,E123,E124,E126,E127,E128,E201,E202,E203,E211,E221,E222,E225,E226,E231,E241,E251,E261,E262,E265,E266,W291,W293,E301,E302,E303,E305,E306,W391,E402,E501,E502,W503,W504,E722,E741 all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): firewall-applet: $(top_builddir)/config.status $(srcdir)/firewall-applet.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewall-cmd: $(top_builddir)/config.status $(srcdir)/firewall-cmd.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewall-offline-cmd: $(top_builddir)/config.status $(srcdir)/firewall-offline-cmd.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewall-config: $(top_builddir)/config.status $(srcdir)/firewall-config.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewalld: $(top_builddir)/config.status $(srcdir)/firewalld.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-dist_binSCRIPTS: $(dist_bin_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_binSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir) install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_sbinSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir) install-dist_gladeDATA: $(dist_glade_DATA) @$(NORMAL_INSTALL) @list='$(dist_glade_DATA)'; test -n "$(gladedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(gladedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(gladedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(gladedir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(gladedir)" || exit $$?; \ done uninstall-dist_gladeDATA: @$(NORMAL_UNINSTALL) @list='$(dist_glade_DATA)'; test -n "$(gladedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(gladedir)'; $(am__uninstall_files_from_dir) install-dist_gtkextraDATA: $(dist_gtkextra_DATA) @$(NORMAL_INSTALL) @list='$(dist_gtkextra_DATA)'; test -n "$(gtkextradir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(gtkextradir)'"; \ $(MKDIR_P) "$(DESTDIR)$(gtkextradir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(gtkextradir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(gtkextradir)" || exit $$?; \ done uninstall-dist_gtkextraDATA: @$(NORMAL_UNINSTALL) @list='$(dist_gtkextra_DATA)'; test -n "$(gtkextradir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(gtkextradir)'; $(am__uninstall_files_from_dir) install-nobase_dist_pythonDATA: $(nobase_dist_python_DATA) @$(NORMAL_INSTALL) @list='$(nobase_dist_python_DATA)'; test -n "$(pythondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pythondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pythondir)" || exit 1; \ fi; \ $(am__nobase_list) | while read dir files; do \ xfiles=; for file in $$files; do \ if test -f "$$file"; then xfiles="$$xfiles $$file"; \ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ test -z "$$xfiles" || { \ test "x$$dir" = x. || { \ echo " $(MKDIR_P) '$(DESTDIR)$(pythondir)/$$dir'"; \ $(MKDIR_P) "$(DESTDIR)$(pythondir)/$$dir"; }; \ echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(pythondir)/$$dir'"; \ $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(pythondir)/$$dir" || exit $$?; }; \ done uninstall-nobase_dist_pythonDATA: @$(NORMAL_UNINSTALL) @list='$(nobase_dist_python_DATA)'; test -n "$(pythondir)" || list=; \ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ dir='$(DESTDIR)$(pythondir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-recursive all-am: Makefile $(SCRIPTS) $(DATA) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(gladedir)" "$(DESTDIR)$(gtkextradir)" "$(DESTDIR)$(pythondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dist_gladeDATA install-dist_gtkextraDATA \ install-nobase_dist_pythonDATA install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-dist_binSCRIPTS install-dist_sbinSCRIPTS install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-dist_binSCRIPTS uninstall-dist_gladeDATA \ uninstall-dist_gtkextraDATA uninstall-dist_sbinSCRIPTS \ uninstall-nobase_dist_pythonDATA .MAKE: $(am__recursive_targets) check-am install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am check-local clean clean-generic cscopelist-am ctags \ ctags-am distclean distclean-generic distclean-tags distdir \ dvi dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dist_binSCRIPTS \ install-dist_gladeDATA install-dist_gtkextraDATA \ install-dist_sbinSCRIPTS install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man \ install-nobase_dist_pythonDATA install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-dist_binSCRIPTS uninstall-dist_gladeDATA \ uninstall-dist_gtkextraDATA uninstall-dist_sbinSCRIPTS \ uninstall-nobase_dist_pythonDATA check-local: find . -name '*.py' -or -name '*.py.in' |xargs flake8 --ignore="$(FLAKE8_IGNORE)" flake8 --ignore="$(FLAKE8_IGNORE)" $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) @echo @for file in $(filter-out $(EXTRA_DIST:.in=),$(nobase_dist_python_DATA) $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/src/gtk3_chooserbutton.py0000775007115300711530000001243213341016621021645 0ustar00egarveregarver00000000000000#!/usr/bin/python -Es # -*- coding: utf-8 -*- # # Copyright (C) 2008,2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Florian Festi # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import gi gi.require_version('Gtk', '3.0') from gi.repository import Gtk class ChooserButton(object): def __init__(self, button, default_label=""): self.button = button self.default_label = default_label self.label = None self._menu = None self._icon = None children = self.button.get_children() if len(children) == 1 and isinstance(children[0], (Gtk.HBox, Gtk.Box)): children = children[0].get_children() for child in children: if isinstance(child, Gtk.Label): self.label = child break else: for child in list(button.get_children()): button.remove(child) hbox = Gtk.HBox() self.label = Gtk.Label() arrow = Gtk.Arrow(arrow_type=Gtk.ArrowType.DOWN, shadow_type=Gtk.ShadowType.IN) hbox.set_spacing(2) hbox.pack_start(self.label, True, True, 0) hbox.pack_end(arrow, False, False, 0) button.add(hbox) if not self.label: raise ValueError("%s is not a ChooserButton" % button.get_name()) self.connect("clicked", self._show_menu) self.reset() def set_sensitive(self, value): self.button.set_sensitive(value) def get_sensitive(self): return self.button.get_sensitive() def is_sensitive(self): return self.button.is_sensitive() def connect(self, _type, *args): return self.button.connect(_type, *args) def disconnect(self, *args): self.button.disconnect(*args) def get_text(self): return self.text def set_text(self, text): if not text or len(text) < 1: self.reset() self.text = text self.label.set_text(self.text) def set_stock_icon(self, name, size=Gtk.IconSize.MENU): if self._icon is None: self._icon = Gtk.Image() hbox = self.button.get_child() hbox.pack_start(self._icon, True, True, 0) hbox.reorder_child(self._icon, 0) self._icon.set_from_stock(name, size) def reset(self): self.text = None self.label.set_text(self.default_label) def set_menu(self, menu): self._menu = menu if menu: menu.attach_to_widget(self.button, self._detach_menu) def get_menu(self): return self._menu def _detach_menu(self): self._menu = None def _show_menu(self, *dummy): if not self._menu: return self._menu.popup(None, None, self._menu_position_func, 0, 0, 0) def _menu_position_func(self, menu, dummy): allocation = self.button.get_allocation() req = menu.size_request() menu_width = req.width menu_height = req.height if menu_width != allocation.width: menu.set_size_request(-1, -1) req = menu.size_request() if req.width > allocation.width: menu.set_size_request(req.width, req.height) else: menu.set_size_request(allocation.width, -1) (x, y) = self.button.get_parent_window().get_origin()[1:] x += allocation.x y += allocation.y + allocation.height root = self.button.get_root_window() (dummy, dummy, dummy, root_height) = root.get_geometry() if y + menu_height > root_height: y -= menu_height + allocation.height return (x, y, True) class ToolChooserButton(object): def __init__(self, button, default_label=''): self.button = button self.default_label = default_label self._menu = None self._icon = None self.reset() self.set_sensitive = self.button.set_sensitive def get_text(self): return self.text def set_text(self, text): if not text or len(text) < 1: self.reset() self.text = text self.button.set_label(text) def set_stock_icon(self, name, size=Gtk.IconSize.BUTTON): if self._icon is None: self._icon = Gtk.Image() self.button.set_icon_widget(self._icon) self._icon.set_from_stock(name, size) def reset(self): self.text = None self.button.set_label(self.default_label) def set_menu(self, menu): self._menu = menu self.button.set_menu(menu) def get_menu(self): return self._menu def _detach_menu(self): self._menu = None firewalld-0.8.2/src/firewall-applet.in0000775007115300711530000012210113620317435021067 0ustar00egarveregarver00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2010-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys from PyQt5 import QtGui, QtCore, QtWidgets import gi gi.require_version('Notify', '0.7') from gi.repository import Notify import os from dbus.mainloop.pyqt5 import DBusQtMainLoop import functools from firewall import config from firewall.core.fw_nm import nm_is_imported, nm_get_zone_of_connection, \ nm_set_zone_of_connection, \ nm_get_dbus_interface, \ nm_get_connections from firewall.core.watcher import Watcher from firewall.client import FirewallClient import slip.dbus import dbus import signal import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext PATH = [ ] for p in os.getenv("PATH").split(":"): if p not in PATH: PATH.append(p) def search_app(app): for p in PATH: _app = "%s/%s" % (p, app) if os.path.exists(_app): return _app return None NM_CONNECTION_EDITOR = "" for binary in [ "/usr/bin/nm-connection-editor", "/bin/nm-connection-editor", "/usr/bin/kde5-nm-connection-editor", "/bin/kde5-nm-connection-editor", "/usr/bin/kde-nm-connection-editor", "/bin/kde-nm-connection-editor" ]: if os.path.exists(binary): NM_CONNECTION_EDITOR = binary break PY2 = sys.version < '3' def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text def fromUTF8(text): if PY2 and QtCore.QT_VERSION < 0x050000: return QtCore.QString.fromUtf8(text) return text # ZoneInterfaceEditor ######################################################### class ZoneInterfaceEditor(QtWidgets.QDialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface QtWidgets.QDialog.__init__(self) self.create_ui(zone) def create_ui(self, zone): self.setWindowTitle(fromUTF8(escape(self.title))) self.rejected.connect(self.hide) self.resize(100, 50) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(fromUTF8(escape(self.title))) vbox.addWidget(label) self.combo = QtWidgets.QComboBox() self.fill_zone_combo() vbox.addWidget(self.combo) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.combo.activated.connect(self.combo_changed) self.setLayout(vbox) self.set_zone(zone) def combo_changed(self): self.ok_button.setDisabled(self.get_zone() == self.zone) def set_zone(self, zone): self.zone = zone if zone == "": self.combo.setCurrentIndex(self.combo.findText( escape(_("Default Zone")))) else: self.combo.setCurrentIndex(self.combo.findText(self.zone)) self.combo_changed() def get_zone(self): text = str(self.combo.currentText()) if text == escape(_("Default Zone")): text = "" return text def fill_zone_combo(self): self.combo.clear() self.combo.addItem(fromUTF8(escape(_("Default Zone")))) for z in self.fw.getZones(): self.combo.addItem(z) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def ok(self): self.fw.changeZoneOfInterface(self.get_zone(), self.interface) self.hide() # ZoneConnectionEditor ######################################################## class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): # apply changes try: nm_set_zone_of_connection(self.get_zone(), self.connection) except Exception: text = _("Failed to set zone {zone} for connection {connection_name}") QtWidgets.QMessageBox.warning(None, fromUTF8(escape(self.title)), escape(text.format( zone=self.get_zone(), connection_name=self.connection_name))) self.hide() # ZoneSourceEditor ############################################################ class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source '%s'") % self.source QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): self.fw.changeZoneOfSource(self.get_zone(), self.source) self.hide() # ShieldsEditor ######################################################### class ShieldsEditor(QtWidgets.QDialog): def __init__(self, fw, settings, shields_up, shields_down): self.fw = fw self.settings = settings self.shields_up = shields_up self.shields_down = shields_down self.title = _("Configure Shields Up/Down Zones") QtWidgets.QDialog.__init__(self) self.create_ui() def create_ui(self): self.setWindowTitle(fromUTF8(escape(self.title))) self.rejected.connect(self.hide) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(fromUTF8(escape( _("Here you can select the zones used for Shields Up and " "Shields Down.")))) label.setWordWrap(True) vbox.addWidget(label) label = QtWidgets.QLabel(fromUTF8(escape( _("This feature is useful for people using the default zones " "mostly. For users, that are changing zones of connections, it " "might be of limited use.")))) label.setWordWrap(True) vbox.addWidget(label) grid = QtWidgets.QGridLayout() grid.setSpacing(6) label = QtWidgets.QLabel(fromUTF8(escape(_("Shields Up Zone:")))) label.setWordWrap(True) grid.addWidget(label, 0, 0, 1, 1) self.shields_up_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_up_combo) #self.set_shields_up(self.shields_up) grid.addWidget(self.shields_up_combo, 0, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_up) grid.addWidget(button, 0, 2, 1, 1) label = QtWidgets.QLabel(fromUTF8(escape(_("Shields Down Zone:")))) label.setWordWrap(True) grid.addWidget(label, 1, 0, 1, 1) self.shields_down_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_down_combo) #self.set_shields_down(self.shields_down) grid.addWidget(self.shields_down_combo, 1, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_down) grid.addWidget(button, 1, 2, 1, 1) vbox.addLayout(grid) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.shields_up_combo.activated.connect(self.shields_combo_changed) self.shields_down_combo.activated.connect(self.shields_combo_changed) self.setLayout(vbox) def shields_combo_changed(self): self.ok_button.setDisabled( self.get_shields_up() == self.shields_up and \ self.get_shields_down() == self.shields_down) def set_shields_up(self, zone): self.shields_up = zone if self.shields_up_combo.count() > 0: self.shields_up_combo.setCurrentIndex( self.shields_up_combo.findText(self.shields_up)) self.shields_combo_changed() def set_shields_down(self, zone): self.shields_down = zone if self.shields_down_combo.count() > 0: self.shields_down_combo.setCurrentIndex( self.shields_down_combo.findText(self.shields_down)) self.shields_combo_changed() def reset_shields_up(self): self.set_shields_up(self.shields_up) # remove user key to get fallback again self.settings.remove("shields-up") def reset_shields_down(self): self.set_shields_down(self.shields_down) # remove user key to get fallback again self.settings.remove("shields-down") def get_shields_up(self): return str(self.shields_up_combo.currentText()) def get_shields_down(self): return str(self.shields_down_combo.currentText()) def zones_changed(self): up_zone = self.shields_up if self.get_shields_up(): up_zone = self.get_shields_up() down_zone = self.shields_down if self.get_shields_down(): down_zone = self.get_shields_down() for z in self.fw.getZones(): self.shields_up_combo.addItem(z) self.shields_down_combo.addItem(z) self.set_shields_up(up_zone) self.set_shields_down(down_zone) def ok(self): if self.shields_up != self.get_shields_up(): self.settings.setValue("shields-up", self.get_shields_up()) if self.shields_down != self.get_shields_down(): self.settings.setValue("shields-down", self.get_shields_down()) self.settings.sync() self.hide() # AboutDialog ################################################################# class AboutDialog(QtWidgets.QDialog): def __init__(self, name, icon, version, url, copyright, authors, license): QtWidgets.QDialog.__init__(self) self.setWindowIcon(icon) self.setWindowTitle(fromUTF8(escape(_("About %s" % name)))) self.resize(500, 250) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) hbox = QtWidgets.QHBoxLayout() hbox.setSpacing(24) label = QtWidgets.QLabel() label.setPixmap(icon.pixmap(96)) label.setMinimumSize(96, 96) label.setMaximumSize(96, 96) hbox.addWidget(label) vbox2 = QtWidgets.QVBoxLayout() vbox2.setSpacing(3) label = QtWidgets.QLabel(name) font = label.font() font.setPointSize(font.pointSize()*2) font.setBold(True) label.setFont(font) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(version)) label = QtWidgets.QLabel("%s" % (url, url)) label.setTextFormat(QtCore.Qt.RichText) label.setTextInteractionFlags(QtCore.Qt.TextBrowserInteraction) label.setOpenExternalLinks(True) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(copyright)) hbox.addLayout(vbox2) vbox.addLayout(hbox) tabs = QtWidgets.QTabWidget() tabs.setStyleSheet("QTabWidget::tab { padding: 1px 1px 1px 1px; }") tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText(fromUTF8("\n".join(authors))) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, fromUTF8(escape(_("Authors")))) tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText(license) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, fromUTF8(escape(_("License")))) vbox.addWidget(tabs) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Close) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.setLayout(vbox) # TrayApplet ################################################################## class TrayApplet(QtWidgets.QSystemTrayIcon): def __init__(self): super(TrayApplet, self).__init__() self.name = _("Firewall Applet") self.prog = "firewall-applet" self.icon_name = "firewall-applet" self.icons = { "normal": QtGui.QIcon.fromTheme(self.icon_name), "error": QtGui.QIcon.fromTheme(self.icon_name+"-error"), "panic": QtGui.QIcon.fromTheme(self.icon_name+"-panic"), "normal-shields_up": QtGui.QIcon.fromTheme(self.icon_name+"-shields_up"), "normal-shields_down": QtGui.QIcon.fromTheme(self.icon_name+"-shields_down"), } self.timer = None self.mode = None self.blink = False self.blink_count = 0 self._blink = False self._blink_count = 0 self.show_inactive = False self.tooltip_messages = [ ] self.active_zones = { } self.connections = { } self.connections_name = { } self.default_zone = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } # settings self.settings = QtCore.QSettings("firewall", "applet") # file system watcher self.watcher = Watcher(self.load_settings, 2) self.watcher.add_watch_file("/etc/firewall/applet.conf") self.watcher.add_watch_file(str(self.settings.fileName())) # about dialog self.about_dialog = AboutDialog(self.name, self.icons["normal"], config.VERSION, config.WEBSITE, config.COPYRIGHT, config.AUTHORS, config.LICENSE) # urgencies self.urgencies = { "noicon": QtWidgets.QSystemTrayIcon.NoIcon, "information": QtWidgets.QSystemTrayIcon.Information, "warning": QtWidgets.QSystemTrayIcon.Warning, "critical": QtWidgets.QSystemTrayIcon.Critical } # actions self.shieldsupAction = QtWidgets.QAction(fromUTF8(escape(_("Shields Up"))), self) self.shieldsupAction.setCheckable(True) self.shieldsupAction.setChecked(False) self.shieldsupAction.triggered.connect(self.shieldsup_changed_cb) self.notificationsAction = QtWidgets.QAction( fromUTF8(escape(_("Enable Notifications"))), self) self.notificationsAction.setCheckable(True) self.notificationsAction.setChecked(False) self.notificationsAction.triggered.connect(self.notification_changed_cb) self.settingsAction = QtWidgets.QAction( fromUTF8(escape(_("Edit Firewall Settings..."))), self) self.settingsAction.triggered.connect(self.configure_cb) self.changeZonesAction = QtWidgets.QAction( fromUTF8(escape(_("Change Zones of Connections..."))), self) self.changeZonesAction.triggered.connect(self.nm_connection_editor) self.shieldsAction = QtWidgets.QAction( fromUTF8(escape(_("Configure Shields UP/Down Zones..."))), self) self.shieldsAction.triggered.connect(self.configure_shields) self.panicAction = QtWidgets.QAction( fromUTF8(escape(_("Block all network traffic"))), self) self.panicAction.setCheckable(True) self.panicAction.setChecked(False) self.panicAction.triggered.connect(self.panic_mode_cb) self.aboutAction = QtWidgets.QAction(fromUTF8(escape(_("About"))), self) self.aboutAction.triggered.connect(self.about_dialog.exec_) #self.quitAction = QtWidgets.QAction(fromUTF8(escape(_("Quit"))), self, # triggered=self.quit) self.connectionsAction = QtWidgets.QWidgetAction(self) self.connectionsAction.setDefaultWidget(QtWidgets.QLabel( fromUTF8(""+escape(_("Connections"))+" "))) self.interfacesAction = QtWidgets.QWidgetAction(self) self.interfacesAction.setDefaultWidget(QtWidgets.QLabel( fromUTF8(""+escape(_("Interfaces"))+" "))) self.sourcesAction = QtWidgets.QWidgetAction(self) self.sourcesAction.setDefaultWidget(QtWidgets.QLabel( fromUTF8(""+escape(_("Sources"))+" "))) # init self.left_menu = QtWidgets.QMenu() self.left_menu.setStyleSheet('QMenu { margin: 5px; }') self.right_menu = QtWidgets.QMenu() self.right_menu.addAction(self.shieldsupAction) self.right_menu.addAction(self.notificationsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.settingsAction) self.right_menu.addAction(self.changeZonesAction) self.right_menu.addAction(self.shieldsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.panicAction) self.right_menu.addSeparator() self.right_menu.addAction(self.aboutAction) #self.right_menu.addSeparator() #self.right_menu.addAction(self.quitAction) self.setContextMenu(self.right_menu) self.activated.connect(self.activated_cb) self.set_mode("error") self.set_icon() self.setVisible(self.show_inactive) # init notification Notify.init(self.prog) # connect to firewalld DBusQtMainLoop(set_as_default=True) try: self.bus = slip.dbus.SystemBus() self.bus.default_timeout = None except Exception as msg: print("Not using slip", msg) self.bus = dbus.SystemBus() if nm_is_imported(): self.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') self.nm_signal_receiver() self.fw = FirewallClient(self.bus, wait=1) self.fw.setExceptionHandler(self._exception_handler) self.fw.connect("connection-established", self.connection_established) self.fw.connect("connection-lost", self.connection_lost) self.fw.connect("reloaded", self.reloaded), self.fw.connect("default-zone-changed", self.default_zone_changed) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled) self.fw.connect("interface-added", self.interface_added) self.fw.connect("interface-removed", self.interface_removed) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed) self.fw.connect("source-added", self.source_added) self.fw.connect("source-removed", self.source_removed) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed) self.shields_editor = ShieldsEditor(self.fw, self.settings, None, None) self.load_settings() def _exception_handler(self, exception_message): if "NotAuthorizedException" in exception_message: self.error(fromUTF8(escape(_("Authorization failed.")))) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", _("Invalid name")) self.warning(fromUTF8(escape(msg))) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace("NAME_CONFLICT", _("Name already exists")) self.warning(fromUTF8(escape(msg))) elif "NO_DEFAULTS" in exception_message: pass else: self.error(fromUTF8(exception_message)) def quit(self): sys.exit(1) def set_icon(self, mode=None): if mode is not None: self.setIcon(self.icons[mode]) elif self.mode != "normal": self.setIcon(self.icons[self.mode]) elif self.default_zone == self.shields_up: self.setIcon(self.icons["normal-shields_up"]) else: self.setIcon(self.icons["normal-shields_down"]) def load_settings(self, name=None): self.settings.sync() notifications = self.settings.value("notifications", False, type=bool) self.notificationsAction.setChecked(notifications) self.show_inactive = self.settings.value("show-inactive", False, type=bool) self.blink = self.settings.value("blink", False, type=bool) self.blink_count = self.settings.value("blink-count", 5, type=int) self.shields_up = self.settings.value("shields-up", "block", type=str) if self.default_zone: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.shields_editor.set_shields_up(self.shields_up) self.shields_down = self.settings.value("shields-down", "public", type=str) self.shields_editor.set_shields_down(self.shields_down) #print("shields-up=%s" % self.shields_up) #print("notifications=%s" % notifications) #print("blink=%s" % self.blink) #print("blink-count=%s" % self.blink_count) #print("show-inactive=%s" % self.show_inactive) if not self.fw.connected: self.setVisible(self.show_inactive) else: self.setVisible(True) def activated_cb(self, reason): if reason == QtWidgets.QSystemTrayIcon.Trigger: self.left_menu.popup(QtGui.QCursor.pos()) def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu self.left_menu.clear() # add connections entry self.left_menu.addAction(self.connectionsAction) if not self.fw.connected: return active_zones = self.fw.getActiveZones() if active_zones: self.active_zones = active_zones # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in self.connections_name: connection_name = None else: connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, connection_name ] binding = _("{entry} (Zone: {zone})") # add NM controlled bindings for connection in sorted(connections): zone = connections[connection][0] connection_name = connections[connection][1] if zone == "": _binding = _("{entry} (Default Zone: {default_zone})") action = QtWidgets.QAction( fromUTF8(escape( _binding.format(default_zone=self.default_zone, entry=connection_name))), self) else: action = QtWidgets.QAction( fromUTF8(escape(binding.format(zone=zone, entry=connection_name))), self) action.triggered.connect(functools.partial( self.zone_connection_editor, connection, connection_name, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.interfacesAction) # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] action = QtWidgets.QAction( fromUTF8(escape(binding.format(zone=zone, entry=interface))), self) action.triggered.connect(functools.partial( self.zone_interface_editor, interface, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.sourcesAction) for source in sorted(sources): zone = sources[source] action = QtWidgets.QAction( fromUTF8(escape(binding.format(zone=zone, entry=source))), self) action.triggered.connect(functools.partial( self.zone_source_editor, source, zone)) self.left_menu.addAction(action) def zone_interface_editor(self, interface, zone): if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.zone_interface_editors[interface].show() return self.zone_interface_editors[interface].raise_() editor = ZoneInterfaceEditor(self.fw, interface, zone) self.zone_interface_editors[interface] = editor editor.show() editor.raise_() editor.show() def zone_connection_editor(self, connection, connection_name, zone): if connection in self.zone_connection_editors: self.zone_connection_editors[connection].set_zone(zone) self.zone_connection_editors[connection].show() return self.zone_connection_editors[connection].raise_() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) self.zone_connection_editors[connection] = editor editor.show() editor.raise_() editor.show() def zone_source_editor(self, source, zone): if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) self.zone_source_editors[source].show() return self.zone_source_editors[source].raise_() editor = ZoneSourceEditor(self.fw, source, zone) self.zone_source_editors[source] = editor editor.show() editor.raise_() editor.show() def nm_signal_receiver(self, *args, **kwargs): self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): text = _("Failed to get connections from NetworkManager") try: nm_get_connections(self.connections, self.connections_name) except Exception: self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) else: if text in self.tooltip_messages: self.tooltip_messages.remove(text) else: text = _("No NetworkManager imports available") self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) self.update_tooltip() def notify(self, msg, urgency="noicon", timeout=5): #self.showMessage(fromUTF8(escape(self.name)), msg, self.urgencies[urgency], timeout*1000) n = Notify.Notification.new(escape(self.name), msg, self.icon_name) n.set_urgency(Notify.Urgency.NORMAL) try: n.show() except: return def shieldsup_changed_cb(self): if self.shieldsupAction.isChecked(): zone = str(self.shields_up) else: zone = str(self.shields_down) if self.fw.connected and self.default_zone != zone: try: self.fw.setDefaultZone(zone) except dbus.exceptions.DBusException as e: print("Error: %s" % e.get_dbus_message()) def notification_changed_cb(self): self.settings.setValue("notifications", self.notificationsAction.isChecked()) self.settings.sync() def __blink(self, arg=None): if self._blink_count != 0: if self._blink_count > 0 and self._blink: self._blink_count -= 1 self._blink = not self._blink if not self.timer: self.timer = QtCore.QTimer(self) self.timer.timeout.connect(self.__blink) self.timer.setInterval(1000) self.timer.start() if not self._blink: self.set_icon() else: self.set_icon("normal") def get_mode(self): return self.mode def set_mode(self, mode): if self.mode != mode: if self.timer and self.timer.isActive(): self.timer.stop() self._blink = False self.mode = mode elif self.mode == mode and self.timer: if self._blink_count == 0: self._blink_count += 1 return if mode == "normal": self.set_icon() return if self.blink: if self.blink_count != 0: self._blink = True self._blink_count = self.blink_count self.__blink() else: self.set_icon() def update_tooltip(self): if self.get_mode() == "error": self.setToolTip(fromUTF8("" + \ _("No connection to firewall daemon") + \ "")) return messages = [ ] if self.panicAction.isChecked(): messages.append("" + \ _("All network traffic is blocked.") + \ "") if self.default_zone: messages.append(_("Default Zone: '%s'") % self.default_zone) for interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default Zone '{default_zone}' active for connection " "'{connection}' on interface '{interface}'") else: text = _("Zone '{zone}' active for connection " "'{connection}' on interface '{interface}'") messages.append(text.format(zone=zone, default_zone=self.default_zone, connection=connection, interface=interface)) if len(self.active_zones) > 0: for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: text = _("Zone '{zone}' active for interface " "'{interface}'") connection = None messages.append(text.format(zone=zone, connection=connection, interface=interface)) if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): text = _("Zone '{zone}' active for source {source}") connection = None messages.append(text.format(zone=zone, source=source)) else: messages.append(_("No Active Zones.")) messages.extend(self.tooltip_messages) tooltip = ""+"
".join(messages)+"" self.setToolTip(fromUTF8(""+tooltip+"")) self.set_icon() def show(self): # do not automatically show the applet pass def panic_mode_cb(self): if not self.fw or not self.fw.connected: return if self.panicAction.isChecked(): self.fw.enablePanicMode() else: self.fw.disablePanicMode() self.panicAction.setChecked(not self.panicAction.isChecked()) def configure_shields(self): self.shields_editor.show() self.shields_editor.raise_() def nm_connection_editor(self, item, uuid=None): if NM_CONNECTION_EDITOR == "": self.warning("NetworkManager connection editor is missing.") return if uuid: if "kde-" in NM_CONNECTION_EDITOR: os.system("%s %s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s --edit=%s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s &" % NM_CONNECTION_EDITOR) def warning(self, text): QtWidgets.QMessageBox.warning(None, fromUTF8(escape(self.name)), text) def error(self, text): QtWidgets.QMessageBox.critical(None, fromUTF8(escape(self.name)), text) def configure_cb(self, widget): os.system("firewall-config &") # firewallClient signal receivers def connection_established(self, first=False): self.default_zone = self.fw.getDefaultZone() self.panicAction.setChecked(self.fw.queryPanicMode()) self.update_active_zones() self.shields_editor.zones_changed() if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD established."))) self.setVisible(True) self.set_mode("normal") self.update_tooltip() def connection_lost(self): self.default_zone = None self.set_mode("error") self.update_active_zones() self.update_tooltip() self.panicAction.setChecked(False) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD lost."))) self.setVisible(self.show_inactive) def reloaded(self): if self.notificationsAction.isChecked(): self.notify(escape(_("FirewallD has been reloaded."))) self.update_active_zones() self.update_tooltip() def default_zone_changed(self, zone): self.default_zone = zone if self.notificationsAction.isChecked(): self.notify(escape(_("Default zone changed to '%s'.") % zone)) if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.update_active_zones() self.update_tooltip() def _panic_mode(self, enable): self.panicAction.setChecked(enable) self.update_tooltip() if enable: self.set_mode("panic") else: self.set_mode("normal") if self.notificationsAction.isChecked(): ed = { 1: _("All network traffic is blocked."), 0: _("Network traffic is not blocked anymore.") } self.notify(escape(ed[enable])) def panic_mode_enabled(self): self._panic_mode(True) def panic_mode_disabled(self): self._panic_mode(False) def _interface(self, zone, interface, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed interface if not enable: if interface in self.connections: connection = self.connections[interface] if connection in self.zone_connection_editors: self.zone_connection_editors[connection].hide() del self.zone_connection_editors[connection] elif interface in self.zone_interface_editors: self.zone_interface_editors[interface].hide() del self.zone_interface_editors[interface] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } if interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default zone '{default_zone}' " "{activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: text = _("Zone '{zone}' {activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: connection = None text = _("Zone '{zone}' {activated_deactivated} for " "interface '{interface}'") self.notify(escape(text.format( zone=zone, default_zone=self.default_zone, activated_deactivated=ed[enable], connection=connection, interface=interface))) def interface_added(self, zone, interface): self._interface(zone, interface, True) def interface_removed(self, zone, interface): self._interface(zone, interface, False) def zone_of_interface_changed(self, zone, interface): # update zone editor if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for interface '%s'") % \ (zone, interface))) def _source(self, zone, source, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed source if not enable: if source in self.zone_source_editors: self.zone_source_editors[source].hide() del self.zone_source_editors[source] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } text = _("Zone '{zone}' {activated_deactivated} for " "source '{source}'") self.notify(escape(text.format( zone=zone, activated_deactivated=ed[enable], source=source))) def source_added(self, zone, source): self._source(zone, source, True) def source_removed(self, zone, source): self._source(zone, source, False) def zone_of_source_changed(self, zone, source): index = source if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) # update zone editor if index in self.zone_interface_editors: self.zone_interface_editors[index].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for source '%s'") % \ (zone, source))) # MAIN ######################################################################## if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) # reset SIGINT signal to default signal.signal(signal.SIGINT, signal.SIG_DFL) app = QtWidgets.QApplication(sys.argv) app.setQuitOnLastWindowClosed(False) applet = TrayApplet() applet.show() sys.exit(app.exec_()) firewalld-0.8.2/src/firewall/0000775007115300711530000000000013641123257017254 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/dbus_utils.py0000664007115300711530000001751213341016621022002 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "command_of_pid", "pid_of_sender", "uid_of_sender", "user_of_uid", "context_of_sender", "command_of_sender", "user_of_sender", "dbus_to_python", "dbus_signature", "dbus_introspection_prepare_properties", "dbus_introspection_add_properties" ] import dbus import pwd import sys from xml.dom import minidom from firewall.core.logger import log PY2 = sys.version < '3' def command_of_pid(pid): """ Get command for pid from /proc """ try: with open("/proc/%d/cmdline" % pid, "r") as f: cmd = f.readlines()[0].replace('\0', " ").strip() except Exception: return None return cmd def pid_of_sender(bus, sender): """ Get pid from sender string using org.freedesktop.DBus.GetConnectionUnixProcessID """ dbus_obj = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus') dbus_iface = dbus.Interface(dbus_obj, 'org.freedesktop.DBus') try: pid = int(dbus_iface.GetConnectionUnixProcessID(sender)) except ValueError: return None return pid def uid_of_sender(bus, sender): """ Get user id from sender string using org.freedesktop.DBus.GetConnectionUnixUser """ dbus_obj = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus') dbus_iface = dbus.Interface(dbus_obj, 'org.freedesktop.DBus') try: uid = int(dbus_iface.GetConnectionUnixUser(sender)) except ValueError: return None return uid def user_of_uid(uid): """ Get user for uid from pwd """ try: pws = pwd.getpwuid(uid) except Exception: return None return pws[0] def context_of_sender(bus, sender): """ Get SELinux context from sender string using org.freedesktop.DBus.GetConnectionSELinuxSecurityContext """ dbus_obj = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus') dbus_iface = dbus.Interface(dbus_obj, 'org.freedesktop.DBus') try: context = dbus_iface.GetConnectionSELinuxSecurityContext(sender) except Exception: return None return "".join(map(chr, dbus_to_python(context))) def command_of_sender(bus, sender): """ Return command of D-Bus sender """ return command_of_pid(pid_of_sender(bus, sender)) def user_of_sender(bus, sender): return user_of_uid(uid_of_sender(bus, sender)) def dbus_to_python(obj, expected_type=None): if obj is None: python_obj = obj elif isinstance(obj, dbus.Boolean): python_obj = bool(obj) elif isinstance(obj, dbus.String): python_obj = obj.encode('utf-8') if PY2 else str(obj) elif PY2 and isinstance(obj, dbus.UTF8String): # Python3 has no UTF8String python_obj = str(obj) elif isinstance(obj, dbus.ObjectPath): python_obj = str(obj) elif isinstance(obj, dbus.Byte) or \ isinstance(obj, dbus.Int16) or \ isinstance(obj, dbus.Int32) or \ isinstance(obj, dbus.Int64) or \ isinstance(obj, dbus.UInt16) or \ isinstance(obj, dbus.UInt32) or \ isinstance(obj, dbus.UInt64): python_obj = int(obj) elif isinstance(obj, dbus.Double): python_obj = float(obj) elif isinstance(obj, dbus.Array): python_obj = [dbus_to_python(x) for x in obj] elif isinstance(obj, dbus.Struct): python_obj = tuple([dbus_to_python(x) for x in obj]) elif isinstance(obj, dbus.Dictionary): python_obj = {dbus_to_python(k): dbus_to_python(v) for k, v in obj.items()} elif isinstance(obj, bool) or \ isinstance(obj, str) or isinstance(obj, bytes) or \ isinstance(obj, int) or isinstance(obj, float) or \ isinstance(obj, list) or isinstance(obj, tuple) or \ isinstance(obj, dict): python_obj = obj else: raise TypeError("Unhandled %s" % repr(obj)) if expected_type is not None: if (expected_type == bool and not isinstance(python_obj, bool)) or \ (expected_type == str and not isinstance(python_obj, str)) or \ (expected_type == int and not isinstance(python_obj, int)) or \ (expected_type == float and not isinstance(python_obj, float)) or \ (expected_type == list and not isinstance(python_obj, list)) or \ (expected_type == tuple and not isinstance(python_obj, tuple)) or \ (expected_type == dict and not isinstance(python_obj, dict)): raise TypeError("%s is %s, expected %s" % (python_obj, type(python_obj), expected_type)) return python_obj def dbus_signature(obj): if isinstance(obj, dbus.Boolean): return 'b' elif isinstance(obj, dbus.String): return 's' elif isinstance(obj, dbus.ObjectPath): return 'o' elif isinstance(obj, dbus.Byte): return 'y' elif isinstance(obj, dbus.Int16): return 'n' elif isinstance(obj, dbus.Int32): return 'i' elif isinstance(obj, dbus.Int64): return 'x' elif isinstance(obj, dbus.UInt16): return 'q' elif isinstance(obj, dbus.UInt32): return 'u' elif isinstance(obj, dbus.UInt64): return 't' elif isinstance(obj, dbus.Double): return 'd' elif isinstance(obj, dbus.Array): if len(obj.signature) > 1: return 'a(%s)' % obj.signature else: return 'a%s' % obj.signature elif isinstance(obj, dbus.Struct): return '(%s)' % obj.signature elif isinstance(obj, dbus.Dictionary): return 'a{%s}' % obj.signature elif PY2 and isinstance(obj, dbus.UTF8String): return 's' else: raise TypeError("Unhandled %s" % repr(obj)) def dbus_introspection_prepare_properties(obj, interface, access=None): if access is None: access = { } if not hasattr(obj, "_fw_dbus_properties"): setattr(obj, "_fw_dbus_properties", { }) dip = getattr(obj, "_fw_dbus_properties") dip[interface] = { } try: _dict = obj.GetAll(interface) except Exception: _dict = { } for key,value in _dict.items(): dip[interface][key] = { "type": dbus_signature(value) } if key in access: dip[interface][key]["access"] = access[key] else: dip[interface][key]["access"] = "read" def dbus_introspection_add_properties(obj, data, interface): doc = minidom.parseString(data) if hasattr(obj, "_fw_dbus_properties"): for node in doc.getElementsByTagName("interface"): if node.hasAttribute("name") and \ node.getAttribute("name") == interface: dip = { } if getattr(obj, "_fw_dbus_properties"): dip = getattr(obj, "_fw_dbus_properties") if interface in dip: for key,value in dip[interface].items(): prop = doc.createElement("property") prop.setAttribute("name", key) prop.setAttribute("type", value["type"]) prop.setAttribute("access", value["access"]) node.appendChild(prop) log.debug10(doc.toxml()) new_data = doc.toxml() doc.unlink() return new_data firewalld-0.8.2/src/firewall/functions.py0000664007115300711530000003424013641106042021632 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2007,2008,2011,2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "PY2", "getPortID", "getPortRange", "portStr", "getServiceName", "checkIP", "checkIP6", "checkIPnMask", "checkIP6nMask", "checkProtocol", "checkInterface", "checkUINT32", "firewalld_is_active", "tempFile", "readfile", "writefile", "enable_ip_forwarding", "check_port", "check_address", "check_single_address", "check_mac", "uniqify", "ppid_of_pid", "max_zone_name_len", "checkUser", "checkUid", "checkCommand", "checkContext", "joinArgs", "splitArgs", "b2u", "u2b", "u2b_if_py2" ] import socket import os import os.path import shlex import pipes import string import sys import tempfile from firewall.core.logger import log from firewall.config import FIREWALLD_TEMPDIR, FIREWALLD_PIDFILE PY2 = sys.version < '3' def getPortID(port): """ Check and Get port id from port string or port id using socket.getservbyname @param port port string or port id @return Port id if valid, -1 if port can not be found and -2 if port is too big """ if isinstance(port, int): _id = port else: if port: port = port.strip() try: _id = int(port) except ValueError: try: _id = socket.getservbyname(port) except socket.error: return -1 if _id > 65535: return -2 return _id def getPortRange(ports): """ Get port range for port range string or single port id @param ports an integer or port string or port range string @return Array containing start and end port id for a valid range or -1 if port can not be found and -2 if port is too big for integer input or -1 for invalid ranges or None if the range is ambiguous. """ # "" case if isinstance(ports, int) or ports.isdigit(): id1 = getPortID(ports) if id1 >= 0: return (id1,) return id1 splits = ports.split("-") # "-" case if len(splits) == 2 and splits[0].isdigit() and splits[1].isdigit(): id1 = getPortID(splits[0]) id2 = getPortID(splits[1]) if id1 >= 0 and id2 >= 0: if id1 < id2: return (id1, id2) elif id1 > id2: return (id2, id1) else: # ids are the same return (id1,) # everything else "[-]" matched = [ ] for i in range(len(splits), 0, -1): id1 = getPortID("-".join(splits[:i])) port2 = "-".join(splits[i:]) if len(port2) > 0: id2 = getPortID(port2) if id1 >= 0 and id2 >= 0: if id1 < id2: matched.append((id1, id2)) elif id1 > id2: matched.append((id2, id1)) else: matched.append((id1, )) else: if id1 >= 0: matched.append((id1,)) if i == len(splits): # full match, stop here break if len(matched) < 1: return -1 elif len(matched) > 1: return None return matched[0] def portStr(port, delimiter=":"): """ Create port and port range string @param port port or port range int or [int, int] @param delimiter of the output string for port ranges, default ':' @return Port or port range string, empty string if port isn't specified, None if port or port range is not valid """ if port == "": return "" _range = getPortRange(port) if isinstance(_range, int) and _range < 0: return None elif len(_range) == 1: return "%s" % _range else: return "%s%s%s" % (_range[0], delimiter, _range[1]) def portInPortRange(port, range): _port = getPortRange(port) _range = getPortRange(range) if len(_port) == 1: if len(_range) == 1: return getPortID(_port[0]) == getPortID(_range[0]) if len(_range) == 2 and \ getPortID(_port[0]) >= getPortID(_range[0]) and getPortID(_port[0]) <= getPortID(_range[1]): return True elif len(_port) == 2: if len(_range) == 2 and \ getPortID(_port[0]) >= getPortID(_range[0]) and getPortID(_port[0]) <= getPortID(_range[1]) and \ getPortID(_port[1]) >= getPortID(_range[0]) and getPortID(_port[1]) <= getPortID(_range[1]): return True return False def getServiceName(port, proto): """ Check and Get service name from port and proto string combination using socket.getservbyport @param port string or id @param protocol string @return Service name if port and protocol are valid, else None """ try: name = socket.getservbyport(int(port), proto) except socket.error: return None return name def checkIP(ip): """ Check IPv4 address. @param ip address string @return True if address is valid, else False """ try: socket.inet_pton(socket.AF_INET, ip) except socket.error: return False return True def normalizeIP6(ip): """ Normalize the IPv6 address This is mostly about converting URL-like IPv6 address to normal ones. e.g. [1234::4321] --> 1234:4321 """ return ip.strip("[]") def checkIP6(ip): """ Check IPv6 address. @param ip address string @return True if address is valid, else False """ try: socket.inet_pton(socket.AF_INET6, normalizeIP6(ip)) except socket.error: return False return True def checkIPnMask(ip): if "/" in ip: addr = ip[:ip.index("/")] mask = ip[ip.index("/")+1:] if len(addr) < 1 or len(mask) < 1: return False else: addr = ip mask = None if not checkIP(addr): return False if mask: if "." in mask: return checkIP(mask) else: try: i = int(mask) except ValueError: return False if i < 0 or i > 32: return False return True def checkIP6nMask(ip): if "/" in ip: addr = ip[:ip.index("/")] mask = ip[ip.index("/")+1:] if len(addr) < 1 or len(mask) < 1: return False else: addr = ip mask = None if not checkIP6(addr): return False if mask: try: i = int(mask) except ValueError: return False if i < 0 or i > 128: return False return True def checkProtocol(protocol): try: i = int(protocol) except ValueError: # string try: socket.getprotobyname(protocol) except socket.error: return False else: if i < 0 or i > 255: return False return True def checkInterface(iface): """ Check interface string @param interface string @return True if interface is valid (maximum 16 chars and does not contain ' ', '/', '!', ':', '*'), else False """ if not iface or len(iface) > 16: return False for ch in [ ' ', '/', '!', '*' ]: # !:* are limits for iptables <= 1.4.5 if ch in iface: return False # disabled old iptables check #if iface == "+": # # limit for iptables <= 1.4.5 # return False return True def checkUINT32(val): try: x = int(val, 0) except ValueError: return False else: if x >= 0 and x <= 4294967295: return True return False def firewalld_is_active(): """ Check if firewalld is active @return True if there is a firewalld pid file and the pid is used by firewalld """ if not os.path.exists(FIREWALLD_PIDFILE): return False try: with open(FIREWALLD_PIDFILE, "r") as fd: pid = fd.readline() except Exception: return False if not os.path.exists("/proc/%s" % pid): return False try: with open("/proc/%s/cmdline" % pid, "r") as fd: cmdline = fd.readline() except Exception: return False if "firewalld" in cmdline: return True return False def tempFile(): try: if not os.path.exists(FIREWALLD_TEMPDIR): os.mkdir(FIREWALLD_TEMPDIR, 0o750) return tempfile.NamedTemporaryFile(mode='wt', prefix="temp.", dir=FIREWALLD_TEMPDIR, delete=False) except Exception as msg: log.error("Failed to create temporary file: %s" % msg) raise return None def readfile(filename): try: with open(filename, "r") as f: return f.readlines() except Exception as e: log.error('Failed to read file "%s": %s' % (filename, e)) return None def writefile(filename, line): try: with open(filename, "w") as f: f.write(line) except Exception as e: log.error('Failed to write to file "%s": %s' % (filename, e)) return False return True def enable_ip_forwarding(ipv): if ipv == "ipv4": return writefile("/proc/sys/net/ipv4/ip_forward", "1\n") elif ipv == "ipv6": return writefile("/proc/sys/net/ipv6/conf/all/forwarding", "1\n") return False def get_nf_conntrack_short_name(module): return module.replace("_","-").replace("nf-conntrack-", "") def check_port(port): _range = getPortRange(port) if _range == -2 or _range == -1 or _range is None or \ (len(_range) == 2 and _range[0] >= _range[1]): if _range == -2: log.debug2("'%s': port > 65535" % port) elif _range == -1: log.debug2("'%s': port is invalid" % port) elif _range is None: log.debug2("'%s': port is ambiguous" % port) elif len(_range) == 2 and _range[0] >= _range[1]: log.debug2("'%s': range start >= end" % port) return False return True def check_address(ipv, source): if ipv == "ipv4": return checkIPnMask(source) elif ipv == "ipv6": return checkIP6nMask(source) else: return False def check_single_address(ipv, source): if ipv == "ipv4": return checkIP(source) elif ipv == "ipv6": return checkIP6(source) else: return False def check_mac(mac): if len(mac) == 12+5: # 0 1 : 3 4 : 6 7 : 9 10 : 12 13 : 15 16 for i in (2, 5, 8, 11, 14): if mac[i] != ":": return False for i in (0, 1, 3, 4, 6, 7, 9, 10, 12, 13, 15, 16): if mac[i] not in string.hexdigits: return False return True return False def uniqify(_list): # removes duplicates from list, whilst preserving order output = [] for x in _list: if x not in output: output.append(x) return output def ppid_of_pid(pid): """ Get parent for pid """ try: f = os.popen("ps -o ppid -h -p %d 2>/dev/null" % pid) pid = int(f.readlines()[0].strip()) f.close() except Exception: return None return pid def max_zone_name_len(): """ Netfilter limits length of chain to (currently) 28 chars. The longest chain we create is FWDI__allow, which leaves 28 - 11 = 17 chars for . """ from firewall.core.base import SHORTCUTS longest_shortcut = max(map(len, SHORTCUTS.values())) return 28 - (longest_shortcut + len("__allow")) def checkUser(user): if len(user) < 1 or len(user) > os.sysconf('SC_LOGIN_NAME_MAX'): return False for c in user: if c not in string.ascii_letters and \ c not in string.digits and \ c not in [ ".", "-", "_", "$" ]: return False return True def checkUid(uid): if isinstance(uid, str): try: uid = int(uid) except ValueError: return False if uid >= 0 and uid <= 2**31-1: return True return False def checkCommand(command): if len(command) < 1 or len(command) > 1024: return False for ch in [ "|", "\n", "\0" ]: if ch in command: return False if command[0] != "/": return False return True def checkContext(context): splits = context.split(":") if len(splits) not in [4, 5]: return False # user ends with _u if not root if splits[0] != "root" and splits[0][-2:] != "_u": return False # role ends with _r if splits[1][-2:] != "_r": return False # type ends with _t if splits[2][-2:] != "_t": return False # level might also contain : if len(splits[3]) < 1: return False return True def joinArgs(args): if "quote" in dir(shlex): return " ".join(shlex.quote(a) for a in args) else: return " ".join(pipes.quote(a) for a in args) def splitArgs(_string): if PY2 and isinstance(_string, unicode): # noqa: F821 # Python2's shlex doesn't like unicode _string = u2b(_string) splits = shlex.split(_string) return map(b2u, splits) else: return shlex.split(_string) def b2u(_string): """ bytes to unicode """ if isinstance(_string, bytes): return _string.decode('UTF-8', 'replace') return _string def u2b(_string): """ unicode to bytes """ if not isinstance(_string, bytes): return _string.encode('UTF-8', 'replace') return _string def u2b_if_py2(_string): """ unicode to bytes only if Python 2""" if PY2 and isinstance(_string, unicode): # noqa: F821 return _string.encode('UTF-8', 'replace') return _string firewalld-0.8.2/src/firewall/server/0000775007115300711530000000000013641123257020562 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/server/config_service.py0000664007115300711530000007263613620317435024137 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # force use of pygobject3 in python-slip from gi.repository import GObject import sys sys.modules['gobject'] = GObject import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.logger import log from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigService(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, service, item_id, *args, **kwargs): super(FirewallDConfigService, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = service self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.service.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigService, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for service """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_service_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{sv}') @dbus_handle_exceptions def getSettings2(self, sender=None): """get settings for service """ log.debug1("%s.getSettings2()", self._log_prefix) return self.config.get_service_config_dict(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for service """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_service_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a{sv}') @dbus_handle_exceptions def update2(self, settings, sender=None): settings = dbus_to_python(settings) log.debug1("%s.update2('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin service """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_service_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def remove(self, sender=None): """remove service """ log.debug1("%s.removeService()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_service(self.obj) self.parent.removeService(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename service """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_service(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[3] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[3].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[3]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[3].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[3] # protocol @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getProtocols(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getProtocols()", self._log_prefix) return self.getSettings()[6] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setProtocols(self, protocols, sender=None): protocols = dbus_to_python(protocols, list) log.debug1("%s.setProtocols('[%s]')", self._log_prefix, ",".join(protocols)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[6] = protocols self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.addProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol in settings[6]: raise FirewallError(errors.ALREADY_ENABLED, protocol) settings[6].append(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.removeProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol not in settings[6]: raise FirewallError(errors.NOT_ENABLED, protocol) settings[6].remove(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, protocol, sender=None): # pylint: disable=W0613 protocol = dbus_to_python(protocol, str) log.debug1("%s.queryProtocol(%s')", self._log_prefix, protocol) return protocol in self.getSettings()[6] # source port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') @dbus_handle_exceptions def getSourcePorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSourcePorts()", self._log_prefix) return self.getSettings()[7] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') @dbus_handle_exceptions def setSourcePorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setSourcePorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[7] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def addSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[7]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[7].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def removeSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removeSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[7]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[7].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.querySourcePort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[7] # module @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getModules(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getModules()", self._log_prefix) return self.getSettings()[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setModules(self, modules, sender=None): modules = dbus_to_python(modules, list) _modules = [ ] for module in modules: if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") _modules.append(module) modules = _modules log.debug1("%s.setModules('[%s]')", self._log_prefix, ",".join(modules)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = modules self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addModule(self, module, sender=None): module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.addModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if module in settings[4]: raise FirewallError(errors.ALREADY_ENABLED, module) settings[4].append(module) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeModule(self, module, sender=None): module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.removeModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if module not in settings[4]: raise FirewallError(errors.NOT_ENABLED, module) settings[4].remove(module) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryModule(self, module, sender=None): # pylint: disable=W0613 module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.queryModule('%s')", self._log_prefix, module) return module in self.getSettings()[4] # destination @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{ss}') @dbus_handle_exceptions def getDestinations(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDestinations()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a{ss}') @dbus_handle_exceptions def setDestinations(self, destinations, sender=None): destinations = dbus_to_python(destinations, dict) log.debug1("%s.setDestinations({ipv4:'%s', ipv6:'%s'})", self._log_prefix, destinations.get('ipv4'), destinations.get('ipv6')) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = destinations self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getDestination(self, family, sender=None): family = dbus_to_python(family, str) log.debug1("%s.getDestination('%s')", self._log_prefix, family) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family not in settings[5]: raise FirewallError(errors.NOT_ENABLED, family) return settings[5][family] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def setDestination(self, family, address, sender=None): family = dbus_to_python(family, str) address = dbus_to_python(address, str) log.debug1("%s.setDestination('%s', '%s')", self._log_prefix, family, address) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family in settings[5] and settings[5][family] == address: raise FirewallError(errors.ALREADY_ENABLED, "'%s': '%s'" % (family, address)) settings[5][family] = address self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeDestination(self, family, sender=None): family = dbus_to_python(family, str) log.debug1("%s.removeDestination('%s')", self._log_prefix, family) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family not in settings[5]: raise FirewallError(errors.NOT_ENABLED, family) del settings[5][family] self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryDestination(self, family, address, sender=None): # pylint: disable=W0613 family = dbus_to_python(family, str) address = dbus_to_python(address, str) log.debug1("%s.queryDestination('%s', '%s')", self._log_prefix, family, address) settings = self.getSettings() return (family in settings[5] and address == settings[5][family]) # includes @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getIncludes(self, sender=None): log.debug1("%s.getIncludes()", self._log_prefix) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) return settings["includes"] if "includes" in settings else [] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setIncludes(self, includes, sender=None): includes = dbus_to_python(includes, list) log.debug1("%s.setIncludes('%s')", self._log_prefix, includes) self.parent.accessCheck(sender) settings = {"includes": includes[:]} self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.addInclude('%s')", self._log_prefix, include) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) settings.setdefault("includes", []).append(include) self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.removeInclude('%s')", self._log_prefix, include) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) settings["includes"].remove(include) self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.queryInclude('%s')", self._log_prefix, include) settings = self.config.get_service_config_dict(self.obj) return include in settings["includes"] if "includes" in settings else False firewalld-0.8.2/src/firewall/server/firewalld.py0000664007115300711530000033022313620317435023110 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . __all__ = [ "FirewallD" ] from gi.repository import GLib, GObject # force use of pygobject3 in python-slip import sys sys.modules['gobject'] = GObject import copy import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.core.fw import Firewall from firewall.core.rich import Rich_Rule from firewall.core.logger import log from firewall.client import FirewallClientZoneSettings from firewall.server.decorators import dbus_handle_exceptions, \ dbus_service_method, \ handle_exceptions, \ FirewallDBusException from firewall.server.config import FirewallDConfig from firewall.dbus_utils import dbus_to_python, \ command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.functions import check_config from firewall.core.io.zone import Zone from firewall.core.io.ipset import IPSet from firewall.core.io.icmptype import IcmpType from firewall.core.io.helper import Helper from firewall.core.fw_nm import nm_get_bus_name, nm_get_connection_of_interface, \ nm_set_zone_of_connection from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallD # ############################################################################ class FirewallD(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use config.dbus.PK_ACTION_CONFIG as a default """ @handle_exceptions def __init__(self, *args, **kwargs): super(FirewallD, self).__init__(*args, **kwargs) self.fw = Firewall() self.busname = args[0] self.path = args[1] self.start() dbus_introspection_prepare_properties(self, config.dbus.DBUS_INTERFACE) self.config = FirewallDConfig(self.fw.config, self.busname, config.dbus.DBUS_PATH_CONFIG) def __del__(self): self.stop() @handle_exceptions def start(self): # tests if iptables and ip6tables are usable using test functions # loads default firewall rules for iptables and ip6tables log.debug1("start()") self._timeouts = { } return self.fw.start() @handle_exceptions def stop(self): # stops firewall: unloads firewall modules, flushes chains and tables, # resets policies log.debug1("stop()") return self.fw.stop() # lockdown functions @dbus_handle_exceptions def accessCheck(self, sender): if self.fw.policies.query_lockdown(): if sender is None: log.error("Lockdown not possible, sender not set.") return bus = dbus.SystemBus() context = context_of_sender(bus, sender) if self.fw.policies.access_check("context", context): return uid = uid_of_sender(bus, sender) if self.fw.policies.access_check("uid", uid): return user = user_of_uid(uid) if self.fw.policies.access_check("user", user): return command = command_of_sender(bus, sender) if self.fw.policies.access_check("command", command): return raise FirewallError(errors.ACCESS_DENIED, "lockdown is enabled") # timeout functions @dbus_handle_exceptions def addTimeout(self, zone, x, tag): if zone not in self._timeouts: self._timeouts[zone] = { } self._timeouts[zone][x] = tag @dbus_handle_exceptions def removeTimeout(self, zone, x): if zone in self._timeouts and x in self._timeouts[zone]: GLib.source_remove(self._timeouts[zone][x]) del self._timeouts[zone][x] @dbus_handle_exceptions def cleanup_timeouts(self): # cleanup timeouts for zone in self._timeouts: for x in self._timeouts[zone]: GLib.source_remove(self._timeouts[zone][x]) self._timeouts[zone].clear() self._timeouts.clear() # property handling @dbus_handle_exceptions def _get_property(self, prop): if prop == "version": return dbus.String(config.VERSION) elif prop == "interface_version": return dbus.String("%d.%d" % (config.dbus.DBUS_INTERFACE_VERSION, config.dbus.DBUS_INTERFACE_REVISION)) elif prop == "state": return dbus.String(self.fw.get_state()) elif prop == "IPv4": return dbus.Boolean(self.fw.ip4tables_enabled) elif prop == "IPv4ICMPTypes": return dbus.Array(self.fw.ip4tables_supported_icmp_types, "s") elif prop == "IPv6": return dbus.Boolean(self.fw.ip6tables_enabled) elif prop == "IPv6_rpfilter": return dbus.Boolean(self.fw.ipv6_rpfilter_enabled) elif prop == "IPv6ICMPTypes": return dbus.Array(self.fw.ip6tables_supported_icmp_types, "s") elif prop == "BRIDGE": return dbus.Boolean(self.fw.ebtables_enabled) elif prop == "IPSet": return dbus.Boolean(self.fw.ipset_enabled) elif prop == "IPSetTypes": return dbus.Array(self.fw.ipset_supported_types, "s") elif prop == "nf_conntrack_helper_setting": return dbus.Boolean(False) elif prop == "nf_conntrack_helpers": return dbus.Dictionary({}, "sas") elif prop == "nf_nat_helpers": return dbus.Dictionary({}, "sas") else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("Get('%s', '%s')", interface_name, property_name) if interface_name == config.dbus.DBUS_INTERFACE: return self._get_property(property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("GetAll('%s')", interface_name) ret = { } if interface_name == config.dbus.DBUS_INTERFACE: for x in [ "version", "interface_version", "state", "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE", "IPSet", "IPSetTypes", "nf_conntrack_helper_setting", "nf_conntrack_helpers", "nf_nat_helpers", "IPv4ICMPTypes", "IPv6ICMPTypes" ]: ret[x] = self._get_property(x) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("Set('%s', '%s', '%s')", interface_name, property_name, new_value) self.accessCheck(sender) if interface_name == config.dbus.DBUS_INTERFACE: if property_name in [ "version", "interface_version", "state", "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE", "IPSet", "IPSetTypes", "nf_conntrack_helper_setting", "nf_conntrack_helpers", "nf_nat_helpers", "IPv4ICMPTypes", "IPv6ICMPTypes" ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("PropertiesChanged('%s', '%s', '%s')", interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("Introspect()") data = super(FirewallD, self).Introspect(self.path, self.busname.get_bus()) return dbus_introspection_add_properties(self, data, config.dbus.DBUS_INTERFACE) # reload @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def reload(self, sender=None): # pylint: disable=W0613 """Reload the firewall rules. """ log.debug1("reload()") self.fw.reload() self.config.reload() self.Reloaded() # complete_reload @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def completeReload(self, sender=None): # pylint: disable=W0613 """Completely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. """ log.debug1("completeReload()") self.fw.reload(True) self.config.reload() self.Reloaded() @dbus.service.signal(config.dbus.DBUS_INTERFACE) @dbus_handle_exceptions def Reloaded(self): log.debug1("Reloaded()") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def checkPermanentConfig(self, sender=None): # pylint: disable=W0613 """Check permanent configuration """ log.debug1("checkPermanentConfig()") check_config(self.fw) # runtime to permanent @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def runtimeToPermanent(self, sender=None): # pylint: disable=W0613 """Make runtime configuration permanent """ log.debug1("copyRuntimeToPermanent()") error = False # Services or icmptypes can not be modified in runtime, but they can # be removed or modified in permanent environment. Therefore copying # of services and icmptypes to permanent is also needed. # services config_names = self.config.getServiceNames() for name in self.fw.service.get_services(): conf = self.getServiceSettings(name) try: if name in config_names: conf_obj = self.config.getServiceByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying service '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Service '%s' is identical, ignoring." % name) else: log.debug1("Creating service '%s'" % name) self.config.addService(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on service '%s': %s" % \ (name, e)) error = True # icmptypes config_names = self.config.getIcmpTypeNames() for name in self.fw.icmptype.get_icmptypes(): conf = self.getIcmpTypeSettings(name) try: if name in config_names: conf_obj = self.config.getIcmpTypeByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying icmptype '%s' settings" % name) conf_obj.update(conf) else: log.debug1("IcmpType '%s' is identical, ignoring." % name) else: log.debug1("Creating icmptype '%s'" % name) self.config.addIcmpType(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on icmptype '%s': %s" % \ (name, e)) error = True # ipsets config_names = self.config.getIPSetNames() for name in self.fw.ipset.get_ipsets(): try: conf = self.getIPSetSettings(name) if name in config_names: conf_obj = self.config.getIPSetByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying ipset '%s' settings" % name) conf_obj.update(conf) else: log.debug1("IPSet '%s' is identical, ignoring." % name) else: log.debug1("Creating ipset '%s'" % name) self.config.addIPSet(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on ipset '%s': %s" % \ (name, e)) error = True # zones config_names = self.config.getZoneNames() nm_bus_name = nm_get_bus_name() for name in self.fw.zone.get_zones(): conf = self.getZoneSettings(name) settings = FirewallClientZoneSettings(conf) if nm_bus_name is not None: changed = False for interface in settings.getInterfaces(): if self.fw.zone.interface_get_sender(name, interface) == nm_bus_name: log.debug1("Zone '%s': interface binding for '%s' has been added by NM, ignoring." % (name, interface)) settings.removeInterface(interface) changed = True # For the remaining interfaces, attempt to let NM manage them for interface in settings.getInterfaces(): try: connection = nm_get_connection_of_interface(interface) if connection and nm_set_zone_of_connection(name, connection): settings.removeInterface(interface) changed = True except Exception: pass if changed: del conf conf = settings.settings # For the remaining try to update the ifcfg files for interface in settings.getInterfaces(): ifcfg_set_zone_of_interface(name, interface) try: if name in config_names: conf_obj = self.config.getZoneByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying zone '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Zone '%s' is identical, ignoring." % name) else: log.debug1("Creating zone '%s'" % name) self.config.addZone(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on zone '%s': %s" % \ (name, e)) error = True # helpers config_names = self.config.getHelperNames() for name in self.fw.helper.get_helpers(): conf = self.getHelperSettings(name) try: if name in config_names: conf_obj = self.config.getHelperByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying helper '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Helper '%s' is identical, ignoring." % name) else: log.debug1("Creating helper '%s'" % name) self.config.addHelper(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on helper '%s': %s" % \ (name, e)) error = True # direct # rt_config = self.fw.direct.get_config() conf = ( self.fw.direct.get_all_chains(), self.fw.direct.get_all_rules(), self.fw.direct.get_all_passthroughs() ) try: if self.config.getSettings() != conf: log.debug1("Copying direct configuration") self.config.update(conf) else: log.debug1("Direct configuration is identical, ignoring.") except Exception as e: log.warning( "Runtime To Permanent failed on direct configuration: %s" % e) error = True # policies conf = self.fw.policies.lockdown_whitelist.export_config() try: if self.config.getSettings() != conf: log.debug1("Copying policies configuration") self.config.setLockdownWhitelist(conf) else: log.debug1("Policies configuration is identical, ignoring.") except Exception as e: log.warning( "Runtime To Permanent failed on policies configuration: %s" % \ e) error = True if error: raise FirewallError(errors.RT_TO_PERM_FAILED) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICIES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # lockdown @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='') @dbus_handle_exceptions def enableLockdown(self, sender=None): """Enable lockdown policies """ log.debug1("policies.enableLockdown()") self.accessCheck(sender) self.fw.policies.enable_lockdown() self.LockdownEnabled() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='') @dbus_handle_exceptions def disableLockdown(self, sender=None): """Disable lockdown policies """ log.debug1("policies.disableLockdown()") self.accessCheck(sender) self.fw.policies.disable_lockdown() self.LockdownDisabled() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='b') @dbus_handle_exceptions def queryLockdown(self, sender=None): # pylint: disable=W0613 """Retuns True if lockdown is enabled """ log.debug1("policies.queryLockdown()") # no access check here return self.fw.policies.query_lockdown() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='') @dbus_handle_exceptions def LockdownEnabled(self): log.debug1("LockdownEnabled()") @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='') @dbus_handle_exceptions def LockdownDisabled(self): log.debug1("LockdownDisabled()") # lockdown whitelist # command @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistCommand(self, command, sender=None): """Add lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.addLockdownWhitelistCommand('%s')" % command) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_command(command) self.LockdownWhitelistCommandAdded(command) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistCommand(self, command, sender=None): """Remove lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.removeLockdownWhitelistCommand('%s')" % command) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_command(command) self.LockdownWhitelistCommandRemoved(command) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistCommand(self, command, sender=None): # pylint: disable=W0613 """Query lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.queryLockdownWhitelistCommand('%s')" % command) # no access check here return self.fw.policies.lockdown_whitelist.has_command(command) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistCommands(self, sender=None): # pylint: disable=W0613 """Add lockdown command """ log.debug1("policies.getLockdownWhitelistCommands()") # no access check here return self.fw.policies.lockdown_whitelist.get_commands() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistCommandAdded(self, command): log.debug1("LockdownWhitelistCommandAdded('%s')" % command) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistCommandRemoved(self, command): log.debug1("LockdownWhitelistCommandRemoved('%s')" % command) # uid @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistUid(self, uid, sender=None): """Add lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.addLockdownWhitelistUid('%s')" % uid) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_uid(uid) self.LockdownWhitelistUidAdded(uid) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistUid(self, uid, sender=None): """Remove lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.removeLockdownWhitelistUid('%s')" % uid) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_uid(uid) self.LockdownWhitelistUidRemoved(uid) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUid(self, uid, sender=None): # pylint: disable=W0613 """Query lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.queryLockdownWhitelistUid('%s')" % uid) # no access check here return self.fw.policies.lockdown_whitelist.has_uid(uid) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='ai') @dbus_handle_exceptions def getLockdownWhitelistUids(self, sender=None): # pylint: disable=W0613 """Add lockdown uid """ log.debug1("policies.getLockdownWhitelistUids()") # no access check here return self.fw.policies.lockdown_whitelist.get_uids() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='i') @dbus_handle_exceptions def LockdownWhitelistUidAdded(self, uid): log.debug1("LockdownWhitelistUidAdded(%d)" % uid) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='i') @dbus_handle_exceptions def LockdownWhitelistUidRemoved(self, uid): log.debug1("LockdownWhitelistUidRemoved(%d)" % uid) # user @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistUser(self, user, sender=None): """Add lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.addLockdownWhitelistUser('%s')" % user) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_user(user) self.LockdownWhitelistUserAdded(user) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistUser(self, user, sender=None): """Remove lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.removeLockdownWhitelistUser('%s')" % user) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_user(user) self.LockdownWhitelistUserRemoved(user) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUser(self, user, sender=None): # pylint: disable=W0613 """Query lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.queryLockdownWhitelistUser('%s')" % user) # no access check here return self.fw.policies.lockdown_whitelist.has_user(user) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistUsers(self, sender=None): # pylint: disable=W0613 """Add lockdown user """ log.debug1("policies.getLockdownWhitelistUsers()") # no access check here return self.fw.policies.lockdown_whitelist.get_users() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistUserAdded(self, user): log.debug1("LockdownWhitelistUserAdded('%s')" % user) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistUserRemoved(self, user): log.debug1("LockdownWhitelistUserRemoved('%s')" % user) # context @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistContext(self, context, sender=None): """Add lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.addLockdownWhitelistContext('%s')" % context) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_context(context) self.LockdownWhitelistContextAdded(context) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistContext(self, context, sender=None): """Remove lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.removeLockdownWhitelistContext('%s')" % context) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_context(context) self.LockdownWhitelistContextRemoved(context) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistContext(self, context, sender=None): # pylint: disable=W0613 """Query lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.queryLockdownWhitelistContext('%s')" % context) # no access check here return self.fw.policies.lockdown_whitelist.has_context(context) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistContexts(self, sender=None): # pylint: disable=W0613 """Add lockdown context """ log.debug1("policies.getLockdownWhitelistContexts()") # no access check here return self.fw.policies.lockdown_whitelist.get_contexts() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistContextAdded(self, context): log.debug1("LockdownWhitelistContextAdded('%s')" % context) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistContextRemoved(self, context): log.debug1("LockdownWhitelistContextRemoved('%s')" % context) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PANIC @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def enablePanicMode(self, sender=None): """Enable panic mode. All ingoing and outgoing connections and packets will be blocked. """ log.debug1("enablePanicMode()") self.accessCheck(sender) self.fw.enable_panic_mode() self.PanicModeEnabled() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def disablePanicMode(self, sender=None): """Disable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore """ log.debug1("disablePanicMode()") self.accessCheck(sender) self.fw.disable_panic_mode() self.PanicModeDisabled() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='b') @dbus_handle_exceptions def queryPanicMode(self, sender=None): # pylint: disable=W0613 # returns True if in panic mode log.debug1("queryPanicMode()") return self.fw.query_panic_mode() @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='') @dbus_handle_exceptions def PanicModeEnabled(self): log.debug1("PanicModeEnabled()") @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='') @dbus_handle_exceptions def PanicModeDisabled(self): log.debug1("PanicModeDisabled()") # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # list functions @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=Zone.DBUS_SIGNATURE) @dbus_handle_exceptions def getZoneSettings(self, zone, sender=None): # pylint: disable=W0613 # returns zone settings for zone zone = dbus_to_python(zone, str) log.debug1("getZoneSettings(%s)", zone) return self.fw.zone.get_config_with_settings(zone) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def listServices(self, sender=None): # pylint: disable=W0613 # returns the list of services # TODO: should be renamed to getServices() # because is called by firewall-cmd --get-services log.debug1("listServices()") return self.fw.service.get_services() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def getServiceSettings(self, service, sender=None): # pylint: disable=W0613 # returns service settings for service service = dbus_to_python(service, str) log.debug1("getServiceSettings(%s)", service) obj = self.fw.service.get_service(service) conf_dict = obj.export_config() conf_list = [] for i in range(8): # tuple based dbus API has 8 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # object otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def getServiceSettings2(self, service, sender=None): # pylint: disable=W0613 service = dbus_to_python(service, str) log.debug1("getServiceSettings2(%s)", service) obj = self.fw.service.get_service(service) return obj.export_config() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def listIcmpTypes(self, sender=None): # pylint: disable=W0613 # returns the list of services # TODO: should be renamed to getIcmptypes() # because is called by firewall-cmd --get-icmptypes log.debug1("listIcmpTypes()") return self.fw.icmptype.get_icmptypes() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def getIcmpTypeSettings(self, icmptype, sender=None): # pylint: disable=W0613 # returns icmptype settings for icmptype icmptype = dbus_to_python(icmptype, str) log.debug1("getIcmpTypeSettings(%s)", icmptype) return self.fw.icmptype.get_icmptype(icmptype).export_config() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # LOG DENIED @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getLogDenied(self, sender=None): # pylint: disable=W0613 # returns the log denied value log.debug1("getLogDenied()") return self.fw.get_log_denied() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setLogDenied(self, value, sender=None): # set the log denied value value = dbus_to_python(value, str) log.debug1("setLogDenied('%s')" % value) self.accessCheck(sender) self.fw.set_log_denied(value) self.LogDeniedChanged(value) # must reload the firewall as well self.fw.reload() self.config.reload() self.Reloaded() @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def LogDeniedChanged(self, value): log.debug1("LogDeniedChanged('%s')" % (value)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # AUTOMATIC HELPER ASSIGNMENT @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getAutomaticHelpers(self, sender=None): # pylint: disable=W0613 # returns the automatic helpers value log.debug1("getAutomaticHelpers()") # NOTE: This feature was removed and is now a noop. We retain the dbus # call to keep API. return "no" @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setAutomaticHelpers(self, value, sender=None): # set the automatic helpers value value = dbus_to_python(value, str) log.debug1("setAutomaticHelpers('%s')" % value) self.accessCheck(sender) # NOTE: This feature was removed and is now a noop. We retain the dbus # call to keep API. @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def AutomaticHelpersChanged(self, value): log.debug1("AutomaticHelpersChanged('%s')" % (value)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DEFAULT ZONE @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getDefaultZone(self, sender=None): # pylint: disable=W0613 # returns the system default zone log.debug1("getDefaultZone()") return self.fw.get_default_zone() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setDefaultZone(self, zone, sender=None): # set the system default zone zone = dbus_to_python(zone, str) log.debug1("setDefaultZone('%s')" % zone) self.accessCheck(sender) self.fw.set_default_zone(zone) self.DefaultZoneChanged(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def DefaultZoneChanged(self, zone): log.debug1("DefaultZoneChanged('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ZONE INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ZONES @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) # TODO: shouldn't this be in DBUS_INTERFACE instead of DBUS_INTERFACE_ZONE ? @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='', out_signature='as') @dbus_handle_exceptions def getZones(self, sender=None): # pylint: disable=W0613 # returns the list of zones log.debug1("zone.getZones()") return self.fw.zone.get_zones() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='', out_signature='a{sa{sas}}') @dbus_handle_exceptions def getActiveZones(self, sender=None): # pylint: disable=W0613 # returns the list of active zones log.debug1("zone.getActiveZones()") zones = { } for zone in self.fw.zone.get_zones(): interfaces = self.fw.zone.list_interfaces(zone) sources = self.fw.zone.list_sources(zone) if len(interfaces) + len(sources) > 0: zones[zone] = { } if len(interfaces) > 0: zones[zone]["interfaces"] = interfaces if len(sources) > 0: zones[zone]["sources"] = sources return zones @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfInterface(self, interface, sender=None): # pylint: disable=W0613 """Return the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. """ interface = dbus_to_python(interface, str) log.debug1("zone.getZoneOfInterface('%s')" % interface) zone = self.fw.zone.get_zone_of_interface(interface) if zone: return zone return "" @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfSource(self, source, sender=None): # pylint: disable=W0613 #Return the zone an source belongs to. source = dbus_to_python(source, str) log.debug1("zone.getZoneOfSource('%s')" % source) zone = self.fw.zone.get_zone_of_source(source) if zone: return zone return "" @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def isImmutable(self, zone, sender=None): # pylint: disable=W0613 # no immutable zones anymore return False # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # INTERFACES @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def addInterface(self, zone, interface, sender=None): """Add an interface to a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.addInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.add_interface(zone, interface, sender) self.InterfaceAdded(_zone, interface) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZone(self, zone, interface, sender=None): """Change a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) return self.changeZoneOfInterface(zone, interface, sender) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZoneOfInterface(self, zone, interface, sender=None): """Change a zone an interface is part of. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.changeZoneOfInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.change_zone_of_interface(zone, interface, sender) self.ZoneOfInterfaceChanged(_zone, interface) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeInterface(self, zone, interface, sender=None): """Remove interface from a zone. If zone is empty, remove from zone the interface belongs to. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.removeInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.remove_interface(zone, interface) self.InterfaceRemoved(_zone, interface) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryInterface(self, zone, interface, sender=None): # pylint: disable=W0613 """Return true if an interface is in a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.queryInterface('%s', '%s')" % (zone, interface)) return self.fw.zone.query_interface(zone, interface) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getInterfaces(self, zone, sender=None): # pylint: disable=W0613 """Return the list of interfaces of a zone. If zone is empty, use default zone. """ # TODO: should be renamed to listInterfaces() # because is called by firewall-cmd --zone --list-interfaces zone = dbus_to_python(zone, str) log.debug1("zone.getInterfaces('%s')" % (zone)) return self.fw.zone.list_interfaces(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def InterfaceAdded(self, zone, interface): log.debug1("zone.InterfaceAdded('%s', '%s')" % (zone, interface)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneChanged(self, zone, interface): """ This signal is deprecated. """ log.debug1("zone.ZoneChanged('%s', '%s')" % (zone, interface)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneOfInterfaceChanged(self, zone, interface): log.debug1("zone.ZoneOfInterfaceChanged('%s', '%s')" % (zone, interface)) self.ZoneChanged(zone, interface) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def InterfaceRemoved(self, zone, interface): log.debug1("zone.InterfaceRemoved('%s', '%s')" % (zone, interface)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SOURCES @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def addSource(self, zone, source, sender=None): """Add a source to a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.addSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.add_source(zone, source, sender) self.SourceAdded(_zone, source) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZoneOfSource(self, zone, source, sender=None): """Change a zone an source is part of. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.changeZoneOfSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.change_zone_of_source(zone, source, sender) self.ZoneOfSourceChanged(_zone, source) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeSource(self, zone, source, sender=None): """Remove source from a zone. If zone is empty, remove from zone the source belongs to. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.removeSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.remove_source(zone, source) self.SourceRemoved(_zone, source) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySource(self, zone, source, sender=None): # pylint: disable=W0613 """Return true if an source is in a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.querySource('%s', '%s')" % (zone, source)) return self.fw.zone.query_source(zone, source) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getSources(self, zone, sender=None): # pylint: disable=W0613 """Return the list of sources of a zone. If zone is empty, use default zone. """ # TODO: should be renamed to listSources() # because is called by firewall-cmd --zone --list-sources zone = dbus_to_python(zone, str) log.debug1("zone.getSources('%s')" % (zone)) return self.fw.zone.list_sources(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def SourceAdded(self, zone, source): log.debug1("zone.SourceAdded('%s', '%s')" % (zone, source)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneOfSourceChanged(self, zone, source): log.debug1("zone.ZoneOfSourceChanged('%s', '%s')" % (zone, source)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def SourceRemoved(self, zone, source): log.debug1("zone.SourceRemoved('%s', '%s')" % (zone, source)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # RICH RULES @dbus_handle_exceptions def disableTimedRichRule(self, zone, rule): log.debug1("zone.disableTimedRichRule('%s', '%s')" % (zone, rule)) del self._timeouts[zone][rule] obj = Rich_Rule(rule_str=rule) self.fw.zone.remove_rule(zone, obj) self.RichRuleRemoved(zone, rule) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addRichRule(self, zone, rule, timeout, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) _zone = self.fw.zone.add_rule(zone, obj, timeout) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedRichRule, _zone, rule) self.addTimeout(_zone, rule, tag) self.RichRuleAdded(_zone, rule, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeRichRule(self, zone, rule, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) log.debug1("zone.removeRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) _zone = self.fw.zone.remove_rule(zone, obj) self.removeTimeout(_zone, rule) self.RichRuleRemoved(_zone, rule) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryRichRule(self, zone, rule, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) log.debug1("zone.queryRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) return self.fw.zone.query_rule(zone, obj) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getRichRules(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled rich rules for zone # TODO: should be renamed to listRichRules() # because is called by firewall-cmd --zone --list-rich-rules zone = dbus_to_python(zone, str) log.debug1("zone.getRichRules('%s')" % (zone)) return self.fw.zone.list_rules(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def RichRuleAdded(self, zone, rule, timeout): log.debug1("zone.RichRuleAdded('%s', '%s', %d)" % (zone, rule, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def RichRuleRemoved(self, zone, rule): log.debug1("zone.RichRuleRemoved('%s', '%s')" % (zone, rule)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SERVICES @dbus_handle_exceptions def disableTimedService(self, zone, service): log.debug1("zone.disableTimedService('%s', '%s')" % (zone, service)) del self._timeouts[zone][service] self.fw.zone.remove_service(zone, service) self.ServiceRemoved(zone, service) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addService(self, zone, service, timeout, sender=None): # enables service if not enabled already for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addService('%s', '%s', %d)" % (zone, service, timeout)) self.accessCheck(sender) _zone = self.fw.zone.add_service(zone, service, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedService, _zone, service) self.addTimeout(_zone, service, tag) self.ServiceAdded(_zone, service, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeService(self, zone, service, sender=None): # disables service for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) log.debug1("zone.removeService('%s', '%s')" % (zone, service)) self.accessCheck(sender) _zone = self.fw.zone.remove_service(zone, service) self.removeTimeout(_zone, service) self.ServiceRemoved(_zone, service) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryService(self, zone, service, sender=None): # pylint: disable=W0613 # returns true if a service is enabled for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) log.debug1("zone.queryService('%s', '%s')" % (zone, service)) return self.fw.zone.query_service(zone, service) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getServices(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled services for zone # TODO: should be renamed to listServices() # because is called by firewall-cmd --zone --list-services zone = dbus_to_python(zone, str) log.debug1("zone.getServices('%s')" % (zone)) return self.fw.zone.list_services(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def ServiceAdded(self, zone, service, timeout): log.debug1("zone.ServiceAdded('%s', '%s', %d)" % \ (zone, service, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ServiceRemoved(self, zone, service): log.debug1("zone.ServiceRemoved('%s', '%s')" % (zone, service)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PORTS @dbus_handle_exceptions def disableTimedPort(self, zone, port, protocol): log.debug1("zone.disableTimedPort('%s', '%s', '%s')" % \ (zone, port, protocol)) del self._timeouts[zone][(port, protocol)] self.fw.zone.remove_port(zone, port, protocol) self.PortRemoved(zone, port, protocol) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssi', out_signature='s') @dbus_handle_exceptions def addPort(self, zone, port, protocol, timeout, sender=None): # pylint: disable=R0913 # adds port if not enabled already to zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addPort('%s', '%s', '%s')" % \ (zone, port, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_port(zone, port, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedPort, _zone, port, protocol) self.addTimeout(_zone, (port, protocol), tag) self.PortAdded(_zone, port, protocol, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='s') @dbus_handle_exceptions def removePort(self, zone, port, protocol, sender=None): # pylint: disable=R0913 # removes port if enabled from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removePort('%s', '%s', '%s')" % \ (zone, port, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_port(zone, port, protocol) self.removeTimeout(_zone, (port, protocol)) self.PortRemoved(_zone, port, protocol) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryPort(self, zone, port, protocol, sender=None): # pylint: disable=W0613, R0913 # returns true if a port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.queryPort('%s', '%s', '%s')" % (zone, port, protocol)) return self.fw.zone.query_port(zone, port, protocol) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled ports # TODO: should be renamed to listPorts() # because is called by firewall-cmd --zone --list-ports zone = dbus_to_python(zone, str) log.debug1("zone.getPorts('%s')" % (zone)) return self.fw.zone.list_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssi') @dbus_handle_exceptions def PortAdded(self, zone, port, protocol, timeout=0): log.debug1("zone.PortAdded('%s', '%s', '%s', %d)" % \ (zone, port, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sss') @dbus_handle_exceptions def PortRemoved(self, zone, port, protocol): log.debug1("zone.PortRemoved('%s', '%s', '%s')" % \ (zone, port, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PROTOCOLS @dbus_handle_exceptions def disableTimedProtocol(self, zone, protocol): log.debug1("zone.disableTimedProtocol('%s', '%s')" % (zone, protocol)) del self._timeouts[zone][(protocol)] self.fw.zone.remove_protocol(zone, protocol) self.ProtocolRemoved(zone, protocol) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addProtocol(self, zone, protocol, timeout, sender=None): # adds protocol if not enabled already to zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.enableProtocol('%s', '%s')" % (zone, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_protocol(zone, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedProtocol, _zone, protocol) self.addTimeout(_zone, protocol, tag) self.ProtocolAdded(_zone, protocol, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeProtocol(self, zone, protocol, sender=None): # removes protocol if enabled from zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removeProtocol('%s', '%s')" % (zone, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_protocol(zone, protocol) self.removeTimeout(_zone, protocol) self.ProtocolRemoved(_zone, protocol) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, zone, protocol, sender=None): # pylint: disable=W0613 # returns true if a protocol is enabled for zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.queryProtocol('%s', '%s')" % (zone, protocol)) return self.fw.zone.query_protocol(zone, protocol) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getProtocols(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled protocols # TODO: should be renamed to listProtocols() # because is called by firewall-cmd --zone --list-protocols zone = dbus_to_python(zone, str) log.debug1("zone.getProtocols('%s')" % (zone)) return self.fw.zone.list_protocols(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def ProtocolAdded(self, zone, protocol, timeout=0): log.debug1("zone.ProtocolAdded('%s', '%s', %d)" % \ (zone, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ProtocolRemoved(self, zone, protocol): log.debug1("zone.ProtocolRemoved('%s', '%s')" % (zone, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SOURCE PORTS @dbus_handle_exceptions def disableTimedSourcePort(self, zone, port, protocol): log.debug1("zone.disableTimedSourcePort('%s', '%s', '%s')" % \ (zone, port, protocol)) del self._timeouts[zone][("sport", port, protocol)] self.fw.zone.remove_source_port(zone, port, protocol) self.SourcePortRemoved(zone, port, protocol) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssi', out_signature='s') @dbus_handle_exceptions def addSourcePort(self, zone, port, protocol, timeout, sender=None): # pylint: disable=R0913 # adds source port if not enabled already to zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addSourcePort('%s', '%s', '%s')" % (zone, port, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_source_port(zone, port, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedSourcePort, _zone, port, protocol) self.addTimeout(_zone, ("sport", port, protocol), tag) self.SourcePortAdded(_zone, port, protocol, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='s') @dbus_handle_exceptions def removeSourcePort(self, zone, port, protocol, sender=None): # pylint: disable=R0913 # removes source port if enabled from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removeSourcePort('%s', '%s', '%s')" % (zone, port, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_source_port(zone, port, protocol) self.removeTimeout(_zone, ("sport", port, protocol)) self.SourcePortRemoved(_zone, port, protocol) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, zone, port, protocol, sender=None): # pylint: disable=W0613, R0913 # returns true if a source port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.querySourcePort('%s', '%s', '%s')" % (zone, port, protocol)) return self.fw.zone.query_source_port(zone, port, protocol) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getSourcePorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled source ports # TODO: should be renamed to listSourcePorts() # because is called by firewall-cmd --zone --list-source-ports zone = dbus_to_python(zone, str) log.debug1("zone.getSourcePorts('%s')" % (zone)) return self.fw.zone.list_source_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssi') @dbus_handle_exceptions def SourcePortAdded(self, zone, port, protocol, timeout=0): log.debug1("zone.SourcePortAdded('%s', '%s', '%s', %d)" % \ (zone, port, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sss') @dbus_handle_exceptions def SourcePortRemoved(self, zone, port, protocol): log.debug1("zone.SourcePortRemoved('%s', '%s', '%s')" % (zone, port, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # MASQUERADE @dbus_handle_exceptions def disableTimedMasquerade(self, zone): del self._timeouts[zone]["masquerade"] self.fw.zone.remove_masquerade(zone) self.MasqueradeRemoved(zone) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='si', out_signature='s') @dbus_handle_exceptions def addMasquerade(self, zone, timeout, sender=None): # adds masquerade if not added already zone = dbus_to_python(zone, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addMasquerade('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.add_masquerade(zone, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedMasquerade, _zone) self.addTimeout(_zone, "masquerade", tag) self.MasqueradeAdded(_zone, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def removeMasquerade(self, zone, sender=None): # removes masquerade zone = dbus_to_python(zone, str) log.debug1("zone.removeMasquerade('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.remove_masquerade(zone) self.removeTimeout(_zone, "masquerade") self.MasqueradeRemoved(_zone) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryMasquerade(self, zone, sender=None): # pylint: disable=W0613 # returns true if a masquerade is added zone = dbus_to_python(zone, str) log.debug1("zone.queryMasquerade('%s')" % (zone)) return self.fw.zone.query_masquerade(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='si') @dbus_handle_exceptions def MasqueradeAdded(self, zone, timeout=0): log.debug1("zone.MasqueradeAdded('%s', %d)" % (zone, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def MasqueradeRemoved(self, zone): log.debug1("zone.MasqueradeRemoved('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # FORWARD PORT @dbus_handle_exceptions def disable_forward_port(self, zone, port, protocol, toport, toaddr): # pylint: disable=R0913 del self._timeouts[zone][(port, protocol, toport, toaddr)] self.fw.zone.remove_forward_port(zone, port, protocol, toport, toaddr) self.ForwardPortRemoved(zone, port, protocol, toport, toaddr) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssssi', out_signature='s') @dbus_handle_exceptions def addForwardPort(self, zone, port, protocol, toport, toaddr, timeout, sender=None): # pylint: disable=R0913 # add forward port if not enabled already for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) self.accessCheck(sender) _zone = self.fw.zone.add_forward_port(zone, port, protocol, toport, toaddr, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disable_forward_port, _zone, port, protocol, toport, toaddr) self.addTimeout(_zone, (port, protocol, toport, toaddr), tag) self.ForwardPortAdded(_zone, port, protocol, toport, toaddr, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssss', out_signature='s') @dbus_handle_exceptions def removeForwardPort(self, zone, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 # remove forward port from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) self.accessCheck(sender) _zone = self.fw.zone.remove_forward_port(zone, port, protocol, toport, toaddr) self.removeTimeout(_zone, (port, protocol, toport, toaddr)) self.ForwardPortRemoved(_zone, port, protocol, toport, toaddr) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssss', out_signature='b') @dbus_handle_exceptions def queryForwardPort(self, zone, port, protocol, toport, toaddr, sender=None): # pylint: disable=W0613, R0913 # returns true if a forward port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("zone.queryForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) return self.fw.zone.query_forward_port(zone, port, protocol, toport, toaddr) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getForwardPorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled ports for zone # TODO: should be renamed to listForwardPorts() # because is called by firewall-cmd --zone --list-forward-ports zone = dbus_to_python(zone, str) log.debug1("zone.getForwardPorts('%s')" % (zone)) return self.fw.zone.list_forward_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssssi') @dbus_handle_exceptions def ForwardPortAdded(self, zone, port, protocol, toport, toaddr, timeout=0): # pylint: disable=R0913 log.debug1("zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)" % \ (zone, port, protocol, toport, toaddr, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssss') @dbus_handle_exceptions def ForwardPortRemoved(self, zone, port, protocol, toport, toaddr): # pylint: disable=R0913 log.debug1("zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ICMP BLOCK @dbus_handle_exceptions def disableTimedIcmpBlock(self, zone, icmp, sender): # pylint: disable=W0613 log.debug1("zone.disableTimedIcmpBlock('%s', '%s')" % (zone, icmp)) del self._timeouts[zone][icmp] self.fw.zone.remove_icmp_block(zone, icmp) self.IcmpBlockRemoved(zone, icmp) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addIcmpBlock(self, zone, icmp, timeout, sender=None): # add icmpblock if not enabled already for zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.enableIcmpBlock('%s', '%s')" % (zone, icmp)) self.accessCheck(sender) _zone = self.fw.zone.add_icmp_block(zone, icmp, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedIcmpBlock, _zone, icmp, sender) self.addTimeout(_zone, icmp, tag) self.IcmpBlockAdded(_zone, icmp, timeout) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeIcmpBlock(self, zone, icmp, sender=None): # removes icmpBlock from zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) log.debug1("zone.removeIcmpBlock('%s', '%s')" % (zone, icmp)) self.accessCheck(sender) _zone = self.fw.zone.remove_icmp_block(zone, icmp) self.removeTimeout(_zone, icmp) self.IcmpBlockRemoved(_zone, icmp) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryIcmpBlock(self, zone, icmp, sender=None): # pylint: disable=W0613 # returns true if a icmp is enabled for zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) log.debug1("zone.queryIcmpBlock('%s', '%s')" % (zone, icmp)) return self.fw.zone.query_icmp_block(zone, icmp) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getIcmpBlocks(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled icmpblocks # TODO: should be renamed to listIcmpBlocks() # because is called by firewall-cmd --zone --list-icmp-blocks zone = dbus_to_python(zone, str) log.debug1("zone.getIcmpBlocks('%s')" % (zone)) return self.fw.zone.list_icmp_blocks(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def IcmpBlockAdded(self, zone, icmp, timeout=0): log.debug1("zone.IcmpBlockAdded('%s', '%s', %d)" % \ (zone, icmp, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def IcmpBlockRemoved(self, zone, icmp): log.debug1("zone.IcmpBlockRemoved('%s', '%s')" % (zone, icmp)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ICMP BLOCK INVERSION @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def addIcmpBlockInversion(self, zone, sender=None): # adds icmpBlockInversion if not added already zone = dbus_to_python(zone, str) log.debug1("zone.addIcmpBlockInversion('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.add_icmp_block_inversion(zone, sender) self.IcmpBlockInversionAdded(_zone) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def removeIcmpBlockInversion(self, zone, sender=None): # removes icmpBlockInversion zone = dbus_to_python(zone, str) log.debug1("zone.removeIcmpBlockInversion('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.remove_icmp_block_inversion(zone) self.IcmpBlockInversionRemoved(_zone) return _zone @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIcmpBlockInversion(self, zone, sender=None): # pylint: disable=W0613 # returns true if a icmpBlockInversion is added zone = dbus_to_python(zone, str) log.debug1("zone.queryIcmpBlockInversion('%s')" % (zone)) return self.fw.zone.query_icmp_block_inversion(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def IcmpBlockInversionAdded(self, zone): log.debug1("zone.IcmpBlockInversionAdded('%s')" % (zone)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def IcmpBlockInversionRemoved(self, zone): log.debug1("zone.IcmpBlockInversionRemoved('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT CHAIN @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def addChain(self, ipv, table, chain, sender=None): # inserts direct chain ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.addChain('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) self.fw.direct.add_chain(ipv, table, chain) self.ChainAdded(ipv, table, chain) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def removeChain(self, ipv, table, chain, sender=None): # removes direct chain ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.removeChain('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) self.fw.direct.remove_chain(ipv, table, chain) self.ChainRemoved(ipv, table, chain) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryChain(self, ipv, table, chain, sender=None): # pylint: disable=W0613 # returns true if a chain is enabled ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.queryChain('%s', '%s', '%s')" % (ipv, table, chain)) return self.fw.direct.query_chain(ipv, table, chain) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='ss', out_signature='as') @dbus_handle_exceptions def getChains(self, ipv, table, sender=None): # pylint: disable=W0613 # returns list of added chains ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) log.debug1("direct.getChains('%s', '%s')" % (ipv, table)) return self.fw.direct.get_chains(ipv, table) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sss)') @dbus_handle_exceptions def getAllChains(self, sender=None): # pylint: disable=W0613 # returns list of added chains log.debug1("direct.getAllChains()") return self.fw.direct.get_all_chains() @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sss') @dbus_handle_exceptions def ChainAdded(self, ipv, table, chain): log.debug1("direct.ChainAdded('%s', '%s', '%s')" % (ipv, table, chain)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sss') @dbus_handle_exceptions def ChainRemoved(self, ipv, table, chain): log.debug1("direct.ChainRemoved('%s', '%s', '%s')" % (ipv, table, chain)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT RULE @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='') @dbus_handle_exceptions def addRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 # inserts direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.addRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) self.fw.direct.add_rule(ipv, table, chain, priority, args) self.RuleAdded(ipv, table, chain, priority, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='') @dbus_handle_exceptions def removeRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 # removes direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) self.fw.direct.remove_rule(ipv, table, chain, priority, args) self.RuleRemoved(ipv, table, chain, priority, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def removeRules(self, ipv, table, chain, sender=None): # removes direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.removeRules('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) for (priority, args) in self.fw.direct.get_rules(ipv, table, chain): self.fw.direct.remove_rule(ipv, table, chain, priority, args) self.RuleRemoved(ipv, table, chain, priority, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='b') @dbus_handle_exceptions def queryRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=W0613, R0913 # returns true if a rule is enabled ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) return self.fw.direct.query_rule(ipv, table, chain, priority, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='a(ias)') @dbus_handle_exceptions def getRules(self, ipv, table, chain, sender=None): # pylint: disable=W0613 # returns list of added rules ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.getRules('%s', '%s', '%s')" % (ipv, table, chain)) return self.fw.direct.get_rules(ipv, table, chain) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sssias)') @dbus_handle_exceptions def getAllRules(self, sender=None): # pylint: disable=W0613 # returns list of added rules log.debug1("direct.getAllRules()") return self.fw.direct.get_all_rules() @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sssias') @dbus_handle_exceptions def RuleAdded(self, ipv, table, chain, priority, args): # pylint: disable=R0913 log.debug1("direct.RuleAdded('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sssias') @dbus_handle_exceptions def RuleRemoved(self, ipv, table, chain, priority, args): # pylint: disable=R0913 log.debug1("direct.RuleRemoved('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT PASSTHROUGH (untracked) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='s') @dbus_handle_exceptions def passthrough(self, ipv, args, sender=None): # inserts direct rule ipv = dbus_to_python(ipv, str) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.passthrough('%s', '%s')" % (ipv, "','".join(args))) self.accessCheck(sender) try: return self.fw.direct.passthrough(ipv, args) except FirewallError as error: if ipv in ["ipv4", "ipv6"]: query_args = set(["-C", "--check", "-L", "--list"]) else: query_args = set(["-L", "--list"]) msg = str(error) if error.code == errors.COMMAND_FAILED: if len(set(args) & query_args) <= 0: log.warning(msg) raise FirewallDBusException(msg) raise # DIRECT PASSTHROUGH (tracked) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='') @dbus_handle_exceptions def addPassthrough(self, ipv, args, sender=None): # inserts direct passthrough ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.addPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) self.fw.direct.add_passthrough(ipv, args) self.PassthroughAdded(ipv, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='') @dbus_handle_exceptions def removePassthrough(self, ipv, args, sender=None): # removes direct passthrough ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.removePassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) self.fw.direct.remove_passthrough(ipv, args) self.PassthroughRemoved(ipv, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='b') @dbus_handle_exceptions def queryPassthrough(self, ipv, args, sender=None): # pylint: disable=W0613 # returns true if a passthrough is enabled ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.queryPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) return self.fw.direct.query_passthrough(ipv, args) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sas)') @dbus_handle_exceptions def getAllPassthroughs(self, sender=None): # pylint: disable=W0613 # returns list of all added passthroughs log.debug1("direct.getAllPassthroughs()") return self.fw.direct.get_all_passthroughs() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='') @dbus_handle_exceptions def removeAllPassthroughs(self, sender=None): # pylint: disable=W0613 # remove all passhroughs log.debug1("direct.removeAllPassthroughs()") # remove in reverse order to avoid removing non-empty chains for passthrough in reversed(self.getAllPassthroughs()): self.removePassthrough(*passthrough) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPassthroughs(self, ipv, sender=None): # pylint: disable=W0613 # returns list of all added passthroughs with ipv ipv = dbus_to_python(ipv) log.debug1("direct.getPassthroughs('%s')", ipv) return self.fw.direct.get_passthroughs(ipv) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sas') @dbus_handle_exceptions def PassthroughAdded(self, ipv, args): log.debug1("direct.PassthroughAdded('%s', '%s')" % \ (ipv, "','".join(args))) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sas') @dbus_handle_exceptions def PassthroughRemoved(self, ipv, args): log.debug1("direct.PassthroughRemoved('%s', '%s')" % \ (ipv, "','".join(args))) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_ALL) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def authorizeAll(self, sender=None): # pylint: disable=W0613 """ PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). """ pass # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # IPSETS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIPSet(self, ipset, sender=None): # pylint: disable=W0613 # returns true if a set with the name exists ipset = dbus_to_python(ipset) log.debug1("ipset.queryIPSet('%s')" % (ipset)) return self.fw.ipset.query_ipset(ipset) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='', out_signature='as') @dbus_handle_exceptions def getIPSets(self, sender=None): # pylint: disable=W0613 # returns list of added sets log.debug1("ipsets.getIPSets()") return self.fw.ipset.get_ipsets() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def getIPSetSettings(self, ipset, sender=None): # pylint: disable=W0613 # returns ipset settings for ipset ipset = dbus_to_python(ipset, str) log.debug1("getIPSetSettings(%s)", ipset) return self.fw.ipset.get_ipset(ipset).export_config() # set entries # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='') @dbus_handle_exceptions def addEntry(self, ipset, entry, sender=None): # adds ipset entry ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.addEntry('%s', '%s')" % (ipset, entry)) self.accessCheck(sender) self.fw.ipset.add_entry(ipset, entry) self.EntryAdded(ipset, entry) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='') @dbus_handle_exceptions def removeEntry(self, ipset, entry, sender=None): # removes ipset entry ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.removeEntry('%s', '%s')" % (ipset, entry)) self.accessCheck(sender) self.fw.ipset.remove_entry(ipset, entry) self.EntryRemoved(ipset, entry) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryEntry(self, ipset, entry, sender=None): # pylint: disable=W0613 # returns true if the entry exists in the ipset ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.queryEntry('%s', '%s')" % (ipset, entry)) return self.fw.ipset.query_entry(ipset, entry) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature='as') @dbus_handle_exceptions def getEntries(self, ipset, sender=None): # pylint: disable=W0613 # returns list of added entries for the ipset ipset = dbus_to_python(ipset) log.debug1("ipset.getEntries('%s')" % ipset) return self.fw.ipset.get_entries(ipset) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='sas') @dbus_handle_exceptions def setEntries(self, ipset, entries, sender=None): # pylint: disable=W0613 # returns list of added entries for the ipset ipset = dbus_to_python(ipset) entries = dbus_to_python(entries, list) log.debug1("ipset.setEntries('%s', '[%s]')", ipset, ",".join(entries)) old_entries = self.fw.ipset.get_entries(ipset) self.fw.ipset.set_entries(ipset, entries) old_entries_set = set(old_entries) entries_set = set(entries) for entry in entries_set - old_entries_set: self.EntryAdded(ipset, entry) for entry in old_entries_set - entries_set: self.EntryRemoved(ipset, entry) @dbus.service.signal(config.dbus.DBUS_INTERFACE_IPSET, signature='ss') @dbus_handle_exceptions def EntryAdded(self, ipset, entry): ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.EntryAdded('%s', '%s')" % (ipset, entry)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_IPSET, signature='ss') @dbus_handle_exceptions def EntryRemoved(self, ipset, entry): ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.EntryRemoved('%s', '%s')" % (ipset, entry)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # HELPERS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def getHelpers(self, sender=None): # pylint: disable=W0613 # returns list of added sets log.debug1("helpers.getHelpers()") return self.fw.helper.get_helpers() @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def getHelperSettings(self, helper, sender=None): # pylint: disable=W0613 # returns helper settings for helper helper = dbus_to_python(helper, str) log.debug1("getHelperSettings(%s)", helper) return self.fw.helper.get_helper(helper).export_config() firewalld-0.8.2/src/firewall/server/config_zone.py0000664007115300711530000012365613641106044023444 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # force use of pygobject3 in python-slip from gi.repository import GObject import sys sys.modules['gobject'] = GObject import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.zone import Zone from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.core.rich import Rich_Rule from firewall.core.logger import log from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method from firewall import errors from firewall.errors import FirewallError from firewall.functions import portInPortRange ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigZone(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, zone, item_id, *args, **kwargs): super(FirewallDConfigZone, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = zone self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.zone.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigZone, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_ZONE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature=Zone.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for zone """ log.debug1("%s.getSettings()", self._log_prefix) settings = self.config.get_zone_config(self.obj) if settings[4] == DEFAULT_ZONE_TARGET: # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = "default" settings = tuple(_settings) return settings def _checkDuplicateInterfacesSources(self, settings): """Assignment of interfaces/sources to zones is different from other zone settings in the sense that particular interface/zone can be part of only one zone. So make sure added interfaces/sources have not already been bound to another zone.""" old_settings = self.config.get_zone_config(self.obj) idx_i = Zone.index_of("interfaces") idx_s = Zone.index_of("sources") added_ifaces = set(settings[idx_i]) - set(old_settings[idx_i]) added_sources = set(settings[idx_s]) - set(old_settings[idx_s]) for iface in added_ifaces: if self.parent.getZoneOfInterface(iface): raise FirewallError(errors.ZONE_CONFLICT, iface) # or move to new zone ? for source in added_sources: if self.parent.getZoneOfSource(source): raise FirewallError(errors.ZONE_CONFLICT, source) # or move to new zone ? @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature=Zone.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for zone """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) if settings[4] == "default": # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = DEFAULT_ZONE_TARGET settings = tuple(_settings) self._checkDuplicateInterfacesSources(settings) self.obj = self.config.set_zone_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin zone """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_zone_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def remove(self, sender=None): """remove zone """ log.debug1("%s.removeZone()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_zone(self.obj) self.parent.removeZone(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename zone """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_zone(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # immutable (deprecated) # settings[3] was used for 'immutable' # target @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getTarget(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getTarget()", self._log_prefix) settings = self.getSettings() return settings[4] if settings[4] != DEFAULT_ZONE_TARGET else "default" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setTarget(self, target, sender=None): target = dbus_to_python(target, str) log.debug1("%s.setTarget('%s')", self._log_prefix, target) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET self.update(settings) # service @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getServices(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getServices()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setServices(self, services, sender=None): services = dbus_to_python(services, list) log.debug1("%s.setServices('[%s]')", self._log_prefix, ",".join(services)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = services self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addService(self, service, sender=None): service = dbus_to_python(service, str) log.debug1("%s.addService('%s')", self._log_prefix, service) self.parent.accessCheck(sender) settings = list(self.getSettings()) if service in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, service) settings[5].append(service) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeService(self, service, sender=None): service = dbus_to_python(service, str) log.debug1("%s.removeService('%s')", self._log_prefix, service) self.parent.accessCheck(sender) settings = list(self.getSettings()) if service not in settings[5]: raise FirewallError(errors.NOT_ENABLED, service) settings[5].remove(service) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryService(self, service, sender=None): # pylint: disable=W0613 service = dbus_to_python(service, str) log.debug1("%s.queryService('%s')", self._log_prefix, service) return service in self.getSettings()[5] # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[6] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[6] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[6]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[6].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[6]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[6].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) if (port,protocol) in self.getSettings()[6]: return True else: # It might be a single port query that is inside a range for (_port, _protocol) in self.getSettings()[6]: if portInPortRange(port, _port) and protocol == _protocol: return True return False # protocol @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getProtocols(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getProtocols()", self._log_prefix) return self.getSettings()[13] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setProtocols(self, protocols, sender=None): protocols = dbus_to_python(protocols, list) log.debug1("%s.setProtocols('[%s]')", self._log_prefix, ",".join(protocols)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[13] = protocols self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.addProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol in settings[13]: raise FirewallError(errors.ALREADY_ENABLED, protocol) settings[13].append(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.removeProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol not in settings[13]: raise FirewallError(errors.NOT_ENABLED, protocol) settings[13].remove(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, protocol, sender=None): # pylint: disable=W0613 protocol = dbus_to_python(protocol, str) log.debug1("%s.queryProtocol('%s')", self._log_prefix, protocol) return protocol in self.getSettings()[13] # source port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') @dbus_handle_exceptions def getSourcePorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSourcePorts()", self._log_prefix) return self.getSettings()[14] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') @dbus_handle_exceptions def setSourcePorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setSourcePorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[14] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def addSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[14]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[14].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def removeSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removeSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[14]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[14].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.querySourcePort('%s', '%s')", self._log_prefix, port, protocol) for (_port, _protocol) in self.getSettings()[14]: if portInPortRange(port, _port) and protocol == _protocol: return True return False # icmp block @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getIcmpBlocks(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getIcmpBlocks()", self._log_prefix) return self.getSettings()[7] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setIcmpBlocks(self, icmptypes, sender=None): icmptypes = dbus_to_python(icmptypes, list) log.debug1("%s.setIcmpBlocks('[%s]')", self._log_prefix, ",".join(icmptypes)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[7] = icmptypes self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addIcmpBlock(self, icmptype, sender=None): icmptype = dbus_to_python(icmptype, str) log.debug1("%s.addIcmpBlock('%s')", self._log_prefix, icmptype) self.parent.accessCheck(sender) settings = list(self.getSettings()) if icmptype in settings[7]: raise FirewallError(errors.ALREADY_ENABLED, icmptype) settings[7].append(icmptype) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeIcmpBlock(self, icmptype, sender=None): icmptype = dbus_to_python(icmptype, str) log.debug1("%s.removeIcmpBlock('%s')", self._log_prefix, icmptype) self.parent.accessCheck(sender) settings = list(self.getSettings()) if icmptype not in settings[7]: raise FirewallError(errors.NOT_ENABLED, icmptype) settings[7].remove(icmptype) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIcmpBlock(self, icmptype, sender=None): # pylint: disable=W0613 icmptype = dbus_to_python(icmptype, str) log.debug1("%s.queryIcmpBlock('%s')", self._log_prefix, icmptype) return icmptype in self.getSettings()[7] # icmp block inversion @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def getIcmpBlockInversion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getIcmpBlockInversion()", self._log_prefix) return self.getSettings()[15] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') @dbus_handle_exceptions def setIcmpBlockInversion(self, flag, sender=None): flag = dbus_to_python(flag, bool) log.debug1("%s.setIcmpBlockInversion('%s')", self._log_prefix, flag) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[15] = flag self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def addIcmpBlockInversion(self, sender=None): log.debug1("%s.addIcmpBlockInversion()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[15]: raise FirewallError(errors.ALREADY_ENABLED, "icmp-block-inversion") settings[15] = True self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def removeIcmpBlockInversion(self, sender=None): log.debug1("%s.removeIcmpBlockInversion()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if not settings[15]: raise FirewallError(errors.NOT_ENABLED, "icmp-block-inversion") settings[15] = False self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def queryIcmpBlockInversion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.queryIcmpBlockInversion()", self._log_prefix) return self.getSettings()[15] # masquerade @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def getMasquerade(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getMasquerade()", self._log_prefix) return self.getSettings()[8] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') @dbus_handle_exceptions def setMasquerade(self, masquerade, sender=None): masquerade = dbus_to_python(masquerade, bool) log.debug1("%s.setMasquerade('%s')", self._log_prefix, masquerade) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[8] = masquerade self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def addMasquerade(self, sender=None): log.debug1("%s.addMasquerade()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[8]: raise FirewallError(errors.ALREADY_ENABLED, "masquerade") settings[8] = True self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def removeMasquerade(self, sender=None): log.debug1("%s.removeMasquerade()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if not settings[8]: raise FirewallError(errors.NOT_ENABLED, "masquerade") settings[8] = False self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def queryMasquerade(self, sender=None): # pylint: disable=W0613 log.debug1("%s.queryMasquerade()", self._log_prefix) return self.getSettings()[8] # forward port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ssss)') @dbus_handle_exceptions def getForwardPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getForwardPorts()", self._log_prefix) return self.getSettings()[9] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ssss)') @dbus_handle_exceptions def setForwardPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setForwardPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s', '%s', '%s')" % (port[0], port[1], \ port[2], port[3]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[9] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') @dbus_handle_exceptions def addForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.addForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) self.parent.accessCheck(sender) fwp_id = (port, protocol, str(toport), str(toaddr)) settings = list(self.getSettings()) if fwp_id in settings[9]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) settings[9].append(fwp_id) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') @dbus_handle_exceptions def removeForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.removeForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) self.parent.accessCheck(sender) fwp_id = (port, protocol, str(toport), str(toaddr)) settings = list(self.getSettings()) if fwp_id not in settings[9]: raise FirewallError(errors.NOT_ENABLED, "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) settings[9].remove(fwp_id) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss', out_signature='b') @dbus_handle_exceptions def queryForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=W0613, R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.queryForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) fwp_id = (port, protocol, str(toport), str(toaddr)) return fwp_id in self.getSettings()[9] # interface @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getInterfaces(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getInterfaces()", self._log_prefix) return self.getSettings()[10] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setInterfaces(self, interfaces, sender=None): interfaces = dbus_to_python(interfaces, list) log.debug1("%s.setInterfaces('[%s]')", self._log_prefix, ",".join(interfaces)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[10] = interfaces self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addInterface(self, interface, sender=None): interface = dbus_to_python(interface, str) log.debug1("%s.addInterface('%s')", self._log_prefix, interface) self.parent.accessCheck(sender) settings = list(self.getSettings()) if interface in settings[10]: raise FirewallError(errors.ALREADY_ENABLED, interface) settings[10].append(interface) self.update(settings) ifcfg_set_zone_of_interface(self.obj.name, interface) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeInterface(self, interface, sender=None): interface = dbus_to_python(interface, str) log.debug1("%s.removeInterface('%s')", self._log_prefix, interface) self.parent.accessCheck(sender) settings = list(self.getSettings()) if interface not in settings[10]: raise FirewallError(errors.NOT_ENABLED, interface) settings[10].remove(interface) self.update(settings) ifcfg_set_zone_of_interface("", interface) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryInterface(self, interface, sender=None): # pylint: disable=W0613 interface = dbus_to_python(interface, str) log.debug1("%s.queryInterface('%s')", self._log_prefix, interface) return interface in self.getSettings()[10] # source @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getSources(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSources()", self._log_prefix) return self.getSettings()[11] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setSources(self, sources, sender=None): sources = dbus_to_python(sources, list) log.debug1("%s.setSources('[%s]')", self._log_prefix, ",".join(sources)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[11] = sources self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addSource(self, source, sender=None): source = dbus_to_python(source, str) log.debug1("%s.addSource('%s')", self._log_prefix, source) self.parent.accessCheck(sender) settings = list(self.getSettings()) if source in settings[11]: raise FirewallError(errors.ALREADY_ENABLED, source) settings[11].append(source) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeSource(self, source, sender=None): source = dbus_to_python(source, str) log.debug1("%s.removeSource('%s')", self._log_prefix, source) self.parent.accessCheck(sender) settings = list(self.getSettings()) if source not in settings[11]: raise FirewallError(errors.NOT_ENABLED, source) settings[11].remove(source) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def querySource(self, source, sender=None): # pylint: disable=W0613 source = dbus_to_python(source, str) log.debug1("%s.querySource('%s')", self._log_prefix, source) return source in self.getSettings()[11] # rich rule @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getRichRules(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getRichRules()", self._log_prefix) return self.getSettings()[12] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setRichRules(self, rules, sender=None): rules = dbus_to_python(rules, list) log.debug1("%s.setRichRules('[%s]')", self._log_prefix, ",".join(rules)) self.parent.accessCheck(sender) settings = list(self.getSettings()) rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] settings[12] = rules self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addRichRule(self, rule, sender=None): rule = dbus_to_python(rule, str) log.debug1("%s.addRichRule('%s')", self._log_prefix, rule) self.parent.accessCheck(sender) settings = list(self.getSettings()) rule_str = str(Rich_Rule(rule_str=rule)) if rule_str in settings[12]: raise FirewallError(errors.ALREADY_ENABLED, rule) settings[12].append(rule_str) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeRichRule(self, rule, sender=None): rule = dbus_to_python(rule, str) log.debug1("%s.removeRichRule('%s')", self._log_prefix, rule) self.parent.accessCheck(sender) settings = list(self.getSettings()) rule_str = str(Rich_Rule(rule_str=rule)) if rule_str not in settings[12]: raise FirewallError(errors.NOT_ENABLED, rule) settings[12].remove(rule_str) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryRichRule(self, rule, sender=None): # pylint: disable=W0613 rule = dbus_to_python(rule, str) log.debug1("%s.queryRichRule('%s')", self._log_prefix, rule) rule_str = str(Rich_Rule(rule_str=rule)) return rule_str in self.getSettings()[12] firewalld-0.8.2/src/firewall/server/config_helper.py0000664007115300711530000004221213341016621023732 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # force use of pygobject3 in python-slip from gi.repository import GObject import sys sys.modules['gobject'] = GObject import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.helper import Helper from firewall.core.logger import log from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigHelper(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, helper, item_id, *args, **kwargs): super(FirewallDConfigHelper, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = helper self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.helper.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigHelper, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_HELPER) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for helper """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_helper_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for helper """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_helper_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin helper """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_helper_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def remove(self, sender=None): """remove helper """ log.debug1("%s.removeHelper()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_helper(self.obj) self.parent.removeHelper(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename helper """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_helper(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # family @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getFamily(self, sender=None): log.debug1("%s.getFamily()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) return settings[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setFamily(self, ipv, sender=None): ipv = dbus_to_python(ipv, str) log.debug1("%s.setFamily('%s')", self._log_prefix, ipv) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[3] == ipv: raise FirewallError(errors.ALREADY_ENABLED, "'%s'" % ipv) settings[3] = ipv self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryFamily(self, ipv, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv, str) log.debug1("%s.queryFamily('%s')", self._log_prefix, ipv) settings = self.getSettings() return (settings[3] == ipv) # module @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getModule(self, sender=None): log.debug1("%s.getModule()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) return settings[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setModule(self, module, sender=None): module = dbus_to_python(module, str) log.debug1("%s.setModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[4] == module: raise FirewallError(errors.ALREADY_ENABLED, "'%s'" % module) settings[4] = module self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryModule(self, module, sender=None): # pylint: disable=W0613 module = dbus_to_python(module, str) log.debug1("%s.queryModule('%s')", self._log_prefix, module) settings = self.getSettings() return (settings[4] == module) # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[5].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[5]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[5].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[5] firewalld-0.8.2/src/firewall/server/config.py0000664007115300711530000017677213626005157022426 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # force use of pygobject3 in python-slip from gi.repository import GObject import sys sys.modules['gobject'] = GObject import os import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.core.watcher import Watcher from firewall.core.logger import log from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method from firewall.server.config_icmptype import FirewallDConfigIcmpType from firewall.server.config_service import FirewallDConfigService from firewall.server.config_zone import FirewallDConfigZone from firewall.server.config_ipset import FirewallDConfigIPSet from firewall.server.config_helper import FirewallDConfigHelper from firewall.core.io.zone import Zone from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall.core.io.direct import Direct from firewall.dbus_utils import dbus_to_python, \ command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfig(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use config.dbus.PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, conf, *args, **kwargs): super(FirewallDConfig, self).__init__(*args, **kwargs) self.config = conf self.busname = args[0] self.path = args[1] self._init_vars() self.watcher = Watcher(self.watch_updater, 5) self.watcher.add_watch_dir(config.FIREWALLD_IPSETS) self.watcher.add_watch_dir(config.ETC_FIREWALLD_IPSETS) self.watcher.add_watch_dir(config.FIREWALLD_ICMPTYPES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_ICMPTYPES) self.watcher.add_watch_dir(config.FIREWALLD_HELPERS) self.watcher.add_watch_dir(config.ETC_FIREWALLD_HELPERS) self.watcher.add_watch_dir(config.FIREWALLD_SERVICES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_SERVICES) self.watcher.add_watch_dir(config.FIREWALLD_ZONES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_ZONES) # Add watches for combined zone directories if os.path.exists(config.ETC_FIREWALLD_ZONES): for filename in sorted(os.listdir(config.ETC_FIREWALLD_ZONES)): path = "%s/%s" % (config.ETC_FIREWALLD_ZONES, filename) if os.path.isdir(path): self.watcher.add_watch_dir(path) self.watcher.add_watch_file(config.LOCKDOWN_WHITELIST) self.watcher.add_watch_file(config.FIREWALLD_DIRECT) self.watcher.add_watch_file(config.FIREWALLD_CONF) dbus_introspection_prepare_properties(self, config.dbus.DBUS_INTERFACE_CONFIG, { "CleanupOnExit": "readwrite", "IPv6_rpfilter": "readwrite", "Lockdown": "readwrite", "MinimalMark": "readwrite", "IndividualCalls": "readwrite", "LogDenied": "readwrite", "AutomaticHelpers": "readwrite", "FirewallBackend": "readwrite", "FlushAllOnReload": "readwrite", "RFC3964_IPv4": "readwrite", "AllowZoneDrifting": "readwrite", }) @handle_exceptions def _init_vars(self): self.ipsets = [ ] self.ipset_idx = 0 self.icmptypes = [ ] self.icmptype_idx = 0 self.services = [ ] self.service_idx = 0 self.zones = [ ] self.zone_idx = 0 self.helpers = [ ] self.helper_idx = 0 for ipset in self.config.get_ipsets(): self._addIPSet(self.config.get_ipset(ipset)) for icmptype in self.config.get_icmptypes(): self._addIcmpType(self.config.get_icmptype(icmptype)) for service in self.config.get_services(): self._addService(self.config.get_service(service)) for zone in self.config.get_zones(): self._addZone(self.config.get_zone(zone)) for helper in self.config.get_helpers(): self._addHelper(self.config.get_helper(helper)) @handle_exceptions def __del__(self): pass @handle_exceptions def reload(self): while len(self.ipsets) > 0: item = self.ipsets.pop() item.unregister() del item while len(self.icmptypes) > 0: item = self.icmptypes.pop() item.unregister() del item while len(self.services) > 0: item = self.services.pop() item.unregister() del item while len(self.zones) > 0: item = self.zones.pop() item.unregister() del item while len(self.helpers) > 0: item = self.helpers.pop() item.unregister() del item self._init_vars() @handle_exceptions def watch_updater(self, name): if name == config.FIREWALLD_CONF: old_props = self.GetAll(config.dbus.DBUS_INTERFACE_CONFIG) log.debug1("config: Reloading firewalld config file '%s'", config.FIREWALLD_CONF) try: self.config.update_firewalld_conf() except Exception as msg: log.error("Failed to load firewalld.conf file '%s': %s" % \ (name, msg)) return props = self.GetAll(config.dbus.DBUS_INTERFACE_CONFIG).copy() for key in list(props.keys()): if key in old_props and old_props[key] == props[key]: del props[key] if len(props) > 0: self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG, props, []) return if (name.startswith(config.FIREWALLD_ICMPTYPES) or \ name.startswith(config.ETC_FIREWALLD_ICMPTYPES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_icmptype_from_path(name) except Exception as msg: log.error("Failed to load icmptype file '%s': %s" % (name, msg)) return if what == "new": self._addIcmpType(obj) elif what == "remove": self.removeIcmpType(obj) elif what == "update": self._updateIcmpType(obj) elif (name.startswith(config.FIREWALLD_SERVICES) or \ name.startswith(config.ETC_FIREWALLD_SERVICES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_service_from_path(name) except Exception as msg: log.error("Failed to load service file '%s': %s" % (name, msg)) return if what == "new": self._addService(obj) elif what == "remove": self.removeService(obj) elif what == "update": self._updateService(obj) elif name.startswith(config.FIREWALLD_ZONES) or \ name.startswith(config.ETC_FIREWALLD_ZONES): if name.endswith(".xml"): try: (what, obj) = self.config.update_zone_from_path(name) except Exception as msg: log.error("Failed to load zone file '%s': %s" % (name, msg)) return if what == "new": self._addZone(obj) elif what == "remove": self.removeZone(obj) elif what == "update": self._updateZone(obj) elif name.startswith(config.ETC_FIREWALLD_ZONES): # possible combined zone base directory _name = name.replace(config.ETC_FIREWALLD_ZONES, "").strip("/") if len(_name) < 1 or "/" in _name: # if there is a / in x, then it is a sub sub directory # ignore it return if os.path.isdir(name): if not self.watcher.has_watch(name): self.watcher.add_watch_dir(name) elif self.watcher.has_watch(name): self.watcher.remove_watch(name) elif (name.startswith(config.FIREWALLD_IPSETS) or \ name.startswith(config.ETC_FIREWALLD_IPSETS)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_ipset_from_path(name) except Exception as msg: log.error("Failed to load ipset file '%s': %s" % (name, msg)) return if what == "new": self._addIPSet(obj) elif what == "remove": self.removeIPSet(obj) elif what == "update": self._updateIPSet(obj) elif (name.startswith(config.FIREWALLD_HELPERS) or \ name.startswith(config.ETC_FIREWALLD_HELPERS)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_helper_from_path(name) except Exception as msg: log.error("Failed to load helper file '%s': %s" % (name, msg)) return if what == "new": self._addHelper(obj) elif what == "remove": self.removeHelper(obj) elif what == "update": self._updateHelper(obj) elif name == config.LOCKDOWN_WHITELIST: try: self.config.update_lockdown_whitelist() except Exception as msg: log.error("Failed to load lockdown whitelist file '%s': %s" % \ (name, msg)) return self.LockdownWhitelistUpdated() elif name == config.FIREWALLD_DIRECT: try: self.config.update_direct() except Exception as msg: log.error("Failed to load direct rules file '%s': %s" % (name, msg)) return self.Updated() @handle_exceptions def _addIcmpType(self, obj): # TODO: check for idx overflow config_icmptype = FirewallDConfigIcmpType( self, self.config, obj, self.icmptype_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_ICMPTYPE, self.icmptype_idx)) self.icmptypes.append(config_icmptype) self.icmptype_idx += 1 self.IcmpTypeAdded(obj.name) return config_icmptype @handle_exceptions def _updateIcmpType(self, obj): for icmptype in self.icmptypes: if icmptype.obj.name == obj.name and \ icmptype.obj.path == obj.path and \ icmptype.obj.filename == obj.filename: icmptype.obj = obj icmptype.Updated(obj.name) @handle_exceptions def removeIcmpType(self, obj): index = 7 # see IMPORT_EXPORT_STRUCTURE in class Zone(IO_Object) for zone in self.zones: settings = zone.getSettings() # if this IcmpType is used in a zone remove it from that zone first if obj.name in settings[index]: settings[index].remove(obj.name) zone.obj = self.config.set_zone_config(zone.obj, settings) zone.Updated(zone.obj.name) for icmptype in self.icmptypes: if icmptype.obj == obj: icmptype.Removed(obj.name) icmptype.unregister() self.icmptypes.remove(icmptype) del icmptype @handle_exceptions def _addService(self, obj): # TODO: check for idx overflow config_service = FirewallDConfigService( self, self.config, obj, self.service_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_SERVICE, self.service_idx)) self.services.append(config_service) self.service_idx += 1 self.ServiceAdded(obj.name) return config_service @handle_exceptions def _updateService(self, obj): for service in self.services: if service.obj.name == obj.name and \ service.obj.path == obj.path and \ service.obj.filename == obj.filename: service.obj = obj service.Updated(obj.name) @handle_exceptions def removeService(self, obj): index = 5 # see IMPORT_EXPORT_STRUCTURE in class Zone(IO_Object) for zone in self.zones: settings = zone.getSettings() # if this Service is used in a zone remove it from that zone first if obj.name in settings[index]: settings[index].remove(obj.name) zone.obj = self.config.set_zone_config(zone.obj, settings) zone.Updated(zone.obj.name) for service in self.services: if service.obj == obj: service.Removed(obj.name) service.unregister() self.services.remove(service) del service @handle_exceptions def _addZone(self, obj): # TODO: check for idx overflow config_zone = FirewallDConfigZone( self, self.config, obj, self.zone_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_ZONE, self.zone_idx)) self.zones.append(config_zone) self.zone_idx += 1 self.ZoneAdded(obj.name) return config_zone @handle_exceptions def _updateZone(self, obj): for zone in self.zones: if zone.obj.name == obj.name and zone.obj.path == obj.path and \ zone.obj.filename == obj.filename: zone.obj = obj zone.Updated(obj.name) @handle_exceptions def removeZone(self, obj): for zone in self.zones: if zone.obj == obj: zone.Removed(obj.name) zone.unregister() self.zones.remove(zone) del zone @handle_exceptions def _addIPSet(self, obj): # TODO: check for idx overflow config_ipset = FirewallDConfigIPSet( self, self.config, obj, self.ipset_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_IPSET, self.ipset_idx)) self.ipsets.append(config_ipset) self.ipset_idx += 1 self.IPSetAdded(obj.name) return config_ipset @handle_exceptions def _updateIPSet(self, obj): for ipset in self.ipsets: if ipset.obj.name == obj.name and ipset.obj.path == obj.path and \ ipset.obj.filename == obj.filename: ipset.obj = obj ipset.Updated(obj.name) @handle_exceptions def removeIPSet(self, obj): for ipset in self.ipsets: if ipset.obj == obj: ipset.Removed(obj.name) ipset.unregister() self.ipsets.remove(ipset) del ipset # access check @handle_exceptions def _addHelper(self, obj): # TODO: check for idx overflow config_helper = FirewallDConfigHelper( self, self.config, obj, self.helper_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_HELPER, self.helper_idx)) self.helpers.append(config_helper) self.helper_idx += 1 self.HelperAdded(obj.name) return config_helper @handle_exceptions def _updateHelper(self, obj): for helper in self.helpers: if helper.obj.name == obj.name and helper.obj.path == obj.path and \ helper.obj.filename == obj.filename: helper.obj = obj helper.Updated(obj.name) @handle_exceptions def removeHelper(self, obj): for helper in self.helpers: if helper.obj == obj: helper.Removed(obj.name) helper.unregister() self.helpers.remove(helper) del helper # access check @dbus_handle_exceptions def accessCheck(self, sender): if self.config.lockdown_enabled(): if sender is None: log.error("Lockdown not possible, sender not set.") return bus = dbus.SystemBus() context = context_of_sender(bus, sender) if self.config.access_check("context", context): return uid = uid_of_sender(bus, sender) if self.config.access_check("uid", uid): return user = user_of_uid(uid) if self.config.access_check("user", user): return command = command_of_sender(bus, sender) if self.config.access_check("command", command): return raise FirewallError(errors.ACCESS_DENIED, "lockdown is enabled") # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, prop): if prop not in [ "DefaultZone", "MinimalMark", "CleanupOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) value = self.config.get_firewalld_conf().get(prop) if prop == "DefaultZone": if value is None: value = config.FALLBACK_ZONE return dbus.String(value) elif prop == "MinimalMark": if value is None: value = config.FALLBACK_MINIMAL_MARK else: value = int(value) return dbus.Int32(value) elif prop == "CleanupOnExit": if value is None: value = "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no" return dbus.String(value) elif prop == "Lockdown": if value is None: value = "yes" if config.FALLBACK_LOCKDOWN else "no" return dbus.String(value) elif prop == "IPv6_rpfilter": if value is None: value = "yes" if config.FALLBACK_IPV6_RPFILTER else "no" return dbus.String(value) elif prop == "IndividualCalls": if value is None: value = "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no" return dbus.String(value) elif prop == "LogDenied": if value is None: value = config.FALLBACK_LOG_DENIED return dbus.String(value) elif prop == "AutomaticHelpers": if value is None: value = config.FALLBACK_AUTOMATIC_HELPERS return dbus.String(value) elif prop == "FirewallBackend": if value is None: value = config.FALLBACK_FIREWALL_BACKEND return dbus.String(value) elif prop == "FlushAllOnReload": if value is None: value = "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no" return dbus.String(value) elif prop == "RFC3964_IPv4": if value is None: value = "yes" if config.FALLBACK_RFC3964_IPV4 else "no" return dbus.String(value) elif prop == "AllowZoneDrifting": if value is None: value = "yes" if config.FALLBACK_ALLOW_ZONE_DRIFTING else "no" return dbus.String(value) @dbus_handle_exceptions def _get_dbus_property(self, prop): if prop == "DefaultZone": return dbus.String(self._get_property(prop)) elif prop == "MinimalMark": return dbus.Int32(self._get_property(prop)) elif prop == "CleanupOnExit": return dbus.String(self._get_property(prop)) elif prop == "Lockdown": return dbus.String(self._get_property(prop)) elif prop == "IPv6_rpfilter": return dbus.String(self._get_property(prop)) elif prop == "IndividualCalls": return dbus.String(self._get_property(prop)) elif prop == "LogDenied": return dbus.String(self._get_property(prop)) elif prop == "AutomaticHelpers": return dbus.String(self._get_property(prop)) elif prop == "FirewallBackend": return dbus.String(self._get_property(prop)) elif prop == "FlushAllOnReload": return dbus.String(self._get_property(prop)) elif prop == "RFC3964_IPv4": return dbus.String(self._get_property(prop)) elif prop == "AllowZoneDrifting": return dbus.String(self._get_property(prop)) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("config.Get('%s', '%s')", interface_name, property_name) if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: return self._get_dbus_property(property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_dbus_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("config.GetAll('%s')", interface_name) ret = { } if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: for x in [ "DefaultZone", "MinimalMark", "CleanupOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: ret[x] = self._get_property(x) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("config.Set('%s', '%s', '%s')", interface_name, property_name, new_value) self.accessCheck(sender) if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: if property_name in [ "MinimalMark", "CleanupOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: if property_name == "MinimalMark": try: int(new_value) except ValueError: raise FirewallError(errors.INVALID_MARK, new_value) try: new_value = str(new_value) except: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name in [ "CleanupOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls" ]: if new_value.lower() not in [ "yes", "no", "true", "false" ]: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name == "LogDenied": if new_value not in config.LOG_DENIED_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name == "AutomaticHelpers": if new_value not in config.AUTOMATIC_HELPERS_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name == "FirewallBackend": if new_value not in config.FIREWALL_BACKEND_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name == "FlushAllOnReload": if new_value.lower() not in ["yes", "true", "no", "false"]: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name == "RFC3964_IPv4": if new_value.lower() not in ["yes", "true", "no", "false"]: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) if property_name == "AllowZoneDrifting": if new_value.lower() not in ["yes", "true", "no", "false"]: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) self.config.get_firewalld_conf().set(property_name, new_value) self.config.get_firewalld_conf().write() self.PropertiesChanged(interface_name, { property_name: new_value }, [ ]) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("config.PropertiesChanged('%s', '%s', '%s')", interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("config.Introspect()") data = super(FirewallDConfig, self).Introspect(self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # policies @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature=LockdownWhitelist.DBUS_SIGNATURE) @dbus_handle_exceptions def getLockdownWhitelist(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelist()") return self.config.get_policies().lockdown_whitelist.export_config() @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature=LockdownWhitelist.DBUS_SIGNATURE) @dbus_handle_exceptions def setLockdownWhitelist(self, settings, sender=None): # pylint: disable=W0613 log.debug1("config.policies.setLockdownWhitelist(...)") settings = dbus_to_python(settings) self.config.get_policies().lockdown_whitelist.import_config(settings) self.config.get_policies().lockdown_whitelist.write() self.LockdownWhitelistUpdated() @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES) @dbus_handle_exceptions def LockdownWhitelistUpdated(self): log.debug1("config.policies.LockdownWhitelistUpdated()") # command @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistCommand(self, command, sender=None): command = dbus_to_python(command) log.debug1("config.policies.addLockdownWhitelistCommand('%s')", command) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if command in settings[0]: raise FirewallError(errors.ALREADY_ENABLED, command) settings[0].append(command) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistCommand(self, command, sender=None): command = dbus_to_python(command) log.debug1("config.policies.removeLockdownWhitelistCommand('%s')", command) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if command not in settings[0]: raise FirewallError(errors.NOT_ENABLED, command) settings[0].remove(command) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistCommand(self, command, sender=None): # pylint: disable=W0613 command = dbus_to_python(command) log.debug1("config.policies.queryLockdownWhitelistCommand('%s')", command) return command in self.getLockdownWhitelist()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistCommands(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistCommands()") return self.getLockdownWhitelist()[0] # context @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistContext(self, context, sender=None): context = dbus_to_python(context) log.debug1("config.policies.addLockdownWhitelistContext('%s')", context) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if context in settings[1]: raise FirewallError(errors.ALREADY_ENABLED, context) settings[1].append(context) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistContext(self, context, sender=None): context = dbus_to_python(context) log.debug1("config.policies.removeLockdownWhitelistContext('%s')", context) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if context not in settings[1]: raise FirewallError(errors.NOT_ENABLED, context) settings[1].remove(context) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistContext(self, context, sender=None): # pylint: disable=W0613 context = dbus_to_python(context) log.debug1("config.policies.queryLockdownWhitelistContext('%s')", context) return context in self.getLockdownWhitelist()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistContexts(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistContexts()") return self.getLockdownWhitelist()[1] # user @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistUser(self, user, sender=None): user = dbus_to_python(user) log.debug1("config.policies.addLockdownWhitelistUser('%s')", user) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if user in settings[2]: raise FirewallError(errors.ALREADY_ENABLED, user) settings[2].append(user) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistUser(self, user, sender=None): user = dbus_to_python(user) log.debug1("config.policies.removeLockdownWhitelistUser('%s')", user) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if user not in settings[2]: raise FirewallError(errors.NOT_ENABLED, user) settings[2].remove(user) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUser(self, user, sender=None): # pylint: disable=W0613 user = dbus_to_python(user) log.debug1("config.policies.queryLockdownWhitelistUser('%s')", user) return user in self.getLockdownWhitelist()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistUsers(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistUsers()") return self.getLockdownWhitelist()[2] # uid @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') @dbus_handle_exceptions def addLockdownWhitelistUid(self, uid, sender=None): uid = dbus_to_python(uid) log.debug1("config.policies.addLockdownWhitelistUid(%d)", uid) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if uid in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, uid) settings[3].append(uid) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') @dbus_handle_exceptions def removeLockdownWhitelistUid(self, uid, sender=None): uid = dbus_to_python(uid) log.debug1("config.policies.removeLockdownWhitelistUid(%d)", uid) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if uid not in settings[3]: raise FirewallError(errors.NOT_ENABLED, uid) settings[3].remove(uid) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUid(self, uid, sender=None): # pylint: disable=W0613 uid = dbus_to_python(uid) log.debug1("config.policies.queryLockdownWhitelistUid(%d)", uid) return uid in self.getLockdownWhitelist()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='ai') @dbus_handle_exceptions def getLockdownWhitelistUids(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistUids()") return self.getLockdownWhitelist()[3] # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # I P S E T S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listIPSets(self, sender=None): # pylint: disable=W0613 """list ipsets objects paths """ log.debug1("config.listIPSets()") return self.ipsets @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getIPSetNames(self, sender=None): # pylint: disable=W0613 """get ipset names """ log.debug1("config.getIPSetNames()") ipsets = [ ] for obj in self.ipsets: ipsets.append(obj.obj.name) return sorted(ipsets) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getIPSetByName(self, ipset, sender=None): # pylint: disable=W0613 """object path of ipset with given name """ ipset = dbus_to_python(ipset, str) log.debug1("config.getIPSetByName('%s')", ipset) for obj in self.ipsets: if obj.obj.name == ipset: return obj raise FirewallError(errors.INVALID_IPSET, ipset) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+IPSet.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addIPSet(self, ipset, settings, sender=None): """add ipset with given name and settings """ ipset = dbus_to_python(ipset, str) settings = dbus_to_python(settings) log.debug1("config.addIPSet('%s')", ipset) self.accessCheck(sender) obj = self.config.new_ipset(ipset, settings) config_ipset = self._addIPSet(obj) return config_ipset @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def IPSetAdded(self, ipset): ipset = dbus_to_python(ipset, str) log.debug1("config.IPSetAdded('%s')" % (ipset)) # I C M P T Y P E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listIcmpTypes(self, sender=None): # pylint: disable=W0613 """list icmptypes objects paths """ log.debug1("config.listIcmpTypes()") return self.icmptypes @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getIcmpTypeNames(self, sender=None): # pylint: disable=W0613 """get icmptype names """ log.debug1("config.getIcmpTypeNames()") icmptypes = [ ] for obj in self.icmptypes: icmptypes.append(obj.obj.name) return sorted(icmptypes) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getIcmpTypeByName(self, icmptype, sender=None): # pylint: disable=W0613 """object path of icmptype with given name """ icmptype = dbus_to_python(icmptype, str) log.debug1("config.getIcmpTypeByName('%s')", icmptype) for obj in self.icmptypes: if obj.obj.name == icmptype: return obj raise FirewallError(errors.INVALID_ICMPTYPE, icmptype) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+IcmpType.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addIcmpType(self, icmptype, settings, sender=None): """add icmptype with given name and settings """ icmptype = dbus_to_python(icmptype, str) settings = dbus_to_python(settings) log.debug1("config.addIcmpType('%s')", icmptype) self.accessCheck(sender) obj = self.config.new_icmptype(icmptype, settings) config_icmptype = self._addIcmpType(obj) return config_icmptype @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def IcmpTypeAdded(self, icmptype): log.debug1("config.IcmpTypeAdded('%s')" % (icmptype)) # S E R V I C E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listServices(self, sender=None): # pylint: disable=W0613 """list services objects paths """ log.debug1("config.listServices()") return self.services @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getServiceNames(self, sender=None): # pylint: disable=W0613 """get service names """ log.debug1("config.getServiceNames()") services = [ ] for obj in self.services: services.append(obj.obj.name) return sorted(services) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getServiceByName(self, service, sender=None): # pylint: disable=W0613 """object path of service with given name """ service = dbus_to_python(service, str) log.debug1("config.getServiceByName('%s')", service) for obj in self.services: if obj.obj.name == service: return obj raise FirewallError(errors.INVALID_SERVICE, service) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s(sssa(ss)asa{ss}asa(ss))', out_signature='o') @dbus_handle_exceptions def addService(self, service, settings, sender=None): """add service with given name and settings """ service = dbus_to_python(service, str) settings = dbus_to_python(settings) log.debug1("config.addService('%s')", service) self.accessCheck(sender) obj = self.config.new_service(service, settings) config_service = self._addService(obj) return config_service @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='sa{sv}', out_signature='o') @dbus_handle_exceptions def addService2(self, service, settings, sender=None): """add service with given name and settings """ service = dbus_to_python(service, str) settings = dbus_to_python(settings) log.debug1("config.addService2('%s')", service) self.accessCheck(sender) obj = self.config.new_service_dict(service, settings) config_service = self._addService(obj) return config_service @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def ServiceAdded(self, service): log.debug1("config.ServiceAdded('%s')" % (service)) # Z O N E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listZones(self, sender=None): # pylint: disable=W0613 """list zones objects paths """ log.debug1("config.listZones()") return self.zones @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getZoneNames(self, sender=None): # pylint: disable=W0613 """get zone names """ log.debug1("config.getZoneNames()") zones = [ ] for obj in self.zones: zones.append(obj.obj.name) return sorted(zones) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getZoneByName(self, zone, sender=None): # pylint: disable=W0613 """object path of zone with given name """ zone = dbus_to_python(zone, str) log.debug1("config.getZoneByName('%s')", zone) for obj in self.zones: if obj.obj.name == zone: return obj raise FirewallError(errors.INVALID_ZONE, zone) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfInterface(self, iface, sender=None): # pylint: disable=W0613 """name of zone the given interface belongs to """ iface = dbus_to_python(iface, str) log.debug1("config.getZoneOfInterface('%s')", iface) ret = [] for obj in self.zones: if iface in obj.obj.interfaces: ret.append(obj.obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files return " ".join(ret) + \ " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % \ (iface, len(ret)) return ret[0] if ret else "" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfSource(self, source, sender=None): # pylint: disable=W0613 """name of zone the given source belongs to """ source = dbus_to_python(source, str) log.debug1("config.getZoneOfSource('%s')", source) ret = [] for obj in self.zones: if source in obj.obj.sources: ret.append(obj.obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files return " ".join(ret) + \ " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % \ (source, len(ret)) return ret[0] if ret else "" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+Zone.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addZone(self, zone, settings, sender=None): """add zone with given name and settings """ zone = dbus_to_python(zone, str) settings = dbus_to_python(settings) log.debug1("config.addZone('%s')", zone) self.accessCheck(sender) if settings[4] == "default": # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = DEFAULT_ZONE_TARGET settings = tuple(_settings) obj = self.config.new_zone(zone, settings) config_zone = self._addZone(obj) return config_zone @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def ZoneAdded(self, zone): log.debug1("config.ZoneAdded('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # H E L P E R S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listHelpers(self, sender=None): # pylint: disable=W0613 """list helpers objects paths """ log.debug1("config.listHelpers()") return self.helpers @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getHelperNames(self, sender=None): # pylint: disable=W0613 """get helper names """ log.debug1("config.getHelperNames()") helpers = [ ] for obj in self.helpers: helpers.append(obj.obj.name) return sorted(helpers) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getHelperByName(self, helper, sender=None): # pylint: disable=W0613 """object path of helper with given name """ helper = dbus_to_python(helper, str) log.debug1("config.getHelperByName('%s')", helper) for obj in self.helpers: if obj.obj.name == helper: return obj raise FirewallError(errors.INVALID_HELPER, helper) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+Helper.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addHelper(self, helper, settings, sender=None): """add helper with given name and settings """ helper = dbus_to_python(helper, str) settings = dbus_to_python(settings) log.debug1("config.addHelper('%s')", helper) self.accessCheck(sender) obj = self.config.new_helper(helper, settings) config_helper = self._addHelper(obj) return config_helper @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def HelperAdded(self, helper): helper = dbus_to_python(helper, str) log.debug1("config.HelperAdded('%s')" % (helper)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, out_signature=Direct.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 # returns list ipv, table, list of chains log.debug1("config.direct.getSettings()") return self.config.get_direct().export_config() @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature=Direct.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): # pylint: disable=W0613 # returns list ipv, table, list of chains log.debug1("config.direct.update()") settings = dbus_to_python(settings) self.config.get_direct().import_config(settings) self.config.get_direct().write() self.Updated() @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_handle_exceptions def Updated(self): log.debug1("config.direct.Updated()") # chain @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def addChain(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.addChain('%s', '%s', '%s')" % \ (ipv, table, chain)) self.accessCheck(sender) idx = tuple((ipv, table, chain)) settings = list(self.getSettings()) if idx in settings[0]: raise FirewallError(errors.ALREADY_ENABLED, "chain '%s' already is in '%s:%s'" % \ (chain, ipv, table)) settings[0].append(idx) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def removeChain(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.removeChain('%s', '%s', '%s')" % \ (ipv, table, chain)) self.accessCheck(sender) idx = tuple((ipv, table, chain)) settings = list(self.getSettings()) if idx not in settings[0]: raise FirewallError(errors.NOT_ENABLED, "chain '%s' is not in '%s:%s'" % (chain, ipv, table)) settings[0].remove(idx) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryChain(self, ipv, table, chain, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.queryChain('%s', '%s', '%s')" % \ (ipv, table, chain)) idx = tuple((ipv, table, chain)) return idx in self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='ss', out_signature='as') @dbus_handle_exceptions def getChains(self, ipv, table, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) log.debug1("config.direct.getChains('%s', '%s')" % (ipv, table)) ret = [ ] for idx in self.getSettings()[0]: if idx[0] == ipv and idx[1] == table: ret.append(idx[2]) return ret @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', out_signature='a(sss)') @dbus_handle_exceptions def getAllChains(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllChains()") return self.getSettings()[0] # rule @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') @dbus_handle_exceptions def addRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.addRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) idx = (ipv, table, chain, priority, args) settings = list(self.getSettings()) if idx in settings[1]: raise FirewallError(errors.ALREADY_ENABLED, "rule '%s' already is in '%s:%s:%s'" % \ (args, ipv, table, chain)) settings[1].append(idx) self.update(tuple(settings)) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') @dbus_handle_exceptions def removeRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) idx = (ipv, table, chain, priority, args) settings = list(self.getSettings()) if idx not in settings[1]: raise FirewallError(errors.NOT_ENABLED, "rule '%s' is not in '%s:%s:%s'" % \ (args, ipv, table, chain)) settings[1].remove(idx) self.update(tuple(settings)) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias', out_signature='b') @dbus_handle_exceptions def queryRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=W0613,R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) idx = (ipv, table, chain, priority, args) return idx in self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def removeRules(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.removeRules('%s', '%s', '%s')" % \ (ipv, table, chain, )) self.accessCheck(sender) settings = list(self.getSettings()) for rule in settings[1][:]: if (ipv, table, chain) == (rule[0], rule[1], rule[2]): settings[1].remove(rule) self.update(tuple(settings)) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', out_signature='a(ias)') @dbus_handle_exceptions def getRules(self, ipv, table, chain, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.getRules('%s', '%s', '%s')" % \ (ipv, table, chain)) ret = [ ] for idx in self.getSettings()[1]: if idx[0] == ipv and idx[1] == table and idx[2] == chain: ret.append((idx[3], idx[4])) return ret @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', out_signature='a(sssias)') @dbus_handle_exceptions def getAllRules(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllRules()") return self.getSettings()[1] # passthrough @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') @dbus_handle_exceptions def addPassthrough(self, ipv, args, sender=None): ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.addPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) idx = (ipv, args) settings = list(self.getSettings()) if idx in settings[2]: raise FirewallError(errors.ALREADY_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) settings[2].append(idx) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') @dbus_handle_exceptions def removePassthrough(self, ipv, args, sender=None): ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.removePassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) idx = (ipv, args) settings = list(self.getSettings()) if idx not in settings[2]: raise FirewallError(errors.NOT_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) settings[2].remove(idx) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas', out_signature='b') @dbus_handle_exceptions def queryPassthrough(self, ipv, args, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.queryPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) idx = (ipv, args) return idx in self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPassthroughs(self, ipv, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) log.debug1("config.direct.getPassthroughs('%s')" % (ipv)) ret = [ ] for idx in self.getSettings()[2]: if idx[0] == ipv: ret.append(idx[1]) return ret @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, out_signature='a(sas)') @dbus_handle_exceptions def getAllPassthroughs(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllPassthroughs()") return self.getSettings()[2] firewalld-0.8.2/src/firewall/server/__init__.py0000664007115300711530000000000013341016621022652 0ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/server/server.py0000664007115300711530000000737113614563155022457 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # signal handling and run_server derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Thomas Liu # Dan Walsh __all__ = [ "run_server" ] import sys import signal # force use of pygobject3 in python-slip from gi.repository import GObject, GLib sys.modules['gobject'] = GObject import dbus import dbus.service import dbus.mainloop.glib import slip.dbus from firewall import config from firewall.core.logger import log from firewall.server.firewalld import FirewallD ############################################################################ # # signal handlers # ############################################################################ def sighup(service): service.reload() return True def sigterm(mainloop): mainloop.quit() ############################################################################ # # run_server function # ############################################################################ def run_server(debug_gc=False): """ Main function for firewall server. Handles D-Bus and GLib mainloop. """ service = None if debug_gc: from pprint import pformat import gc gc.enable() gc.set_debug(gc.DEBUG_LEAK) gc_timeout = 10 def gc_collect(): gc.collect() if len(gc.garbage) > 0: print("\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n") print("GARBAGE OBJECTS (%d):\n" % len(gc.garbage)) for x in gc.garbage: print(type(x), "\n ",) print(pformat(x)) print("\n<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n") GLib.timeout_add_seconds(gc_timeout, gc_collect) try: dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) bus = dbus.SystemBus() name = dbus.service.BusName(config.dbus.DBUS_INTERFACE, bus=bus) service = FirewallD(name, config.dbus.DBUS_PATH) mainloop = GLib.MainLoop() slip.dbus.service.set_mainloop(mainloop) if debug_gc: GLib.timeout_add_seconds(gc_timeout, gc_collect) # use unix_signal_add if available, else unix_signal_add_full if hasattr(GLib, 'unix_signal_add'): unix_signal_add = GLib.unix_signal_add else: unix_signal_add = GLib.unix_signal_add_full unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGHUP, sighup, service) unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGTERM, sigterm, mainloop) mainloop.run() except KeyboardInterrupt: log.debug1("Stopping..") except SystemExit: log.error("Raising SystemExit in run_server") except Exception as e: log.error("Exception %s: %s", e.__class__.__name__, str(e)) if service: service.stop() firewalld-0.8.2/src/firewall/server/config_ipset.py0000664007115300711530000004376113341016621023611 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # force use of pygobject3 in python-slip from gi.repository import GObject import sys sys.modules['gobject'] = GObject import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.ipset import IPSet from firewall.core.ipset import IPSET_TYPES from firewall.core.logger import log from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfigIPSet # ############################################################################ class FirewallDConfigIPSet(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, ipset, item_id, *args, **kwargs): super(FirewallDConfigIPSet, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = ipset self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.ipset.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigIPSet, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_IPSET) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for ipset """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_ipset_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for ipset """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_ipset_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin ipset """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_ipset_defaults(self.obj) self.Updated(self.obj.name) #self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, # { "default": True }, [ ]) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def remove(self, sender=None): """remove ipset """ log.debug1("%s.remove()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_ipset(self.obj) self.parent.removeIPSet(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename ipset """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_ipset(self.obj, name) self.Renamed(name) #self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, # { "name": name }, [ ]) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # type @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getType(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getType()", self._log_prefix) return self.getSettings()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setType(self, ipset_type, sender=None): ipset_type = dbus_to_python(ipset_type, str) log.debug1("%s.setType('%s')", self._log_prefix, ipset_type) self.parent.accessCheck(sender) if ipset_type not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, ipset_type) settings = list(self.getSettings()) settings[3] = ipset_type self.update(settings) # options @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='a{ss}') @dbus_handle_exceptions def getOptions(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getOptions()", self._log_prefix) return self.getSettings()[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='a{ss}') @dbus_handle_exceptions def setOptions(self, options, sender=None): options = dbus_to_python(options, dict) log.debug1("%s.setOptions('[%s]')", self._log_prefix, repr(options)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = options self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='ss') @dbus_handle_exceptions def addOption(self, key, value, sender=None): key = dbus_to_python(key, str) value = dbus_to_python(value, str) log.debug1("%s.addOption('%s', '%s')", self._log_prefix, key, value) self.parent.accessCheck(sender) settings = list(self.getSettings()) if key in settings[4] and settings[4][key] == value: raise FirewallError(errors.ALREADY_ENABLED, "'%s': '%s'" % (key, value)) settings[4][key] = value self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def removeOption(self, key, sender=None): key = dbus_to_python(key, str) log.debug1("%s.removeOption('%s')", self._log_prefix, key) self.parent.accessCheck(sender) settings = list(self.getSettings()) if key not in settings[4]: raise FirewallError(errors.NOT_ENABLED, key) del settings[4][key] self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryOption(self, key, value, sender=None): # pylint: disable=W0613 key = dbus_to_python(key, str) value = dbus_to_python(value, str) log.debug1("%s.queryOption('%s', '%s')", self._log_prefix, key, value) settings = list(self.getSettings()) return (key in settings[4] and settings[4][key] == value) # entries @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='as') @dbus_handle_exceptions def getEntries(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getEntries()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='as') @dbus_handle_exceptions def setEntries(self, entries, sender=None): entries = dbus_to_python(entries, list) log.debug1("%s.setEntries('[%s]')", self._log_prefix, ",".join(entries)) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) settings[5] = entries self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def addEntry(self, entry, sender=None): entry = dbus_to_python(entry, str) log.debug1("%s.addEntry('%s')", self._log_prefix, entry) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, entry) settings[5].append(entry) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def removeEntry(self, entry, sender=None): entry = dbus_to_python(entry, str) log.debug1("%s.removeEntry('%s')", self._log_prefix, entry) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry not in settings[5]: raise FirewallError(errors.NOT_ENABLED, entry) settings[5].remove(entry) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryEntry(self, entry, sender=None): # pylint: disable=W0613 entry = dbus_to_python(entry, str) log.debug1("%s.queryEntry('%s')", self._log_prefix, entry) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) return entry in settings[5] firewalld-0.8.2/src/firewall/server/config_icmptype.py0000664007115300711530000003512313341016621024310 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # force use of pygobject3 in python-slip from gi.repository import GObject import sys sys.modules['gobject'] = GObject import dbus import dbus.service import slip.dbus import slip.dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.icmptype import IcmpType from firewall.core.logger import log from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfigIcmpType # ############################################################################ class FirewallDConfigIcmpType(slip.dbus.service.Object): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, icmptype, item_id, *args, **kwargs): super(FirewallDConfigIcmpType, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = icmptype self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.icmptype.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigIcmpType, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for icmptype """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_icmptype_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for icmptype """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_icmptype_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin icmptype """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_icmptype_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def remove(self, sender=None): """remove icmptype """ log.debug1("%s.removeIcmpType()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_icmptype(self.obj) self.parent.removeIcmpType(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename icmptype """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_icmptype(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # destination @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='as') @dbus_handle_exceptions def getDestinations(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDestinations()", self._log_prefix) return sorted(self.getSettings()[3]) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='as') @dbus_handle_exceptions def setDestinations(self, destinations, sender=None): destinations = dbus_to_python(destinations, list) log.debug1("%s.setDestinations('[%s]')", self._log_prefix, ",".join(destinations)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[3] = destinations self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def addDestination(self, destination, sender=None): destination = dbus_to_python(destination, str) log.debug1("%s.addDestination('%s')", self._log_prefix, destination) self.parent.accessCheck(sender) settings = list(self.getSettings()) if destination in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, destination) settings[3].append(destination) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def removeDestination(self, destination, sender=None): destination = dbus_to_python(destination, str) log.debug1("%s.removeDestination('%s')", self._log_prefix, destination) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[3]: if destination not in settings[3]: raise FirewallError(errors.NOT_ENABLED, destination) else: settings[3].remove(destination) else: # empty means all settings[3] = list(set(['ipv4', 'ipv6']) - set([destination])) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryDestination(self, destination, sender=None): # pylint: disable=W0613 destination = dbus_to_python(destination, str) log.debug1("%s.queryDestination('%s')", self._log_prefix, destination) settings = self.getSettings() # empty means all return (not settings[3] or destination in settings[3]) firewalld-0.8.2/src/firewall/server/decorators.py0000664007115300711530000000570513641105304023301 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2012-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """This module contains decorators for use with and without D-Bus""" __all__ = ["FirewallDBusException", "handle_exceptions", "dbus_handle_exceptions", "dbus_service_method"] import dbus import dbus.service import traceback from dbus.exceptions import DBusException from decorator import decorator from firewall import config from firewall.errors import FirewallError from firewall import errors from firewall.core.logger import log ############################################################################ # # Exception handler decorators # ############################################################################ class FirewallDBusException(dbus.DBusException): """FirewallDBusException""" _dbus_error_name = "%s.Exception" % config.dbus.DBUS_INTERFACE @decorator def handle_exceptions(func, *args, **kwargs): """Decorator to handle exceptions and log them. Used if not conneced to D-Bus. """ try: return func(*args, **kwargs) except FirewallError as error: log.debug1(traceback.format_exc()) log.error(error) except Exception: # pylint: disable=W0703 log.debug1(traceback.format_exc()) log.exception() @decorator def dbus_handle_exceptions(func, *args, **kwargs): """Decorator to handle exceptions, log and report them into D-Bus :Raises DBusException: on a firewall error code problems. """ try: return func(*args, **kwargs) except FirewallError as error: code = FirewallError.get_code(str(error)) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: log.warning(str(error)) else: log.debug1(traceback.format_exc()) log.error(str(error)) raise FirewallDBusException(str(error)) except DBusException as ex: # only log DBusExceptions once raise ex except Exception as ex: log.debug1(traceback.format_exc()) log.exception() raise FirewallDBusException(str(ex)) def dbus_service_method(*args, **kwargs): """Add sender argument for D-Bus""" kwargs.setdefault("sender_keyword", "sender") return dbus.service.method(*args, **kwargs) firewalld-0.8.2/src/firewall/client.py0000664007115300711530000033501713620317435021115 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GLib, GObject # force use of pygobject3 in python-slip import sys sys.modules['gobject'] = GObject import dbus.mainloop.glib import slip.dbus from decorator import decorator from firewall import config from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.dbus_utils import dbus_to_python from firewall.functions import b2u from firewall.core.rich import Rich_Rule from firewall import errors from firewall.errors import FirewallError import dbus import traceback exception_handler = None not_authorized_loop = False @decorator def handle_exceptions(func, *args, **kwargs): """Decorator to handle exceptions """ authorized = False while not authorized: try: return func(*args, **kwargs) except dbus.exceptions.DBusException as e: dbus_message = e.get_dbus_message() # returns unicode dbus_name = e.get_dbus_name() if not exception_handler: raise if "NotAuthorizedException" in dbus_name: exception_handler("NotAuthorizedException") elif "org.freedesktop.DBus.Error" in dbus_name: # dbus error, try again exception_handler(dbus_message) else: authorized = True if dbus_message: exception_handler(dbus_message) else: exception_handler(b2u(str(e))) except FirewallError as e: if not exception_handler: raise else: exception_handler(b2u(str(e))) except Exception: if not exception_handler: raise else: exception_handler(b2u(traceback.format_exc())) if not not_authorized_loop: break # zone config setings class FirewallClientZoneSettings(object): @handle_exceptions def __init__(self, settings = None): if settings: self.settings = settings else: self.settings = ["", "", "", False, DEFAULT_ZONE_TARGET, [], [], [], False, [], [], [], [], [], [], False] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description # self.settings[3] was used for 'immutable' @handle_exceptions def getTarget(self): return self.settings[4] if self.settings[4] != DEFAULT_ZONE_TARGET else "default" @handle_exceptions def setTarget(self, target): self.settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET @handle_exceptions def getServices(self): return self.settings[5] @handle_exceptions def setServices(self, services): self.settings[5] = services @handle_exceptions def addService(self, service): if service not in self.settings[5]: self.settings[5].append(service) else: raise FirewallError(errors.ALREADY_ENABLED, service) @handle_exceptions def removeService(self, service): if service in self.settings[5]: self.settings[5].remove(service) else: raise FirewallError(errors.NOT_ENABLED, service) @handle_exceptions def queryService(self, service): return service in self.settings[5] @handle_exceptions def getPorts(self): return self.settings[6] @handle_exceptions def setPorts(self, ports): self.settings[6] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings[6]: self.settings[6].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings[6]: self.settings[6].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings[6] @handle_exceptions def getProtocols(self): return self.settings[13] @handle_exceptions def setProtocols(self, protocols): self.settings[13] = protocols @handle_exceptions def addProtocol(self, protocol): if protocol not in self.settings[13]: self.settings[13].append(protocol) else: raise FirewallError(errors.ALREADY_ENABLED, protocol) @handle_exceptions def removeProtocol(self, protocol): if protocol in self.settings[13]: self.settings[13].remove(protocol) else: raise FirewallError(errors.NOT_ENABLED, protocol) @handle_exceptions def queryProtocol(self, protocol): return protocol in self.settings[13] @handle_exceptions def getSourcePorts(self): return self.settings[14] @handle_exceptions def setSourcePorts(self, ports): self.settings[14] = ports @handle_exceptions def addSourcePort(self, port, protocol): if (port,protocol) not in self.settings[14]: self.settings[14].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removeSourcePort(self, port, protocol): if (port,protocol) in self.settings[14]: self.settings[14].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def querySourcePort(self, port, protocol): return (port,protocol) in self.settings[14] @handle_exceptions def getIcmpBlocks(self): return self.settings[7] @handle_exceptions def setIcmpBlocks(self, icmpblocks): self.settings[7] = icmpblocks @handle_exceptions def addIcmpBlock(self, icmptype): if icmptype not in self.settings[7]: self.settings[7].append(icmptype) else: raise FirewallError(errors.ALREADY_ENABLED, icmptype) @handle_exceptions def removeIcmpBlock(self, icmptype): if icmptype in self.settings[7]: self.settings[7].remove(icmptype) else: raise FirewallError(errors.NOT_ENABLED, icmptype) @handle_exceptions def queryIcmpBlock(self, icmptype): return icmptype in self.settings[7] @handle_exceptions def getIcmpBlockInversion(self): return self.settings[15] @handle_exceptions def setIcmpBlockInversion(self, flag): self.settings[15] = flag @slip.dbus.polkit.enable_proxy @handle_exceptions def addIcmpBlockInversion(self): if not self.settings[15]: self.settings[15] = True else: FirewallError(errors.ALREADY_ENABLED, "icmp-block-inversion") @slip.dbus.polkit.enable_proxy @handle_exceptions def removeIcmpBlockInversion(self): if self.settings[15]: self.settings[15] = False else: FirewallError(errors.NOT_ENABLED, "icmp-block-inversion") @slip.dbus.polkit.enable_proxy @handle_exceptions def queryIcmpBlockInversion(self): return self.settings[15] @handle_exceptions def getMasquerade(self): return self.settings[8] @handle_exceptions def setMasquerade(self, masquerade): self.settings[8] = masquerade @slip.dbus.polkit.enable_proxy @handle_exceptions def addMasquerade(self): if not self.settings[8]: self.settings[8] = True else: FirewallError(errors.ALREADY_ENABLED, "masquerade") @slip.dbus.polkit.enable_proxy @handle_exceptions def removeMasquerade(self): if self.settings[8]: self.settings[8] = False else: FirewallError(errors.NOT_ENABLED, "masquerade") @slip.dbus.polkit.enable_proxy @handle_exceptions def queryMasquerade(self): return self.settings[8] @handle_exceptions def getForwardPorts(self): return self.settings[9] @handle_exceptions def setForwardPorts(self, ports): self.settings[9] = ports @handle_exceptions def addForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' if (port,protocol,to_port,to_addr) not in self.settings[9]: self.settings[9].append((port,protocol,to_port,to_addr)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s:%s:%s'" % \ (port, protocol, to_port, to_addr)) @handle_exceptions def removeForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' if (port,protocol,to_port,to_addr) in self.settings[9]: self.settings[9].remove((port,protocol,to_port,to_addr)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s:%s:%s'" % \ (port, protocol, to_port, to_addr)) @handle_exceptions def queryForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' return (port,protocol,to_port,to_addr) in self.settings[9] @handle_exceptions def getInterfaces(self): return self.settings[10] @handle_exceptions def setInterfaces(self, interfaces): self.settings[10] = interfaces @handle_exceptions def addInterface(self, interface): if interface not in self.settings[10]: self.settings[10].append(interface) else: raise FirewallError(errors.ALREADY_ENABLED, interface) @handle_exceptions def removeInterface(self, interface): if interface in self.settings[10]: self.settings[10].remove(interface) else: raise FirewallError(errors.NOT_ENABLED, interface) @handle_exceptions def queryInterface(self, interface): return interface in self.settings[10] @handle_exceptions def getSources(self): return self.settings[11] @handle_exceptions def setSources(self, sources): self.settings[11] = sources @handle_exceptions def addSource(self, source): if source not in self.settings[11]: self.settings[11].append(source) else: raise FirewallError(errors.ALREADY_ENABLED, source) @handle_exceptions def removeSource(self, source): if source in self.settings[11]: self.settings[11].remove(source) else: raise FirewallError(errors.NOT_ENABLED, source) @handle_exceptions def querySource(self, source): return source in self.settings[11] @handle_exceptions def getRichRules(self): return self.settings[12] @handle_exceptions def setRichRules(self, rules): rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] self.settings[12] = rules @handle_exceptions def addRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) if rule not in self.settings[12]: self.settings[12].append(rule) else: raise FirewallError(errors.ALREADY_ENABLED, rule) @handle_exceptions def removeRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) if rule in self.settings[12]: self.settings[12].remove(rule) else: raise FirewallError(errors.NOT_ENABLED, rule) @handle_exceptions def queryRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) return rule in self.settings[12] # zone config class FirewallClientConfigZone(object): def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_zone = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_ZONE) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') #TODO: check interface version and revision (need to match client # version) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_ZONE, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_ZONE)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, prop, value) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSettings(self): return FirewallClientZoneSettings(list(dbus_to_python(\ self.fw_zone.getSettings()))) @slip.dbus.polkit.enable_proxy @handle_exceptions def update(self, settings): self.fw_zone.update(tuple(settings.settings)) @slip.dbus.polkit.enable_proxy @handle_exceptions def loadDefaults(self): self.fw_zone.loadDefaults() @slip.dbus.polkit.enable_proxy @handle_exceptions def remove(self): self.fw_zone.remove() @slip.dbus.polkit.enable_proxy @handle_exceptions def rename(self, name): self.fw_zone.rename(name) # version @slip.dbus.polkit.enable_proxy @handle_exceptions def getVersion(self): return self.fw_zone.getVersion() @slip.dbus.polkit.enable_proxy @handle_exceptions def setVersion(self, version): self.fw_zone.setVersion(version) # short @slip.dbus.polkit.enable_proxy @handle_exceptions def getShort(self): return self.fw_zone.getShort() @slip.dbus.polkit.enable_proxy @handle_exceptions def setShort(self, short): self.fw_zone.setShort(short) # description @slip.dbus.polkit.enable_proxy @handle_exceptions def getDescription(self): return self.fw_zone.getDescription() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDescription(self, description): self.fw_zone.setDescription(description) # target @slip.dbus.polkit.enable_proxy @handle_exceptions def getTarget(self): return self.fw_zone.getTarget() @slip.dbus.polkit.enable_proxy @handle_exceptions def setTarget(self, target): self.fw_zone.setTarget(target) # service @slip.dbus.polkit.enable_proxy @handle_exceptions def getServices(self): return self.fw_zone.getServices() @slip.dbus.polkit.enable_proxy @handle_exceptions def setServices(self, services): self.fw_zone.setServices(services) @slip.dbus.polkit.enable_proxy @handle_exceptions def addService(self, service): self.fw_zone.addService(service) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeService(self, service): self.fw_zone.removeService(service) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryService(self, service): return self.fw_zone.queryService(service) # port @slip.dbus.polkit.enable_proxy @handle_exceptions def getPorts(self): return self.fw_zone.getPorts() @slip.dbus.polkit.enable_proxy @handle_exceptions def setPorts(self, ports): self.fw_zone.setPorts(ports) @slip.dbus.polkit.enable_proxy @handle_exceptions def addPort(self, port, protocol): self.fw_zone.addPort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removePort(self, port, protocol): self.fw_zone.removePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPort(self, port, protocol): return self.fw_zone.queryPort(port, protocol) # protocol @slip.dbus.polkit.enable_proxy @handle_exceptions def getProtocols(self): return self.fw_zone.getProtocols() @slip.dbus.polkit.enable_proxy @handle_exceptions def setProtocols(self, protocols): self.fw_zone.setProtocols(protocols) @slip.dbus.polkit.enable_proxy @handle_exceptions def addProtocol(self, protocol): self.fw_zone.addProtocol(protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeProtocol(self, protocol): self.fw_zone.removeProtocol(protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryProtocol(self, protocol): return self.fw_zone.queryProtocol(protocol) # source-port @slip.dbus.polkit.enable_proxy @handle_exceptions def getSourcePorts(self): return self.fw_zone.getSourcePorts() @slip.dbus.polkit.enable_proxy @handle_exceptions def setSourcePorts(self, ports): self.fw_zone.setSourcePorts(ports) @slip.dbus.polkit.enable_proxy @handle_exceptions def addSourcePort(self, port, protocol): self.fw_zone.addSourcePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeSourcePort(self, port, protocol): self.fw_zone.removeSourcePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def querySourcePort(self, port, protocol): return self.fw_zone.querySourcePort(port, protocol) # icmp block @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpBlocks(self): return self.fw_zone.getIcmpBlocks() @slip.dbus.polkit.enable_proxy @handle_exceptions def setIcmpBlocks(self, icmptypes): self.fw_zone.setIcmpBlocks(icmptypes) @slip.dbus.polkit.enable_proxy @handle_exceptions def addIcmpBlock(self, icmptype): self.fw_zone.addIcmpBlock(icmptype) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeIcmpBlock(self, icmptype): self.fw_zone.removeIcmpBlock(icmptype) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryIcmpBlock(self, icmptype): return self.fw_zone.queryIcmpBlock(icmptype) # icmp-block-inversion @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpBlockInversion(self): return self.fw_zone.getIcmpBlockInversion() @slip.dbus.polkit.enable_proxy @handle_exceptions def setIcmpBlockInversion(self, inversion): self.fw_zone.setIcmpBlockInversion(inversion) @slip.dbus.polkit.enable_proxy @handle_exceptions def addIcmpBlockInversion(self): self.fw_zone.addIcmpBlockInversion() @slip.dbus.polkit.enable_proxy @handle_exceptions def removeIcmpBlockInversion(self): self.fw_zone.removeIcmpBlockInversion() @slip.dbus.polkit.enable_proxy @handle_exceptions def queryIcmpBlockInversion(self): return self.fw_zone.queryIcmpBlockInversion() # masquerade @slip.dbus.polkit.enable_proxy @handle_exceptions def getMasquerade(self): return self.fw_zone.getMasquerade() @slip.dbus.polkit.enable_proxy @handle_exceptions def setMasquerade(self, masquerade): self.fw_zone.setMasquerade(masquerade) @slip.dbus.polkit.enable_proxy @handle_exceptions def addMasquerade(self): self.fw_zone.addMasquerade() @slip.dbus.polkit.enable_proxy @handle_exceptions def removeMasquerade(self): self.fw_zone.removeMasquerade() @slip.dbus.polkit.enable_proxy @handle_exceptions def queryMasquerade(self): return self.fw_zone.queryMasquerade() # forward port @slip.dbus.polkit.enable_proxy @handle_exceptions def getForwardPorts(self): return self.fw_zone.getForwardPorts() @slip.dbus.polkit.enable_proxy @handle_exceptions def setForwardPorts(self, ports): self.fw_zone.setForwardPorts(ports) @slip.dbus.polkit.enable_proxy @handle_exceptions def addForwardPort(self, port, protocol, toport, toaddr): if toport is None: toport = '' if toaddr is None: toaddr = '' self.fw_zone.addForwardPort(port, protocol, toport, toaddr) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeForwardPort(self, port, protocol, toport, toaddr): if toport is None: toport = '' if toaddr is None: toaddr = '' self.fw_zone.removeForwardPort(port, protocol, toport, toaddr) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryForwardPort(self, port, protocol, toport, toaddr): if toport is None: toport = '' if toaddr is None: toaddr = '' return self.fw_zone.queryForwardPort(port, protocol, toport, toaddr) # interface @slip.dbus.polkit.enable_proxy @handle_exceptions def getInterfaces(self): return self.fw_zone.getInterfaces() @slip.dbus.polkit.enable_proxy @handle_exceptions def setInterfaces(self, interfaces): self.fw_zone.setInterfaces(interfaces) @slip.dbus.polkit.enable_proxy @handle_exceptions def addInterface(self, interface): self.fw_zone.addInterface(interface) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeInterface(self, interface): self.fw_zone.removeInterface(interface) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryInterface(self, interface): return self.fw_zone.queryInterface(interface) # source @slip.dbus.polkit.enable_proxy @handle_exceptions def getSources(self): return self.fw_zone.getSources() @slip.dbus.polkit.enable_proxy @handle_exceptions def setSources(self, sources): self.fw_zone.setSources(sources) @slip.dbus.polkit.enable_proxy @handle_exceptions def addSource(self, source): self.fw_zone.addSource(source) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeSource(self, source): self.fw_zone.removeSource(source) @slip.dbus.polkit.enable_proxy @handle_exceptions def querySource(self, source): return self.fw_zone.querySource(source) # rich rule @slip.dbus.polkit.enable_proxy @handle_exceptions def getRichRules(self): return self.fw_zone.getRichRules() @slip.dbus.polkit.enable_proxy @handle_exceptions def setRichRules(self, rules): self.fw_zone.setRichRules(rules) @slip.dbus.polkit.enable_proxy @handle_exceptions def addRichRule(self, rule): self.fw_zone.addRichRule(rule) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeRichRule(self, rule): self.fw_zone.removeRichRule(rule) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryRichRule(self, rule): return self.fw_zone.queryRichRule(rule) # service config settings class FirewallClientServiceSettings(object): @handle_exceptions def __init__(self, settings=None): self.settings = ["", "", "", [], [], {}, [], [], [], []] self.settings_name = ["version", "short", "description", "ports", "modules", "destination", "protocols", "source_ports", "includes", "helpers"] self.settings_dbus_type = ["s", "s", "s", "(ss)", "s", "ss", "s", "(ss)", "s", "s"] if settings: if type(settings) is list: for i,v in enumerate(settings): self.settings[i] = settings[i] elif type(settings) is dict: self.setSettingsDict(settings) @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getSettingsDict(self): settings = {} for key,value in zip(self.settings_name, self.settings): settings[key] = value return settings @handle_exceptions def setSettingsDict(self, settings): for key in settings: self.settings[self.settings_name.index(key)] = settings[key] @handle_exceptions def getSettingsDbusDict(self): settings = {} for key,value,sig in zip(self.settings_name, self.settings, self.settings_dbus_type): if type(value) is list: settings[key] = dbus.Array(value, signature=sig) elif type(value) is dict: settings[key] = dbus.Dictionary(value, signature=sig) else: settings[key] = value return settings @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getPorts(self): return self.settings[3] @handle_exceptions def setPorts(self, ports): self.settings[3] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings[3]: self.settings[3].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings[3]: self.settings[3].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings[3] @handle_exceptions def getProtocols(self): return self.settings[6] @handle_exceptions def setProtocols(self, protocols): self.settings[6] = protocols @handle_exceptions def addProtocol(self, protocol): if protocol not in self.settings[6]: self.settings[6].append(protocol) else: raise FirewallError(errors.ALREADY_ENABLED, protocol) @handle_exceptions def removeProtocol(self, protocol): if protocol in self.settings[6]: self.settings[6].remove(protocol) else: raise FirewallError(errors.NOT_ENABLED, protocol) @handle_exceptions def queryProtocol(self, protocol): return protocol in self.settings[6] @handle_exceptions def getSourcePorts(self): return self.settings[7] @handle_exceptions def setSourcePorts(self, ports): self.settings[7] = ports @handle_exceptions def addSourcePort(self, port, protocol): if (port,protocol) not in self.settings[7]: self.settings[7].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removeSourcePort(self, port, protocol): if (port,protocol) in self.settings[7]: self.settings[7].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def querySourcePort(self, port, protocol): return (port,protocol) in self.settings[7] @handle_exceptions def getModules(self): return self.settings[4] @handle_exceptions def setModules(self, modules): self.settings[4] = modules @handle_exceptions def addModule(self, module): if module not in self.settings[4]: self.settings[4].append(module) else: raise FirewallError(errors.ALREADY_ENABLED, module) @handle_exceptions def removeModule(self, module): if module in self.settings[4]: self.settings[4].remove(module) else: raise FirewallError(errors.NOT_ENABLED, module) @handle_exceptions def queryModule(self, module): return module in self.settings[4] @handle_exceptions def getDestinations(self): return self.settings[5] @handle_exceptions def setDestinations(self, destinations): self.settings[5] = destinations @handle_exceptions def setDestination(self, dest_type, address): if dest_type not in self.settings[5] or \ self.settings[5][dest_type] != address: self.settings[5][dest_type] = address else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % \ (dest_type, address)) @handle_exceptions def removeDestination(self, dest_type, address=None): if dest_type in self.settings[5]: if address is not None and self.settings[5][dest_type] != address: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % \ (dest_type, address)) del self.settings[5][dest_type] else: raise FirewallError(errors.NOT_ENABLED, "'%s'" % dest_type) @handle_exceptions def queryDestination(self, dest_type, address): return (dest_type in self.settings[5] and \ address == self.settings[5][dest_type]) @handle_exceptions def getIncludes(self): return self.settings[8] @handle_exceptions def setIncludes(self, includes): self.settings[8] = includes @handle_exceptions def addInclude(self, include): if include not in self.settings[8]: self.settings[8].append(include) else: raise FirewallError(errors.ALREADY_ENABLED, include) @handle_exceptions def removeInclude(self, include): if include in self.settings[8]: self.settings[8].remove(include) else: raise FirewallError(errors.NOT_ENABLED, include) @handle_exceptions def queryInclude(self, include): return include in self.settings[8] @handle_exceptions def getHelpers(self): return self.settings[9] @handle_exceptions def setHelpers(self, helpers): self.settings[9] = helpers @handle_exceptions def addHelper(self, helper): if helper not in self.settings[9]: self.settings[9].append(helper) else: raise FirewallError(errors.ALREADY_ENABLED, helper) @handle_exceptions def removeHelper(self, helper): if helper in self.settings[9]: self.settings[9].remove(helper) else: raise FirewallError(errors.NOT_ENABLED, helper) @handle_exceptions def queryHelper(self, helper): return helper in self.settings[9] # ipset config settings class FirewallClientIPSetSettings(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = ["", "", "", "", {}, []] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getType(self): return self.settings[3] @handle_exceptions def setType(self, ipset_type): self.settings[3] = ipset_type @handle_exceptions def getOptions(self): return self.settings[4] @handle_exceptions def setOptions(self, options): self.settings[4] = options @handle_exceptions def addOption(self, key, value): if key not in self.settings[4] or self.settings[4][key] != value: self.settings[4][key] = value else: raise FirewallError(errors.ALREADY_ENABLED, "'%s=%s'" % (key,value) if value else key) @handle_exceptions def removeOption(self, key): if key in self.settings[4]: del self.settings[4][key] else: raise FirewallError(errors.NOT_ENABLED, key) @handle_exceptions def queryOption(self, key, value): return key in self.settings[4] and self.settings[4][key] == value @handle_exceptions def getEntries(self): return self.settings[5] @handle_exceptions def setEntries(self, entries): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) self.settings[5] = entries @handle_exceptions def addEntry(self, entry): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry not in self.settings[5]: self.settings[5].append(entry) else: raise FirewallError(errors.ALREADY_ENABLED, entry) @handle_exceptions def removeEntry(self, entry): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry in self.settings[5]: self.settings[5].remove(entry) else: raise FirewallError(errors.NOT_ENABLED, entry) @handle_exceptions def queryEntry(self, entry): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) return entry in self.settings[5] # ipset config class FirewallClientConfigIPSet(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_ipset = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_IPSET) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_IPSET, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_IPSET)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, prop, value) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSettings(self): return FirewallClientIPSetSettings(list(dbus_to_python(\ self.fw_ipset.getSettings()))) @slip.dbus.polkit.enable_proxy @handle_exceptions def update(self, settings): self.fw_ipset.update(tuple(settings.settings)) @slip.dbus.polkit.enable_proxy @handle_exceptions def loadDefaults(self): self.fw_ipset.loadDefaults() @slip.dbus.polkit.enable_proxy @handle_exceptions def remove(self): self.fw_ipset.remove() @slip.dbus.polkit.enable_proxy @handle_exceptions def rename(self, name): self.fw_ipset.rename(name) # version @slip.dbus.polkit.enable_proxy @handle_exceptions def getVersion(self): return self.fw_ipset.getVersion() @slip.dbus.polkit.enable_proxy @handle_exceptions def setVersion(self, version): self.fw_ipset.setVersion(version) # short @slip.dbus.polkit.enable_proxy @handle_exceptions def getShort(self): return self.fw_ipset.getShort() @slip.dbus.polkit.enable_proxy @handle_exceptions def setShort(self, short): self.fw_ipset.setShort(short) # description @slip.dbus.polkit.enable_proxy @handle_exceptions def getDescription(self): return self.fw_ipset.getDescription() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDescription(self, description): self.fw_ipset.setDescription(description) # entry @slip.dbus.polkit.enable_proxy @handle_exceptions def getEntries(self): return self.fw_ipset.getEntries() @slip.dbus.polkit.enable_proxy @handle_exceptions def setEntries(self, entries): self.fw_ipset.setEntries(entries) @slip.dbus.polkit.enable_proxy @handle_exceptions def addEntry(self, entry): self.fw_ipset.addEntry(entry) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeEntry(self, entry): self.fw_ipset.removeEntry(entry) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryEntry(self, entry): return self.fw_ipset.queryEntry(entry) # helper config settings class FirewallClientHelperSettings(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = ["", "", "", "", "", [ ]] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getFamily(self): return self.settings[3] @handle_exceptions def setFamily(self, ipv): if ipv is None: self.settings[3] = "" self.settings[3] = ipv @handle_exceptions def getModule(self): return self.settings[4] @handle_exceptions def setModule(self, module): self.settings[4] = module @handle_exceptions def getPorts(self): return self.settings[5] @handle_exceptions def setPorts(self, ports): self.settings[5] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings[5]: self.settings[5].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings[5]: self.settings[5].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings[5] # helper config class FirewallClientConfigHelper(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_helper = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_HELPER) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_HELPER, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_HELPER)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, prop, value) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSettings(self): return FirewallClientHelperSettings(list(dbus_to_python(\ self.fw_helper.getSettings()))) @slip.dbus.polkit.enable_proxy @handle_exceptions def update(self, settings): self.fw_helper.update(tuple(settings.settings)) @slip.dbus.polkit.enable_proxy @handle_exceptions def loadDefaults(self): self.fw_helper.loadDefaults() @slip.dbus.polkit.enable_proxy @handle_exceptions def remove(self): self.fw_helper.remove() @slip.dbus.polkit.enable_proxy @handle_exceptions def rename(self, name): self.fw_helper.rename(name) # version @slip.dbus.polkit.enable_proxy @handle_exceptions def getVersion(self): return self.fw_helper.getVersion() @slip.dbus.polkit.enable_proxy @handle_exceptions def setVersion(self, version): self.fw_helper.setVersion(version) # short @slip.dbus.polkit.enable_proxy @handle_exceptions def getShort(self): return self.fw_helper.getShort() @slip.dbus.polkit.enable_proxy @handle_exceptions def setShort(self, short): self.fw_helper.setShort(short) # description @slip.dbus.polkit.enable_proxy @handle_exceptions def getDescription(self): return self.fw_helper.getDescription() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDescription(self, description): self.fw_helper.setDescription(description) # port @slip.dbus.polkit.enable_proxy @handle_exceptions def getPorts(self): return self.fw_helper.getPorts() @slip.dbus.polkit.enable_proxy @handle_exceptions def setPorts(self, ports): self.fw_helper.setPorts(ports) @slip.dbus.polkit.enable_proxy @handle_exceptions def addPort(self, port, protocol): self.fw_helper.addPort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removePort(self, port, protocol): self.fw_helper.removePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPort(self, port, protocol): return self.fw_helper.queryPort(port, protocol) # family @slip.dbus.polkit.enable_proxy @handle_exceptions def getFamily(self): return self.fw_helper.getFamily() @slip.dbus.polkit.enable_proxy @handle_exceptions def setFamily(self, ipv): if ipv is None: self.fw_helper.setFamily("") self.fw_helper.setFamily(ipv) # module @slip.dbus.polkit.enable_proxy @handle_exceptions def getModule(self): return self.fw_helper.getModule() @slip.dbus.polkit.enable_proxy @handle_exceptions def setModule(self, module): self.fw_helper.setModule(module) # service config class FirewallClientConfigService(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_service = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_SERVICE)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, prop, value) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSettings(self): return FirewallClientServiceSettings(dbus_to_python( self.fw_service.getSettings2())) @slip.dbus.polkit.enable_proxy @handle_exceptions def update(self, settings): self.fw_service.update2(settings.getSettingsDbusDict()) @slip.dbus.polkit.enable_proxy @handle_exceptions def loadDefaults(self): self.fw_service.loadDefaults() @slip.dbus.polkit.enable_proxy @handle_exceptions def remove(self): self.fw_service.remove() @slip.dbus.polkit.enable_proxy @handle_exceptions def rename(self, name): self.fw_service.rename(name) # version @slip.dbus.polkit.enable_proxy @handle_exceptions def getVersion(self): return self.fw_service.getVersion() @slip.dbus.polkit.enable_proxy @handle_exceptions def setVersion(self, version): self.fw_service.setVersion(version) # short @slip.dbus.polkit.enable_proxy @handle_exceptions def getShort(self): return self.fw_service.getShort() @slip.dbus.polkit.enable_proxy @handle_exceptions def setShort(self, short): self.fw_service.setShort(short) # description @slip.dbus.polkit.enable_proxy @handle_exceptions def getDescription(self): return self.fw_service.getDescription() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDescription(self, description): self.fw_service.setDescription(description) # port @slip.dbus.polkit.enable_proxy @handle_exceptions def getPorts(self): return self.fw_service.getPorts() @slip.dbus.polkit.enable_proxy @handle_exceptions def setPorts(self, ports): self.fw_service.setPorts(ports) @slip.dbus.polkit.enable_proxy @handle_exceptions def addPort(self, port, protocol): self.fw_service.addPort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removePort(self, port, protocol): self.fw_service.removePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPort(self, port, protocol): return self.fw_service.queryPort(port, protocol) # protocol @slip.dbus.polkit.enable_proxy @handle_exceptions def getProtocols(self): return self.fw_service.getProtocols() @slip.dbus.polkit.enable_proxy @handle_exceptions def setProtocols(self, protocols): self.fw_service.setProtocols(protocols) @slip.dbus.polkit.enable_proxy @handle_exceptions def addProtocol(self, protocol): self.fw_service.addProtocol(protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeProtocol(self, protocol): self.fw_service.removeProtocol(protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryProtocol(self, protocol): return self.fw_service.queryProtocol(protocol) # source-port @slip.dbus.polkit.enable_proxy @handle_exceptions def getSourcePorts(self): return self.fw_service.getSourcePorts() @slip.dbus.polkit.enable_proxy @handle_exceptions def setSourcePorts(self, ports): self.fw_service.setSourcePorts(ports) @slip.dbus.polkit.enable_proxy @handle_exceptions def addSourcePort(self, port, protocol): self.fw_service.addSourcePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeSourcePort(self, port, protocol): self.fw_service.removeSourcePort(port, protocol) @slip.dbus.polkit.enable_proxy @handle_exceptions def querySourcePort(self, port, protocol): return self.fw_service.querySourcePort(port, protocol) # module @slip.dbus.polkit.enable_proxy @handle_exceptions def getModules(self): return self.fw_service.getModules() @slip.dbus.polkit.enable_proxy @handle_exceptions def setModules(self, modules): self.fw_service.setModules(modules) @slip.dbus.polkit.enable_proxy @handle_exceptions def addModule(self, module): self.fw_service.addModule(module) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeModule(self, module): self.fw_service.removeModule(module) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryModule(self, module): return self.fw_service.queryModule(module) # destination @slip.dbus.polkit.enable_proxy @handle_exceptions def getDestinations(self): return self.fw_service.getDestinations() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDestinations(self, destinations): self.fw_service.setDestinations(destinations) @slip.dbus.polkit.enable_proxy @handle_exceptions def getDestination(self, destination): return self.fw_service.getDestination(destination) @slip.dbus.polkit.enable_proxy @handle_exceptions def setDestination(self, destination, address): self.fw_service.setDestination(destination, address) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeDestination(self, destination, address=None): if address is not None and self.getDestination(destination) != address: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % \ (destination, address)) self.fw_service.removeDestination(destination) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryDestination(self, destination, address): return self.fw_service.queryDestination(destination, address) # include @slip.dbus.polkit.enable_proxy @handle_exceptions def getIncludes(self): return self.fw_service.getIncludes() @slip.dbus.polkit.enable_proxy @handle_exceptions def setIncludes(self, includes): self.fw_service.setIncludes(includes) @slip.dbus.polkit.enable_proxy @handle_exceptions def addInclude(self, include): self.fw_service.addInclude(include) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeInclude(self, include): self.fw_service.removeInclude(include) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryInclude(self, include): return self.fw_service.queryInclude(include) # icmptype config settings class FirewallClientIcmpTypeSettings(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = ["", "", "", []] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getDestinations(self): return self.settings[3] @handle_exceptions def setDestinations(self, destinations): self.settings[3] = destinations @handle_exceptions def addDestination(self, destination): # empty means all if not self.settings[3]: raise FirewallError(errors.ALREADY_ENABLED, destination) elif destination not in self.settings[3]: self.settings[3].append(destination) else: raise FirewallError(errors.ALREADY_ENABLED, destination) @handle_exceptions def removeDestination(self, destination): if destination in self.settings[3]: self.settings[3].remove(destination) # empty means all elif not self.settings[3]: self.setDestinations(list(set(['ipv4','ipv6']) - \ set([destination]))) else: raise FirewallError(errors.NOT_ENABLED, destination) @handle_exceptions def queryDestination(self, destination): # empty means all return not self.settings[3] or \ destination in self.settings[3] # icmptype config class FirewallClientConfigIcmpType(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_icmptype = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, prop, value) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSettings(self): return FirewallClientIcmpTypeSettings(list(dbus_to_python(\ self.fw_icmptype.getSettings()))) @slip.dbus.polkit.enable_proxy @handle_exceptions def update(self, settings): self.fw_icmptype.update(tuple(settings.settings)) @slip.dbus.polkit.enable_proxy @handle_exceptions def loadDefaults(self): self.fw_icmptype.loadDefaults() @slip.dbus.polkit.enable_proxy @handle_exceptions def remove(self): self.fw_icmptype.remove() @slip.dbus.polkit.enable_proxy @handle_exceptions def rename(self, name): self.fw_icmptype.rename(name) # version @slip.dbus.polkit.enable_proxy @handle_exceptions def getVersion(self): return self.fw_icmptype.getVersion() @slip.dbus.polkit.enable_proxy @handle_exceptions def setVersion(self, version): self.fw_icmptype.setVersion(version) # short @slip.dbus.polkit.enable_proxy @handle_exceptions def getShort(self): return self.fw_icmptype.getShort() @slip.dbus.polkit.enable_proxy @handle_exceptions def setShort(self, short): self.fw_icmptype.setShort(short) # description @slip.dbus.polkit.enable_proxy @handle_exceptions def getDescription(self): return self.fw_icmptype.getDescription() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDescription(self, description): self.fw_icmptype.setDescription(description) # destination @slip.dbus.polkit.enable_proxy @handle_exceptions def getDestinations(self): return self.fw_icmptype.getDestinations() @slip.dbus.polkit.enable_proxy @handle_exceptions def setDestinations(self, destinations): self.fw_icmptype.setDestinations(destinations) @slip.dbus.polkit.enable_proxy @handle_exceptions def addDestination(self, destination): self.fw_icmptype.addDestination(destination) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeDestination(self, destination): self.fw_icmptype.removeDestination(destination) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryDestination(self, destination): return self.fw_icmptype.queryDestination(destination) # config.policies lockdown whitelist class FirewallClientPoliciesLockdownWhitelist(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = [ [], [], [], [] ] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getCommands(self): return self.settings[0] @handle_exceptions def setCommands(self, commands): self.settings[0] = commands @handle_exceptions def addCommand(self, command): if command not in self.settings[0]: self.settings[0].append(command) @handle_exceptions def removeCommand(self, command): if command in self.settings[0]: self.settings[0].remove(command) @handle_exceptions def queryCommand(self, command): return command in self.settings[0] @handle_exceptions def getContexts(self): return self.settings[1] @handle_exceptions def setContexts(self, contexts): self.settings[1] = contexts @handle_exceptions def addContext(self, context): if context not in self.settings[1]: self.settings[1].append(context) @handle_exceptions def removeContext(self, context): if context in self.settings[1]: self.settings[1].remove(context) @handle_exceptions def queryContext(self, context): return context in self.settings[1] @handle_exceptions def getUsers(self): return self.settings[2] @handle_exceptions def setUsers(self, users): self.settings[2] = users @handle_exceptions def addUser(self, user): if user not in self.settings[2]: self.settings[2].append(user) @handle_exceptions def removeUser(self, user): if user in self.settings[2]: self.settings[2].remove(user) @handle_exceptions def queryUser(self, user): return user in self.settings[2] @handle_exceptions def getUids(self): return self.settings[3] @handle_exceptions def setUids(self, uids): self.settings[3] = uids @handle_exceptions def addUid(self, uid): if uid not in self.settings[3]: self.settings[3].append(uid) @handle_exceptions def removeUid(self, uid): if uid in self.settings[3]: self.settings[3].remove(uid) @handle_exceptions def queryUid(self, uid): return uid in self.settings[3] # config.policies class FirewallClientConfigPolicies(object): @handle_exceptions def __init__(self, bus): self.bus = bus self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw_policies = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_POLICIES) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelist(self): return FirewallClientPoliciesLockdownWhitelist( \ list(dbus_to_python(self.fw_policies.getLockdownWhitelist()))) @slip.dbus.polkit.enable_proxy @handle_exceptions def setLockdownWhitelist(self, settings): self.fw_policies.setLockdownWhitelist(tuple(settings.settings)) # command @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistCommand(self, command): self.fw_policies.addLockdownWhitelistCommand(command) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistCommand(self, command): self.fw_policies.removeLockdownWhitelistCommand(command) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistCommand(self, command): return dbus_to_python(self.fw_policies.queryLockdownWhitelistCommand(command)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistCommands(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistCommands()) # context @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistContext(self, context): self.fw_policies.addLockdownWhitelistContext(context) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistContext(self, context): self.fw_policies.removeLockdownWhitelistContext(context) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistContext(self, context): return dbus_to_python(self.fw_policies.queryLockdownWhitelistContext(context)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistContexts(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistContexts()) # user @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistUser(self, user): self.fw_policies.addLockdownWhitelistUser(user) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistUser(self, user): self.fw_policies.removeLockdownWhitelistUser(user) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistUser(self, user): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUser(user)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistUsers(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUsers()) # uid @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistUids(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUids()) @slip.dbus.polkit.enable_proxy @handle_exceptions def setLockdownWhitelistUids(self, uids): self.fw_policies.setLockdownWhitelistUids(uids) @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistUid(self, uid): self.fw_policies.addLockdownWhitelistUid(uid) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistUid(self, uid): self.fw_policies.removeLockdownWhitelistUid(uid) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistUid(self, uid): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUid(uid)) # config.direct class FirewallClientDirect(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = [ [], [], [], ] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getAllChains(self): return self.settings[0] @handle_exceptions def getChains(self, ipv, table): return [ entry[2] for entry in self.settings[0] \ if entry[0] == ipv and entry[1] == table ] @handle_exceptions def setAllChains(self, chains): self.settings[0] = chains @handle_exceptions def addChain(self, ipv, table, chain): idx = (ipv, table, chain) if idx not in self.settings[0]: self.settings[0].append(idx) @handle_exceptions def removeChain(self, ipv, table, chain): idx = (ipv, table, chain) if idx in self.settings[0]: self.settings[0].remove(idx) @handle_exceptions def queryChain(self, ipv, table, chain): idx = (ipv, table, chain) return idx in self.settings[0] @handle_exceptions def getAllRules(self): return self.settings[1] @handle_exceptions def getRules(self, ipv, table, chain): return [ entry[3:] for entry in self.settings[1] \ if entry[0] == ipv and entry[1] == table \ and entry[2] == chain ] @handle_exceptions def setAllRules(self, rules): self.settings[1] = rules @handle_exceptions def addRule(self, ipv, table, chain, priority, args): idx = (ipv, table, chain, priority, args) if idx not in self.settings[1]: self.settings[1].append(idx) @handle_exceptions def removeRule(self, ipv, table, chain, priority, args): idx = (ipv, table, chain, priority, args) if idx in self.settings[1]: self.settings[1].remove(idx) @handle_exceptions def removeRules(self, ipv, table, chain): for idx in list(self.settings[1]): if idx[0] == ipv and idx[1] == table and idx[2] == chain: self.settings[1].remove(idx) @handle_exceptions def queryRule(self, ipv, table, chain, priority, args): idx = (ipv, table, chain, priority, args) return idx in self.settings[1] @handle_exceptions def getAllPassthroughs(self): return self.settings[2] @handle_exceptions def setAllPassthroughs(self, passthroughs): self.settings[2] = passthroughs @handle_exceptions def removeAllPassthroughs(self): self.settings[2] = [] @handle_exceptions def getPassthroughs(self, ipv): return [ entry[1] for entry in self.settings[2] \ if entry[0] == ipv ] @handle_exceptions def addPassthrough(self, ipv, args): idx = (ipv, args) if idx not in self.settings[2]: self.settings[2].append(idx) @handle_exceptions def removePassthrough(self, ipv, args): idx = (ipv, args) if idx in self.settings[2]: self.settings[2].remove(idx) @handle_exceptions def queryPassthrough(self, ipv, args): idx = (ipv, args) return idx in self.settings[2] # config.direct class FirewallClientConfigDirect(object): @handle_exceptions def __init__(self, bus): self.bus = bus self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw_direct = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSettings(self): return FirewallClientDirect( \ list(dbus_to_python(self.fw_direct.getSettings()))) @slip.dbus.polkit.enable_proxy @handle_exceptions def update(self, settings): self.fw_direct.update(tuple(settings.settings)) # direct chain @slip.dbus.polkit.enable_proxy @handle_exceptions def addChain(self, ipv, table, chain): self.fw_direct.addChain(ipv, table, chain) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeChain(self, ipv, table, chain): self.fw_direct.removeChain(ipv, table, chain) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryChain(self, ipv, table, chain): return dbus_to_python(self.fw_direct.queryChain(ipv, table, chain)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getChains(self, ipv, table): return dbus_to_python(self.fw_direct.getChains(ipv, table)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getAllChains(self): return dbus_to_python(self.fw_direct.getAllChains()) # direct rule @slip.dbus.polkit.enable_proxy @handle_exceptions def addRule(self, ipv, table, chain, priority, args): self.fw_direct.addRule(ipv, table, chain, priority, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeRule(self, ipv, table, chain, priority, args): self.fw_direct.removeRule(ipv, table, chain, priority, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeRules(self, ipv, table, chain): self.fw_direct.removeRules(ipv, table, chain) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryRule(self, ipv, table, chain, priority, args): return dbus_to_python(self.fw_direct.queryRule(ipv, table, chain, priority, args)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getRules(self, ipv, table, chain): return dbus_to_python(self.fw_direct.getRules(ipv, table, chain)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getAllRules(self): return dbus_to_python(self.fw_direct.getAllRules()) # tracked passthrough @slip.dbus.polkit.enable_proxy @handle_exceptions def addPassthrough(self, ipv, args): self.fw_direct.addPassthrough(ipv, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def removePassthrough(self, ipv, args): self.fw_direct.removePassthrough(ipv, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPassthrough(self, ipv, args): return dbus_to_python(self.fw_direct.queryPassthrough(ipv, args)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getPassthroughs(self, ipv): return dbus_to_python(self.fw_direct.getPassthroughs(ipv)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getAllPassthroughs(self): return dbus_to_python(self.fw_direct.getAllPassthroughs()) # config class FirewallClientConfig(object): @handle_exceptions def __init__(self, bus): self.bus = bus self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw_config = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') self._policies = FirewallClientConfigPolicies(self.bus) self._direct = FirewallClientConfigDirect(self.bus) # properties @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG, prop, value) # ipset @slip.dbus.polkit.enable_proxy @handle_exceptions def getIPSetNames(self): return dbus_to_python(self.fw_config.getIPSetNames()) @slip.dbus.polkit.enable_proxy @handle_exceptions def listIPSets(self): return dbus_to_python(self.fw_config.listIPSets()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIPSet(self, path): return FirewallClientConfigIPSet(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIPSetByName(self, name): path = dbus_to_python(self.fw_config.getIPSetByName(name)) return FirewallClientConfigIPSet(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def addIPSet(self, name, settings): if isinstance(settings, FirewallClientIPSetSettings): path = self.fw_config.addIPSet(name, tuple(settings.settings)) else: path = self.fw_config.addIPSet(name, tuple(settings)) return FirewallClientConfigIPSet(self.bus, path) # zone @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneNames(self): return dbus_to_python(self.fw_config.getZoneNames()) @slip.dbus.polkit.enable_proxy @handle_exceptions def listZones(self): return dbus_to_python(self.fw_config.listZones()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getZone(self, path): return FirewallClientConfigZone(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneByName(self, name): path = dbus_to_python(self.fw_config.getZoneByName(name)) return FirewallClientConfigZone(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneOfInterface(self, iface): return dbus_to_python(self.fw_config.getZoneOfInterface(iface)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneOfSource(self, source): return dbus_to_python(self.fw_config.getZoneOfSource(source)) @slip.dbus.polkit.enable_proxy @handle_exceptions def addZone(self, name, settings): if isinstance(settings, FirewallClientZoneSettings): path = self.fw_config.addZone(name, tuple(settings.settings)) else: path = self.fw_config.addZone(name, tuple(settings)) return FirewallClientConfigZone(self.bus, path) # service @slip.dbus.polkit.enable_proxy @handle_exceptions def getServiceNames(self): return dbus_to_python(self.fw_config.getServiceNames()) @slip.dbus.polkit.enable_proxy @handle_exceptions def listServices(self): return dbus_to_python(self.fw_config.listServices()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getService(self, path): return FirewallClientConfigService(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def getServiceByName(self, name): path = dbus_to_python(self.fw_config.getServiceByName(name)) return FirewallClientConfigService(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def addService(self, name, settings): if isinstance(settings, FirewallClientServiceSettings): path = self.fw_config.addService2(name, settings.getSettingsDbusDict()) elif type(settings) is dict: path = self.fw_config.addService2(name, settings) else: path = self.fw_config.addService(name, tuple(settings)) return FirewallClientConfigService(self.bus, path) # icmptype @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpTypeNames(self): return dbus_to_python(self.fw_config.getIcmpTypeNames()) @slip.dbus.polkit.enable_proxy @handle_exceptions def listIcmpTypes(self): return dbus_to_python(self.fw_config.listIcmpTypes()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpType(self, path): return FirewallClientConfigIcmpType(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpTypeByName(self, name): path = dbus_to_python(self.fw_config.getIcmpTypeByName(name)) return FirewallClientConfigIcmpType(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def addIcmpType(self, name, settings): if isinstance(settings, FirewallClientIcmpTypeSettings): path = self.fw_config.addIcmpType(name, tuple(settings.settings)) else: path = self.fw_config.addIcmpType(name, tuple(settings)) return FirewallClientConfigIcmpType(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def policies(self): return self._policies @slip.dbus.polkit.enable_proxy @handle_exceptions def direct(self): return self._direct # helper @slip.dbus.polkit.enable_proxy @handle_exceptions def getHelperNames(self): return dbus_to_python(self.fw_config.getHelperNames()) @slip.dbus.polkit.enable_proxy @handle_exceptions def listHelpers(self): return dbus_to_python(self.fw_config.listHelpers()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getHelper(self, path): return FirewallClientConfigHelper(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def getHelperByName(self, name): path = dbus_to_python(self.fw_config.getHelperByName(name)) return FirewallClientConfigHelper(self.bus, path) @slip.dbus.polkit.enable_proxy @handle_exceptions def addHelper(self, name, settings): if isinstance(settings, FirewallClientHelperSettings): path = self.fw_config.addHelper(name, tuple(settings.settings)) else: path = self.fw_config.addHelper(name, tuple(settings)) return FirewallClientConfigHelper(self.bus, path) # class FirewallClient(object): @handle_exceptions def __init__(self, bus=None, wait=0, quiet=True): if not bus: dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) try: self.bus = slip.dbus.SystemBus() self.bus.default_timeout = None except Exception: try: self.bus = dbus.SystemBus() except dbus.exceptions.DBusException as e: raise FirewallError(errors.DBUS_ERROR, e.get_dbus_message()) else: print("Not using slip.dbus") else: self.bus = bus self.bus.add_signal_receiver( handler_function=self._dbus_connection_changed, signal_name="NameOwnerChanged", dbus_interface="org.freedesktop.DBus", arg0=config.dbus.DBUS_INTERFACE) for interface in [ config.dbus.DBUS_INTERFACE, config.dbus.DBUS_INTERFACE_IPSET, config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_CONFIG, config.dbus.DBUS_INTERFACE_CONFIG_IPSET, config.dbus.DBUS_INTERFACE_CONFIG_ZONE, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, config.dbus.DBUS_INTERFACE_CONFIG_HELPER, config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: self.bus.add_signal_receiver(self._signal_receiver, dbus_interface=interface, interface_keyword='interface', member_keyword='member', path_keyword='path') # callbacks self._callback = { } self._callbacks = { # client callbacks "connection-changed": "connection-changed", "connection-established": "connection-established", "connection-lost": "connection-lost", # firewalld callbacks "log-denied-changed": "LogDeniedChanged", "default-zone-changed": "DefaultZoneChanged", "panic-mode-enabled": "PanicModeEnabled", "panic-mode-disabled": "PanicModeDisabled", "reloaded": "Reloaded", "service-added": "ServiceAdded", "service-removed": "ServiceRemoved", "port-added": "PortAdded", "port-removed": "PortRemoved", "source-port-added": "SourcePortAdded", "source-port-removed": "SourcePortRemoved", "protocol-added": "ProtocolAdded", "protocol-removed": "ProtocolRemoved", "masquerade-added": "MasqueradeAdded", "masquerade-removed": "MasqueradeRemoved", "forward-port-added": "ForwardPortAdded", "forward-port-removed": "ForwardPortRemoved", "icmp-block-added": "IcmpBlockAdded", "icmp-block-removed": "IcmpBlockRemoved", "icmp-block-inversion-added": "IcmpBlockInversionAdded", "icmp-block-inversion-removed": "IcmpBlockInversionRemoved", "richrule-added": "RichRuleAdded", "richrule-removed": "RichRuleRemoved", "interface-added": "InterfaceAdded", "interface-removed": "InterfaceRemoved", "zone-changed": "ZoneOfInterfaceChanged", # DEPRECATED, use zone-of-interface-changed instead "zone-of-interface-changed": "ZoneOfInterfaceChanged", "source-added": "SourceAdded", "source-removed": "SourceRemoved", "zone-of-source-changed": "ZoneOfSourceChanged", # ipset callbacks "ipset-entry-added": "EntryAdded", "ipset-entry-removed": "EntryRemoved", # direct callbacks "direct:chain-added": "ChainAdded", "direct:chain-removed": "ChainRemoved", "direct:rule-added": "RuleAdded", "direct:rule-removed": "RuleRemoved", "direct:passthrough-added": "PassthroughAdded", "direct:passthrough-removed": "PassthroughRemoved", "config:direct:updated": "config:direct:Updated", # policy callbacks "lockdown-enabled": "LockdownEnabled", "lockdown-disabled": "LockdownDisabled", "lockdown-whitelist-command-added": "LockdownWhitelistCommandAdded", "lockdown-whitelist-command-removed": "LockdownWhitelistCommandRemoved", "lockdown-whitelist-context-added": "LockdownWhitelistContextAdded", "lockdown-whitelist-context-removed": "LockdownWhitelistContextRemoved", "lockdown-whitelist-uid-added": "LockdownWhitelistUidAdded", "lockdown-whitelist-uid-removed": "LockdownWhitelistUidRemoved", "lockdown-whitelist-user-added": "LockdownWhitelistUserAdded", "lockdown-whitelist-user-removed": "LockdownWhitelistUserRemoved", # firewalld.config callbacks "config:policies:lockdown-whitelist-updated": "config:policies:LockdownWhitelistUpdated", "config:ipset-added": "config:IPSetAdded", "config:ipset-updated": "config:IPSetUpdated", "config:ipset-removed": "config:IPSetRemoved", "config:ipset-renamed": "config:IPSetRenamed", "config:zone-added": "config:ZoneAdded", "config:zone-updated": "config:ZoneUpdated", "config:zone-removed": "config:ZoneRemoved", "config:zone-renamed": "config:ZoneRenamed", "config:service-added": "config:ServiceAdded", "config:service-updated": "config:ServiceUpdated", "config:service-removed": "config:ServiceRemoved", "config:service-renamed": "config:ServiceRenamed", "config:icmptype-added": "config:IcmpTypeAdded", "config:icmptype-updated": "config:IcmpTypeUpdated", "config:icmptype-removed": "config:IcmpTypeRemoved", "config:icmptype-renamed": "config:IcmpTypeRenamed", "config:helper-added": "config:HelperAdded", "config:helper-updated": "config:HelperUpdated", "config:helper-removed": "config:HelperRemoved", "config:helper-renamed": "config:HelperRenamed", } # initialize variables used for connection self._init_vars() self.quiet = quiet if wait > 0: # connect in one second GLib.timeout_add_seconds(wait, self._connection_established) else: self._connection_established() @handle_exceptions def _init_vars(self): self.fw = None self.fw_ipset = None self.fw_zone = None self.fw_helper = None self.fw_direct = None self.fw_properties = None self._config = None self.connected = False @handle_exceptions def getExceptionHandler(self): return exception_handler @handle_exceptions def setExceptionHandler(self, handler): global exception_handler exception_handler = handler @handle_exceptions def getNotAuthorizedLoop(self): return not_authorized_loop @handle_exceptions def setNotAuthorizedLoop(self, enable): global not_authorized_loop not_authorized_loop = enable @handle_exceptions def connect(self, name, callback, *args): if name in self._callbacks: self._callback[self._callbacks[name]] = (callback, args) else: raise ValueError("Unknown callback name '%s'" % name) @handle_exceptions def _dbus_connection_changed(self, name, old_owner, new_owner): if name != config.dbus.DBUS_INTERFACE: return if new_owner: # connection established self._connection_established() else: # connection lost self._connection_lost() @handle_exceptions def _connection_established(self): try: self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH) self.fw = dbus.Interface(self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE) self.fw_ipset = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_IPSET) self.fw_zone = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_ZONE) self.fw_direct = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_DIRECT) self.fw_policies = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_POLICIES) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') except dbus.exceptions.DBusException as e: # ignore dbus errors if not self.quiet: print ("DBusException", e.get_dbus_message()) return except Exception as e: if not self.quiet: print ("Exception", e) return self._config = FirewallClientConfig(self.bus) self.connected = True self._signal_receiver(member="connection-established", interface=config.dbus.DBUS_INTERFACE) self._signal_receiver(member="connection-changed", interface=config.dbus.DBUS_INTERFACE) @handle_exceptions def _connection_lost(self): self._init_vars() self._signal_receiver(member="connection-lost", interface=config.dbus.DBUS_INTERFACE) self._signal_receiver(member="connection-changed", interface=config.dbus.DBUS_INTERFACE) @handle_exceptions def _signal_receiver(self, *args, **kwargs): if "member" not in kwargs or "interface" not in kwargs: return signal = kwargs["member"] interface = kwargs["interface"] # config signals need special treatment # pimp signal name if interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_ZONE): signal = "config:Zone" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_IPSET): signal = "config:IPSet" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE): signal = "config:Service" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE): signal = "config:IcmpType" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_HELPER): signal = "config:Helper" + signal elif interface == config.dbus.DBUS_INTERFACE_CONFIG: signal = "config:" + signal elif interface == config.dbus.DBUS_INTERFACE_CONFIG_POLICIES: signal = "config:policies:" + signal elif interface == config.dbus.DBUS_INTERFACE_CONFIG_DIRECT: signal = "config:direct:" + signal cb = None for callback in self._callbacks: if self._callbacks[callback] == signal and \ self._callbacks[callback] in self._callback: cb = self._callback[self._callbacks[callback]] if cb is None: return # call back with args converted to python types ... cb_args = [ dbus_to_python(arg) for arg in args ] try: if cb[1]: # add call data cb_args.extend(cb[1]) # call back cb[0](*cb_args) except Exception as msg: print(msg) @slip.dbus.polkit.enable_proxy @handle_exceptions def config(self): return self._config @slip.dbus.polkit.enable_proxy @handle_exceptions def reload(self): self.fw.reload() @slip.dbus.polkit.enable_proxy @handle_exceptions def complete_reload(self): self.fw.completeReload() @slip.dbus.polkit.enable_proxy @handle_exceptions def runtimeToPermanent(self): self.fw.runtimeToPermanent() @slip.dbus.polkit.enable_proxy @handle_exceptions def checkPermanentConfig(self): self.fw.checkPermanentConfig() @slip.dbus.polkit.enable_proxy @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE, prop)) @slip.dbus.polkit.enable_proxy @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE)) @slip.dbus.polkit.enable_proxy @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE, prop, value) # panic mode @slip.dbus.polkit.enable_proxy @handle_exceptions def enablePanicMode(self): self.fw.enablePanicMode() @slip.dbus.polkit.enable_proxy @handle_exceptions def disablePanicMode(self): self.fw.disablePanicMode() @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPanicMode(self): return dbus_to_python(self.fw.queryPanicMode()) # list functions @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneSettings(self, zone): return FirewallClientZoneSettings(list(dbus_to_python(\ self.fw.getZoneSettings(zone)))) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIPSets(self): return dbus_to_python(self.fw_ipset.getIPSets()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIPSetSettings(self, ipset): return FirewallClientIPSetSettings(list(dbus_to_python(\ self.fw_ipset.getIPSetSettings(ipset)))) @slip.dbus.polkit.enable_proxy @handle_exceptions def addEntry(self, ipset, entry): self.fw_ipset.addEntry(ipset, entry) @slip.dbus.polkit.enable_proxy @handle_exceptions def getEntries(self, ipset): return self.fw_ipset.getEntries(ipset) @slip.dbus.polkit.enable_proxy @handle_exceptions def setEntries(self, ipset, entries): return self.fw_ipset.setEntries(ipset, entries) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeEntry(self, ipset, entry): self.fw_ipset.removeEntry(ipset, entry) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryEntry(self, ipset, entry): return dbus_to_python(self.fw_ipset.queryEntry(ipset, entry)) @slip.dbus.polkit.enable_proxy @handle_exceptions def listServices(self): return dbus_to_python(self.fw.listServices()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getServiceSettings(self, service): return FirewallClientServiceSettings(dbus_to_python( self.fw.getServiceSettings2(service))) @slip.dbus.polkit.enable_proxy @handle_exceptions def listIcmpTypes(self): return dbus_to_python(self.fw.listIcmpTypes()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpTypeSettings(self, icmptype): return FirewallClientIcmpTypeSettings(list(dbus_to_python(\ self.fw.getIcmpTypeSettings(icmptype)))) @slip.dbus.polkit.enable_proxy @handle_exceptions def getHelpers(self): return dbus_to_python(self.fw.getHelpers()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getHelperSettings(self, helper): return FirewallClientHelperSettings(list(dbus_to_python(\ self.fw.getHelperSettings(helper)))) # automatic helper setting @slip.dbus.polkit.enable_proxy @handle_exceptions def getAutomaticHelpers(self): return dbus_to_python(self.fw.getAutomaticHelpers()) @slip.dbus.polkit.enable_proxy @handle_exceptions def setAutomaticHelpers(self, value): self.fw.setAutomaticHelpers(value) # log denied @slip.dbus.polkit.enable_proxy @handle_exceptions def getLogDenied(self): return dbus_to_python(self.fw.getLogDenied()) @slip.dbus.polkit.enable_proxy @handle_exceptions def setLogDenied(self, value): self.fw.setLogDenied(value) # default zone @slip.dbus.polkit.enable_proxy @handle_exceptions def getDefaultZone(self): return dbus_to_python(self.fw.getDefaultZone()) @slip.dbus.polkit.enable_proxy @handle_exceptions def setDefaultZone(self, zone): self.fw.setDefaultZone(zone) # zone @slip.dbus.polkit.enable_proxy @handle_exceptions def getZones(self): return dbus_to_python(self.fw_zone.getZones()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getActiveZones(self): return dbus_to_python(self.fw_zone.getActiveZones()) @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneOfInterface(self, interface): return dbus_to_python(self.fw_zone.getZoneOfInterface(interface)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getZoneOfSource(self, source): return dbus_to_python(self.fw_zone.getZoneOfSource(source)) @slip.dbus.polkit.enable_proxy @handle_exceptions def isImmutable(self, zone): return dbus_to_python(self.fw_zone.isImmutable(zone)) # interfaces @slip.dbus.polkit.enable_proxy @handle_exceptions def addInterface(self, zone, interface): return dbus_to_python(self.fw_zone.addInterface(zone, interface)) @slip.dbus.polkit.enable_proxy @handle_exceptions def changeZone(self, zone, interface): # DEPRECATED return dbus_to_python(self.fw_zone.changeZone(zone, interface)) @slip.dbus.polkit.enable_proxy @handle_exceptions def changeZoneOfInterface(self, zone, interface): return dbus_to_python(self.fw_zone.changeZoneOfInterface(zone, interface)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getInterfaces(self, zone): return dbus_to_python(self.fw_zone.getInterfaces(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryInterface(self, zone, interface): return dbus_to_python(self.fw_zone.queryInterface(zone, interface)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeInterface(self, zone, interface): return dbus_to_python(self.fw_zone.removeInterface(zone, interface)) # sources @slip.dbus.polkit.enable_proxy @handle_exceptions def addSource(self, zone, source): return dbus_to_python(self.fw_zone.addSource(zone, source)) @slip.dbus.polkit.enable_proxy @handle_exceptions def changeZoneOfSource(self, zone, source): return dbus_to_python(self.fw_zone.changeZoneOfSource(zone, source)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSources(self, zone): return dbus_to_python(self.fw_zone.getSources(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def querySource(self, zone, source): return dbus_to_python(self.fw_zone.querySource(zone, source)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeSource(self, zone, source): return dbus_to_python(self.fw_zone.removeSource(zone, source)) # rich rules @slip.dbus.polkit.enable_proxy @handle_exceptions def addRichRule(self, zone, rule, timeout=0): return dbus_to_python(self.fw_zone.addRichRule(zone, rule, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getRichRules(self, zone): return dbus_to_python(self.fw_zone.getRichRules(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryRichRule(self, zone, rule): return dbus_to_python(self.fw_zone.queryRichRule(zone, rule)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeRichRule(self, zone, rule): return dbus_to_python(self.fw_zone.removeRichRule(zone, rule)) # services @slip.dbus.polkit.enable_proxy @handle_exceptions def addService(self, zone, service, timeout=0): return dbus_to_python(self.fw_zone.addService(zone, service, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getServices(self, zone): return dbus_to_python(self.fw_zone.getServices(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryService(self, zone, service): return dbus_to_python(self.fw_zone.queryService(zone, service)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeService(self, zone, service): return dbus_to_python(self.fw_zone.removeService(zone, service)) # ports @slip.dbus.polkit.enable_proxy @handle_exceptions def addPort(self, zone, port, protocol, timeout=0): return dbus_to_python(self.fw_zone.addPort(zone, port, protocol, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getPorts(self, zone): return dbus_to_python(self.fw_zone.getPorts(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.queryPort(zone, port, protocol)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removePort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.removePort(zone, port, protocol)) # protocols @slip.dbus.polkit.enable_proxy @handle_exceptions def addProtocol(self, zone, protocol, timeout=0): return dbus_to_python(self.fw_zone.addProtocol(zone, protocol, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getProtocols(self, zone): return dbus_to_python(self.fw_zone.getProtocols(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryProtocol(self, zone, protocol): return dbus_to_python(self.fw_zone.queryProtocol(zone, protocol)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeProtocol(self, zone, protocol): return dbus_to_python(self.fw_zone.removeProtocol(zone, protocol)) # masquerade @slip.dbus.polkit.enable_proxy @handle_exceptions def addMasquerade(self, zone, timeout=0): return dbus_to_python(self.fw_zone.addMasquerade(zone, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryMasquerade(self, zone): return dbus_to_python(self.fw_zone.queryMasquerade(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeMasquerade(self, zone): return dbus_to_python(self.fw_zone.removeMasquerade(zone)) # forward ports @slip.dbus.polkit.enable_proxy @handle_exceptions def addForwardPort(self, zone, port, protocol, toport, toaddr, timeout=0): if toport is None: toport = "" if toaddr is None: toaddr = "" return dbus_to_python(self.fw_zone.addForwardPort(zone, port, protocol, toport, toaddr, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getForwardPorts(self, zone): return dbus_to_python(self.fw_zone.getForwardPorts(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryForwardPort(self, zone, port, protocol, toport, toaddr): if toport is None: toport = "" if toaddr is None: toaddr = "" return dbus_to_python(self.fw_zone.queryForwardPort(zone, port, protocol, toport, toaddr)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeForwardPort(self, zone, port, protocol, toport, toaddr): if toport is None: toport = "" if toaddr is None: toaddr = "" return dbus_to_python(self.fw_zone.removeForwardPort(zone, port, protocol, toport, toaddr)) # source ports @slip.dbus.polkit.enable_proxy @handle_exceptions def addSourcePort(self, zone, port, protocol, timeout=0): return dbus_to_python(self.fw_zone.addSourcePort(zone, port, protocol, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getSourcePorts(self, zone): return dbus_to_python(self.fw_zone.getSourcePorts(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def querySourcePort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.querySourcePort(zone, port, protocol)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeSourcePort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.removeSourcePort(zone, port, protocol)) # icmpblock @slip.dbus.polkit.enable_proxy @handle_exceptions def addIcmpBlock(self, zone, icmp, timeout=0): return dbus_to_python(self.fw_zone.addIcmpBlock(zone, icmp, timeout)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getIcmpBlocks(self, zone): return dbus_to_python(self.fw_zone.getIcmpBlocks(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryIcmpBlock(self, zone, icmp): return dbus_to_python(self.fw_zone.queryIcmpBlock(zone, icmp)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeIcmpBlock(self, zone, icmp): return dbus_to_python(self.fw_zone.removeIcmpBlock(zone, icmp)) # icmp block inversion @slip.dbus.polkit.enable_proxy @handle_exceptions def addIcmpBlockInversion(self, zone): return dbus_to_python(self.fw_zone.addIcmpBlockInversion(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryIcmpBlockInversion(self, zone): return dbus_to_python(self.fw_zone.queryIcmpBlockInversion(zone)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeIcmpBlockInversion(self, zone): return dbus_to_python(self.fw_zone.removeIcmpBlockInversion(zone)) # direct chain @slip.dbus.polkit.enable_proxy @handle_exceptions def addChain(self, ipv, table, chain): self.fw_direct.addChain(ipv, table, chain) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeChain(self, ipv, table, chain): self.fw_direct.removeChain(ipv, table, chain) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryChain(self, ipv, table, chain): return dbus_to_python(self.fw_direct.queryChain(ipv, table, chain)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getChains(self, ipv, table): return dbus_to_python(self.fw_direct.getChains(ipv, table)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getAllChains(self): return dbus_to_python(self.fw_direct.getAllChains()) # direct rule @slip.dbus.polkit.enable_proxy @handle_exceptions def addRule(self, ipv, table, chain, priority, args): self.fw_direct.addRule(ipv, table, chain, priority, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeRule(self, ipv, table, chain, priority, args): self.fw_direct.removeRule(ipv, table, chain, priority, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeRules(self, ipv, table, chain): self.fw_direct.removeRules(ipv, table, chain) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryRule(self, ipv, table, chain, priority, args): return dbus_to_python(self.fw_direct.queryRule(ipv, table, chain, priority, args)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getRules(self, ipv, table, chain): return dbus_to_python(self.fw_direct.getRules(ipv, table, chain)) @slip.dbus.polkit.enable_proxy @handle_exceptions def getAllRules(self): return dbus_to_python(self.fw_direct.getAllRules()) # direct passthrough @slip.dbus.polkit.enable_proxy @handle_exceptions def passthrough(self, ipv, args): return dbus_to_python(self.fw_direct.passthrough(ipv, args)) # tracked passthrough @slip.dbus.polkit.enable_proxy @handle_exceptions def getAllPassthroughs(self): return dbus_to_python(self.fw_direct.getAllPassthroughs()) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeAllPassthroughs(self): self.fw_direct.removeAllPassthroughs() @slip.dbus.polkit.enable_proxy @handle_exceptions def getPassthroughs(self, ipv): return dbus_to_python(self.fw_direct.getPassthroughs(ipv)) @slip.dbus.polkit.enable_proxy @handle_exceptions def addPassthrough(self, ipv, args): self.fw_direct.addPassthrough(ipv, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def removePassthrough(self, ipv, args): self.fw_direct.removePassthrough(ipv, args) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryPassthrough(self, ipv, args): return dbus_to_python(self.fw_direct.queryPassthrough(ipv, args)) # lockdown @slip.dbus.polkit.enable_proxy @handle_exceptions def enableLockdown(self): self.fw_policies.enableLockdown() @slip.dbus.polkit.enable_proxy @handle_exceptions def disableLockdown(self): self.fw_policies.disableLockdown() @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdown(self): return dbus_to_python(self.fw_policies.queryLockdown()) # policies # lockdown white list commands @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistCommand(self, command): self.fw_policies.addLockdownWhitelistCommand(command) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistCommands(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistCommands()) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistCommand(self, command): return dbus_to_python(self.fw_policies.queryLockdownWhitelistCommand(command)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistCommand(self, command): self.fw_policies.removeLockdownWhitelistCommand(command) # lockdown white list contexts @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistContext(self, context): self.fw_policies.addLockdownWhitelistContext(context) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistContexts(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistContexts()) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistContext(self, context): return dbus_to_python(self.fw_policies.queryLockdownWhitelistContext(context)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistContext(self, context): self.fw_policies.removeLockdownWhitelistContext(context) # lockdown white list uids @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistUid(self, uid): self.fw_policies.addLockdownWhitelistUid(uid) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistUids(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUids()) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistUid(self, uid): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUid(uid)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistUid(self, uid): self.fw_policies.removeLockdownWhitelistUid(uid) # lockdown white list users @slip.dbus.polkit.enable_proxy @handle_exceptions def addLockdownWhitelistUser(self, user): self.fw_policies.addLockdownWhitelistUser(user) @slip.dbus.polkit.enable_proxy @handle_exceptions def getLockdownWhitelistUsers(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUsers()) @slip.dbus.polkit.enable_proxy @handle_exceptions def queryLockdownWhitelistUser(self, user): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUser(user)) @slip.dbus.polkit.enable_proxy @handle_exceptions def removeLockdownWhitelistUser(self, user): self.fw_policies.removeLockdownWhitelistUser(user) @slip.dbus.polkit.enable_proxy @handle_exceptions def authorizeAll(self): """ Authorize once for all polkit actions. """ self.fw.authorizeAll() firewalld-0.8.2/src/firewall/fw_types.py0000664007115300711530000000422113341016621021456 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2013-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "LastUpdatedOrderedDict" ] class LastUpdatedOrderedDict(object): def __init__(self, x=None): self._dict = { } self._list = [ ] if x: self.update(x) def clear(self): del self._list[:] self._dict.clear() def update(self, x): for key,value in x.items(): self[key] = value def items(self): return [(key, self[key]) for key in self._list] def __delitem__(self, key): if key in self._dict: self._list.remove(key) del self._dict[key] def __repr__(self): return '%s([%s])' % (self.__class__.__name__, ', '.join( ['(%r, %r)' % (key, self[key]) for key in self._list])) def __setitem__(self, key, value): if key not in self._dict: self._list.append(key) self._dict[key] = value def __getitem__(self, key): if key in self._dict: return self._dict[key] else: return self._list[key] def __len__(self): return len(self._list) def copy(self): return LastUpdatedOrderedDict(self) def keys(self): return self._list[:] def values(self): return [ self[key] for key in self._list ] def setdefault(self, key, value=None): if key in self: return self[key] else: self[key] = value return value firewalld-0.8.2/src/firewall/core/0000775007115300711530000000000013641123257020204 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/core/ipXtables.py0000664007115300711530000015640313641105304022513 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os.path import copy from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET from firewall.core.prog import runProg from firewall.core.logger import log from firewall.functions import tempFile, readfile, splitArgs, check_mac, portStr, \ check_single_address, check_address, normalizeIP6 from firewall import config from firewall.errors import FirewallError, INVALID_PASSTHROUGH, INVALID_RULE, UNKNOWN_ERROR from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, \ Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock import string BUILT_IN_CHAINS = { "security": [ "INPUT", "OUTPUT", "FORWARD" ], "raw": [ "PREROUTING", "OUTPUT" ], "mangle": [ "PREROUTING", "POSTROUTING", "INPUT", "OUTPUT", "FORWARD" ], "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ], "filter": [ "INPUT", "OUTPUT", "FORWARD" ], } DEFAULT_REJECT_TYPE = { "ipv4": "icmp-host-prohibited", "ipv6": "icmp6-adm-prohibited", } ICMP = { "ipv4": "icmp", "ipv6": "ipv6-icmp", } # ipv ebtables also uses this # def common_reverse_rule(args): """ Inverse valid rule """ replace_args = { # Append "-A": "-D", "--append": "--delete", # Insert "-I": "-D", "--insert": "--delete", # New chain "-N": "-X", "--new-chain": "--delete-chain", } ret_args = args[:] for arg in replace_args: try: idx = ret_args.index(arg) except Exception: continue if arg in [ "-I", "--insert" ]: # With insert rulenum, then remove it if it is a number # Opt at position idx, chain at position idx+1, [rulenum] at # position idx+2 try: int(ret_args[idx+2]) except Exception: pass else: ret_args.pop(idx+2) ret_args[idx] = replace_args[arg] return ret_args def common_reverse_passthrough(args): """ Reverse valid passthough rule """ replace_args = { # Append "-A": "-D", "--append": "--delete", # Insert "-I": "-D", "--insert": "--delete", # New chain "-N": "-X", "--new-chain": "--delete-chain", } ret_args = args[:] for x in replace_args: try: idx = ret_args.index(x) except ValueError: continue if x in [ "-I", "--insert" ]: # With insert rulenum, then remove it if it is a number # Opt at position idx, chain at position idx+1, [rulenum] at # position idx+2 try: int(ret_args[idx+2]) except ValueError: pass else: ret_args.pop(idx+2) ret_args[idx] = replace_args[x] return ret_args raise FirewallError(INVALID_PASSTHROUGH, "no '-A', '-I' or '-N' arg") # ipv ebtables also uses this # def common_check_passthrough(args): """ Check if passthough rule is valid (only add, insert and new chain rules are allowed) """ args = set(args) not_allowed = set(["-C", "--check", # check rule "-D", "--delete", # delete rule "-R", "--replace", # replace rule "-L", "--list", # list rule "-S", "--list-rules", # print rules "-F", "--flush", # flush rules "-Z", "--zero", # zero rules "-X", "--delete-chain", # delete chain "-P", "--policy", # policy "-E", "--rename-chain"]) # rename chain) # intersection of args and not_allowed is not empty, i.e. # something from args is not allowed if len(args & not_allowed) > 0: raise FirewallError(INVALID_PASSTHROUGH, "arg '%s' is not allowed" % list(args & not_allowed)[0]) # args need to contain one of -A, -I, -N needed = set(["-A", "--append", "-I", "--insert", "-N", "--new-chain"]) # empty intersection of args and needed, i.e. # none from args contains any needed command if len(args & needed) == 0: raise FirewallError(INVALID_PASSTHROUGH, "no '-A', '-I' or '-N' arg") class ip4tables(object): ipv = "ipv4" name = "ip4tables" zones_supported = True def __init__(self, fw): self._fw = fw self._command = config.COMMANDS[self.ipv] self._restore_command = config.COMMANDS["%s-restore" % self.ipv] self.wait_option = self._detect_wait_option() self.restore_wait_option = self._detect_restore_wait_option() self.fill_exists() self.available_tables = [] self.rich_rule_priority_counts = {} self.zone_source_index_cache = [] self.our_chains = {} # chains created by firewalld def fill_exists(self): self.command_exists = os.path.exists(self._command) self.restore_command_exists = os.path.exists(self._restore_command) def __run(self, args): # convert to string list if self.wait_option and self.wait_option not in args: _args = [self.wait_option] + ["%s" % item for item in args] else: _args = ["%s" % item for item in args] log.debug2("%s: %s %s", self.__class__, self._command, " ".join(_args)) (status, ret) = runProg(self._command, _args) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(_args), ret)) return ret def split_value(self, rules, opts=None): """Split values combined with commas for options in opts""" if opts is None: return rules out_rules = [ ] for rule in rules: processed = False for opt in opts: try: i = rule.index(opt) except ValueError: pass else: if len(rule) > i and "," in rule[i+1]: # For all items in the comma separated list in index # i of the rule, a new rule is created with a single # item from this list processed = True items = rule[i+1].split(",") for item in items: _rule = rule[:] _rule[i+1] = item out_rules.append(_rule) if not processed: out_rules.append(rule) return out_rules def _rule_replace(self, rule, pattern, replacement): try: i = rule.index(pattern) except ValueError: return False else: rule[i:i+1] = replacement return True def is_chain_builtin(self, ipv, table, chain): return table in BUILT_IN_CHAINS and \ chain in BUILT_IN_CHAINS[table] def build_chain_rules(self, add, table, chain): rule = [ "-t", table ] if add: rule.append("-N") else: rule.append("-X") rule.append(chain) return [rule] def build_rule(self, add, table, chain, index, args): rule = [ "-t", table ] if add: rule += [ "-I", chain, str(index) ] else: rule += [ "-D", chain ] rule += args return rule def reverse_rule(self, args): return common_reverse_rule(args) def check_passthrough(self, args): common_check_passthrough(args) def reverse_passthrough(self, args): return common_reverse_passthrough(args) def passthrough_parse_table_chain(self, args): table = "filter" try: i = args.index("-t") except ValueError: pass else: if len(args) >= i+1: table = args[i+1] chain = None for opt in [ "-A", "--append", "-I", "--insert", "-N", "--new-chain" ]: try: i = args.index(opt) except ValueError: pass else: if len(args) >= i+1: chain = args[i+1] return (table, chain) def _run_replace_zone_source(self, rule, zone_source_index_cache): try: i = rule.index("%%ZONE_SOURCE%%") rule.pop(i) zone = rule.pop(i) if "-m" == rule[4]: # ipset/mac zone_source = (zone, rule[7]) # (zone, address) else: zone_source = (zone, rule[5]) # (zone, address) except ValueError: try: i = rule.index("%%ZONE_INTERFACE%%") rule.pop(i) zone_source = None except ValueError: return rule_add = True if rule[0] in ["-D", "--delete"]: rule_add = False if zone_source and not rule_add: if zone_source in zone_source_index_cache: zone_source_index_cache.remove(zone_source) elif rule_add: if zone_source: # order source based dispatch by zone name if zone_source not in zone_source_index_cache: zone_source_index_cache.append(zone_source) zone_source_index_cache.sort(key=lambda x: x[0]) index = zone_source_index_cache.index(zone_source) else: if self._fw._allow_zone_drifting: index = 0 else: index = len(zone_source_index_cache) rule[0] = "-I" rule.insert(2, "%d" % (index + 1)) def _set_rule_replace_rich_rule_priority(self, rule, rich_rule_priority_counts): """ Change something like -t filter -I public_IN %%RICH_RULE_PRIORITY%% 123 or -t filter -A public_IN %%RICH_RULE_PRIORITY%% 321 into -t filter -I public_IN 4 or -t filter -I public_IN """ try: i = rule.index("%%RICH_RULE_PRIORITY%%") except ValueError: pass else: rule_add = True insert = False insert_add_index = -1 rule.pop(i) priority = rule.pop(i) if type(priority) != int: raise FirewallError(INVALID_RULE, "rich rule priority must be followed by a number") table = "filter" for opt in [ "-t", "--table" ]: try: j = rule.index(opt) except ValueError: pass else: if len(rule) >= j+1: table = rule[j+1] for opt in [ "-A", "--append", "-I", "--insert", "-D", "--delete" ]: try: insert_add_index = rule.index(opt) except ValueError: pass else: if len(rule) >= insert_add_index+1: chain = rule[insert_add_index+1] if opt in [ "-I", "--insert" ]: insert = True if opt in [ "-D", "--delete" ]: rule_add = False chain = (table, chain) # Add the rule to the priority counts. We don't need to store the # rule, just bump the ref count for the priority value. if not rule_add: if chain not in rich_rule_priority_counts or \ priority not in rich_rule_priority_counts[chain] or \ rich_rule_priority_counts[chain][priority] <= 0: raise FirewallError(UNKNOWN_ERROR, "nonexistent or underflow of rich rule priority count") rich_rule_priority_counts[chain][priority] -= 1 else: if chain not in rich_rule_priority_counts: rich_rule_priority_counts[chain] = {} if priority not in rich_rule_priority_counts[chain]: rich_rule_priority_counts[chain][priority] = 0 # calculate index of new rule index = 1 for p in sorted(rich_rule_priority_counts[chain].keys()): if p == priority and insert: break index += rich_rule_priority_counts[chain][p] if p == priority: break rich_rule_priority_counts[chain][priority] += 1 rule[insert_add_index] = "-I" rule.insert(insert_add_index+2, "%d" % index) def set_rules(self, rules, log_denied): temp_file = tempFile() table_rules = { } rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) for _rule in rules: rule = _rule[:] # replace %%REJECT%% self._rule_replace(rule, "%%REJECT%%", \ ["REJECT", "--reject-with", DEFAULT_REJECT_TYPE[self.ipv]]) # replace %%ICMP%% self._rule_replace(rule, "%%ICMP%%", [ICMP[self.ipv]]) # replace %%LOGTYPE%% try: i = rule.index("%%LOGTYPE%%") except ValueError: pass else: if log_denied == "off": continue if log_denied in [ "unicast", "broadcast", "multicast" ]: rule[i:i+1] = [ "-m", "pkttype", "--pkt-type", log_denied ] else: rule.pop(i) self._set_rule_replace_rich_rule_priority(rule, rich_rule_priority_counts) self._run_replace_zone_source(rule, zone_source_index_cache) table = "filter" # get table form rule for opt in [ "-t", "--table" ]: try: i = rule.index(opt) except ValueError: pass else: if len(rule) >= i+1: rule.pop(i) table = rule.pop(i) # we can not use joinArgs here, because it would use "'" instead # of '"' for the start and end of the string, this breaks # iptables-restore for i in range(len(rule)): for c in string.whitespace: if c in rule[i] and not (rule[i].startswith('"') and rule[i].endswith('"')): rule[i] = '"%s"' % rule[i] table_rules.setdefault(table, []).append(rule) for table in table_rules: rules = table_rules[table] rules = self.split_value(rules, [ "-s", "--source" ]) rules = self.split_value(rules, [ "-d", "--destination" ]) temp_file.write("*%s\n" % table) for rule in rules: temp_file.write(" ".join(rule) + "\n") temp_file.write("COMMIT\n") temp_file.close() stat = os.stat(temp_file.name) log.debug2("%s: %s %s", self.__class__, self._restore_command, "%s: %d" % (temp_file.name, stat.st_size)) args = [ ] if self.restore_wait_option: args.append(self.restore_wait_option) args.append("-n") (status, ret) = runProg(self._restore_command, args, stdin=temp_file.name) if log.getDebugLogLevel() > 2: lines = readfile(temp_file.name) if lines is not None: i = 1 for line in lines: log.debug3("%8d: %s" % (i, line), nofmt=1, nl=0) if not line.endswith("\n"): log.debug3("", nofmt=1) i += 1 os.unlink(temp_file.name) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._restore_command, " ".join(args), ret)) self.rich_rule_priority_counts = rich_rule_priority_counts self.zone_source_index_cache = zone_source_index_cache def set_rule(self, rule, log_denied): # replace %%REJECT%% self._rule_replace(rule, "%%REJECT%%", \ ["REJECT", "--reject-with", DEFAULT_REJECT_TYPE[self.ipv]]) # replace %%ICMP%% self._rule_replace(rule, "%%ICMP%%", [ICMP[self.ipv]]) # replace %%LOGTYPE%% try: i = rule.index("%%LOGTYPE%%") except ValueError: pass else: if log_denied == "off": return "" if log_denied in [ "unicast", "broadcast", "multicast" ]: rule[i:i+1] = [ "-m", "pkttype", "--pkt-type", log_denied ] else: rule.pop(i) rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) self._set_rule_replace_rich_rule_priority(rule, rich_rule_priority_counts) self._run_replace_zone_source(rule, zone_source_index_cache) output = self.__run(rule) self.rich_rule_priority_counts = rich_rule_priority_counts self.zone_source_index_cache = zone_source_index_cache return output def get_available_tables(self, table=None): ret = [] tables = [ table ] if table else BUILT_IN_CHAINS.keys() for table in tables: if table in self.available_tables: ret.append(table) else: try: self.__run(["-t", table, "-L", "-n"]) self.available_tables.append(table) ret.append(table) except ValueError: log.debug1("%s table '%s' does not exist (or not enough permission to check)." % (self.ipv, table)) return ret def _detect_wait_option(self): wait_option = "" ret = runProg(self._command, ["-w", "-L", "-n"]) # since iptables-1.4.20 if ret[0] == 0: wait_option = "-w" # wait for xtables lock ret = runProg(self._command, ["-w10", "-L", "-n"]) # since iptables > 1.4.21 if ret[0] == 0: wait_option = "-w10" # wait max 10 seconds log.debug2("%s: %s will be using %s option.", self.__class__, self._command, wait_option) return wait_option def _detect_restore_wait_option(self): temp_file = tempFile() temp_file.write("#foo") temp_file.close() wait_option = "" for test_option in ["-w", "--wait=2"]: ret = runProg(self._restore_command, [test_option], stdin=temp_file.name) if ret[0] == 0 and "invalid option" not in ret[1] \ and "unrecognized option" not in ret[1]: wait_option = test_option break log.debug2("%s: %s will be using %s option.", self.__class__, self._restore_command, wait_option) os.unlink(temp_file.name) return wait_option def build_flush_rules(self): self.rich_rule_priority_counts = {} self.zone_source_index_cache = [] rules = [] for table in BUILT_IN_CHAINS.keys(): if not self.get_available_tables(table): continue # Flush firewall rules: -F # Delete firewall chains: -X # Set counter to zero: -Z for flag in [ "-F", "-X", "-Z" ]: rules.append(["-t", table, flag]) return rules def build_set_policy_rules(self, policy): rules = [] _policy = "DROP" if policy == "PANIC" else policy for table in BUILT_IN_CHAINS.keys(): if not self.get_available_tables(table): continue if table == "nat": continue for chain in BUILT_IN_CHAINS[table]: rules.append(["-t", table, "-P", chain, _policy]) return rules def supported_icmp_types(self): """Return ICMP types that are supported by the iptables/ip6tables command and kernel""" ret = [ ] output = "" try: output = self.__run(["-p", "icmp" if self.ipv == "ipv4" else "ipv6-icmp", "--help"]) except ValueError as ex: if self.ipv == "ipv4": log.debug1("iptables error: %s" % ex) else: log.debug1("ip6tables error: %s" % ex) lines = output.splitlines() in_types = False for line in lines: #print(line) if in_types: line = line.strip().lower() splits = line.split() for split in splits: if split.startswith("(") and split.endswith(")"): x = split[1:-1] else: x = split if x not in ret: ret.append(x) if self.ipv == "ipv4" and line.startswith("Valid ICMP Types:") or \ self.ipv == "ipv6" and line.startswith("Valid ICMPv6 Types:"): in_types = True return ret def build_default_tables(self): # nothing to do, they always exist return [] def build_default_rules(self, log_denied="off"): default_rules = {} if self.get_available_tables("security"): default_rules["security"] = [ ] self.our_chains["security"] = set() for chain in BUILT_IN_CHAINS["security"]: default_rules["security"].append("-N %s_direct" % chain) default_rules["security"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["security"].add("%s_direct" % chain) if self.get_available_tables("raw"): default_rules["raw"] = [ ] self.our_chains["raw"] = set() for chain in BUILT_IN_CHAINS["raw"]: default_rules["raw"].append("-N %s_direct" % chain) default_rules["raw"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["raw"].add("%s_direct" % chain) if chain == "PREROUTING": for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules["raw"].append("-N %s_%s" % (chain, dispatch_suffix)) default_rules["raw"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) self.our_chains["raw"].update(set(["%s_%s" % (chain, dispatch_suffix)])) if self.get_available_tables("mangle"): default_rules["mangle"] = [ ] self.our_chains["mangle"] = set() for chain in BUILT_IN_CHAINS["mangle"]: default_rules["mangle"].append("-N %s_direct" % chain) default_rules["mangle"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["mangle"].add("%s_direct" % chain) if chain == "PREROUTING": for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules["mangle"].append("-N %s_%s" % (chain, dispatch_suffix)) default_rules["mangle"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) self.our_chains["mangle"].update(set(["%s_%s" % (chain, dispatch_suffix)])) if self.get_available_tables("nat"): default_rules["nat"] = [ ] self.our_chains["nat"] = set() for chain in BUILT_IN_CHAINS["nat"]: default_rules["nat"].append("-N %s_direct" % chain) default_rules["nat"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["nat"].add("%s_direct" % chain) if chain in [ "PREROUTING", "POSTROUTING" ]: for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules["nat"].append("-N %s_%s" % (chain, dispatch_suffix)) default_rules["nat"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) self.our_chains["nat"].update(set(["%s_%s" % (chain, dispatch_suffix)])) default_rules["filter"] = [] self.our_chains["filter"] = set() default_rules["filter"].append("-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT") default_rules["filter"].append("-A INPUT -i lo -j ACCEPT") default_rules["filter"].append("-N INPUT_direct") default_rules["filter"].append("-A INPUT -j INPUT_direct") self.our_chains["filter"].update(set("INPUT_direct")) for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules["filter"].append("-N INPUT_%s" % (dispatch_suffix)) default_rules["filter"].append("-A INPUT -j INPUT_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("INPUT_%s" % (dispatch_suffix))) if log_denied != "off": default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID -j DROP") if log_denied != "off": default_rules["filter"].append("-A INPUT %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '") default_rules["filter"].append("-A INPUT -j %%REJECT%%") default_rules["filter"].append("-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT") default_rules["filter"].append("-A FORWARD -i lo -j ACCEPT") default_rules["filter"].append("-N FORWARD_direct") default_rules["filter"].append("-A FORWARD -j FORWARD_direct") self.our_chains["filter"].update(set("FORWARD_direct")) for direction in ["IN", "OUT"]: for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules["filter"].append("-N FORWARD_%s_%s" % (direction, dispatch_suffix)) default_rules["filter"].append("-A FORWARD -j FORWARD_%s_%s" % (direction, dispatch_suffix)) self.our_chains["filter"].update(set("FORWARD_%s_%s" % (direction, dispatch_suffix))) if log_denied != "off": default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID -j DROP") if log_denied != "off": default_rules["filter"].append("-A FORWARD %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '") default_rules["filter"].append("-A FORWARD -j %%REJECT%%") default_rules["filter"] += [ "-N OUTPUT_direct", "-A OUTPUT -o lo -j ACCEPT", "-A OUTPUT -j OUTPUT_direct", ] self.our_chains["filter"].update(set("OUTPUT_direct")) final_default_rules = [] for table in default_rules: if table not in self.get_available_tables(): continue for rule in default_rules[table]: final_default_rules.append(["-t", table] + splitArgs(rule)) return final_default_rules def get_zone_table_chains(self, table): if table == "filter": return { "INPUT", "FORWARD_IN", "FORWARD_OUT" } if table == "mangle": if "mangle" in self.get_available_tables(): return { "PREROUTING" } if table == "nat": if "nat" in self.get_available_tables(): return { "PREROUTING", "POSTROUTING" } if table == "raw": if "raw" in self.get_available_tables(): return { "PREROUTING" } return {} def build_zone_source_interface_rules(self, enable, zone, interface, table, chain, append=False): # handle all zones in the same way here, now # trust and block zone targets are handled now in __chain opt = { "PREROUTING": "-i", "POSTROUTING": "-o", "INPUT": "-i", "FORWARD_IN": "-i", "FORWARD_OUT": "-o", "OUTPUT": "-o", }[chain] target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) action = "-g" if enable and not append: rule = [ "-I", "%s_ZONES" % chain, "%%ZONE_INTERFACE%%" ] elif enable: rule = [ "-A", "%s_ZONES" % chain ] else: rule = [ "-D", "%s_ZONES" % chain ] if not append: rule += ["%%ZONE_INTERFACE%%"] rule += [ "-t", table, opt, interface, action, target ] return [rule] def build_zone_source_address_rules(self, enable, zone, address, table, chain): add_del = { True: "-I", False: "-D" }[enable] opt = { "PREROUTING": "-s", "POSTROUTING": "-d", "INPUT": "-s", "FORWARD_IN": "-s", "FORWARD_OUT": "-d", "OUTPUT": "-d", }[chain] if self._fw._allow_zone_drifting: zone_dispatch_chain = "%s_ZONES_SOURCE" % (chain) else: zone_dispatch_chain = "%s_ZONES" % (chain) target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) action = "-g" if address.startswith("ipset:"): name = address[6:] if opt == "-d": opt = "dst" else: opt = "src" flags = ",".join([opt] * self._fw.ipset.get_dimension(name)) rule = [ add_del, zone_dispatch_chain, "%%ZONE_SOURCE%%", zone, "-t", table, "-m", "set", "--match-set", name, flags, action, target ] else: if check_mac(address): # outgoing can not be set if opt == "-d": return "" rule = [ add_del, zone_dispatch_chain, "%%ZONE_SOURCE%%", zone, "-t", table, "-m", "mac", "--mac-source", address.upper(), action, target ] else: if check_single_address("ipv6", address): address = normalizeIP6(address) elif check_address("ipv6", address): addr_split = address.split("/") address = normalizeIP6(addr_split[0]) + "/" + addr_split[1] rule = [ add_del, zone_dispatch_chain, "%%ZONE_SOURCE%%", zone, "-t", table, opt, address, action, target ] return [rule] def build_zone_chain_rules(self, zone, table, chain): _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) self.our_chains[table].update(set([_zone, "%s_log" % _zone, "%s_deny" % _zone, "%s_pre" % _zone, "%s_post" % _zone, "%s_allow" % _zone])) rules = [] rules.append([ "-N", _zone, "-t", table ]) rules.append([ "-N", "%s_pre" % _zone, "-t", table ]) rules.append([ "-N", "%s_log" % _zone, "-t", table ]) rules.append([ "-N", "%s_deny" % _zone, "-t", table ]) rules.append([ "-N", "%s_allow" % _zone, "-t", table ]) rules.append([ "-N", "%s_post" % _zone, "-t", table ]) rules.append([ "-A", _zone, "-t", table, "-j", "%s_pre" % _zone ]) rules.append([ "-A", _zone, "-t", table, "-j", "%s_log" % _zone ]) rules.append([ "-A", _zone, "-t", table, "-j", "%s_deny" % _zone ]) rules.append([ "-A", _zone, "-t", table, "-j", "%s_allow" % _zone ]) rules.append([ "-A", _zone, "-t", table, "-j", "%s_post" % _zone ]) target = self._fw.zone._zones[zone].target if self._fw.get_log_denied() != "off": if table == "filter" and \ chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: if target in [ "REJECT", "%%REJECT%%" ]: rules.append([ "-A", _zone, "-t", table, "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_REJECT: \"" % _zone ]) if target == "DROP": rules.append([ "-A", _zone, "-t", table, "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_DROP: \"" % _zone ]) # Handle trust, block and drop zones: # Add an additional rule with the zone target (accept, reject # or drop) to the base zone only in the filter table. # Otherwise it is not be possible to have a zone with drop # target, that is allowing traffic that is locally initiated # or that adds additional rules. (RHBZ#1055190) if table == "filter" and \ target in [ "ACCEPT", "REJECT", "%%REJECT%%", "DROP" ] and \ chain in [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]: rules.append([ "-A", _zone, "-t", table, "-j", target ]) return rules def _rule_limit(self, limit): if limit: return [ "-m", "limit", "--limit", limit.value ] return [] def _rich_rule_chain_suffix(self, rich_rule): if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock]: # These are special and don't have an explicit action pass elif rich_rule.action: if type(rich_rule.action) not in [Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark]: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) else: raise FirewallError(INVALID_RULE, "No rule action specified.") if rich_rule.priority == 0: if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort] or \ type(rich_rule.action) in [Rich_Accept, Rich_Mark]: return "allow" elif type(rich_rule.element) in [Rich_IcmpBlock] or \ type(rich_rule.action) in [Rich_Reject, Rich_Drop]: return "deny" elif rich_rule.priority < 0: return "pre" else: return "post" def _rich_rule_chain_suffix_from_log(self, rich_rule): if not rich_rule.log and not rich_rule.audit: raise FirewallError(INVALID_RULE, "Not log or audit") if rich_rule.priority == 0: return "log" elif rich_rule.priority < 0: return "pre" else: return "post" def _rich_rule_priority_fragment(self, rich_rule): if rich_rule.priority == 0: return [] return ["%%RICH_RULE_PRIORITY%%", rich_rule.priority] def _rich_rule_log(self, rich_rule, enable, table, target, rule_fragment): if not rich_rule.log: return [] add_del = { True: "-A", False: "-D" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) rule = ["-t", table, add_del, "%s_%s" % (target, chain_suffix)] rule += self._rich_rule_priority_fragment(rich_rule) rule += rule_fragment + [ "-j", "LOG" ] if rich_rule.log.prefix: rule += [ "--log-prefix", "'%s'" % rich_rule.log.prefix ] if rich_rule.log.level: rule += [ "--log-level", "%s" % rich_rule.log.level ] rule += self._rule_limit(rich_rule.log.limit) return rule def _rich_rule_audit(self, rich_rule, enable, table, target, rule_fragment): if not rich_rule.audit: return [] add_del = { True: "-A", False: "-D" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) rule = ["-t", table, add_del, "%s_%s" % (target, chain_suffix)] rule += self._rich_rule_priority_fragment(rich_rule) rule += rule_fragment if type(rich_rule.action) == Rich_Accept: _type = "accept" elif type(rich_rule.action) == Rich_Reject: _type = "reject" elif type(rich_rule.action) == Rich_Drop: _type = "drop" else: _type = "unknown" rule += [ "-j", "AUDIT", "--type", _type ] rule += self._rule_limit(rich_rule.audit.limit) return rule def _rich_rule_action(self, zone, rich_rule, enable, table, target, rule_fragment): if not rich_rule.action: return [] add_del = { True: "-A", False: "-D" }[enable] chain_suffix = self._rich_rule_chain_suffix(rich_rule) chain = "%s_%s" % (target, chain_suffix) if type(rich_rule.action) == Rich_Accept: rule_action = [ "-j", "ACCEPT" ] elif type(rich_rule.action) == Rich_Reject: rule_action = [ "-j", "REJECT" ] if rich_rule.action.type: rule_action += [ "--reject-with", rich_rule.action.type ] elif type(rich_rule.action) == Rich_Drop: rule_action = [ "-j", "DROP" ] elif type(rich_rule.action) == Rich_Mark: target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], zone=zone) table = "mangle" chain = "%s_%s" % (target, chain_suffix) rule_action = [ "-j", "MARK", "--set-xmark", rich_rule.action.set ] else: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) rule = ["-t", table, add_del, chain] rule += self._rich_rule_priority_fragment(rich_rule) rule += rule_fragment + rule_action rule += self._rule_limit(rich_rule.action.limit) return rule def _rich_rule_destination_fragment(self, rich_dest): if not rich_dest: return [] rule_fragment = [] if rich_dest.invert: rule_fragment.append("!") if check_single_address("ipv6", rich_dest.addr): rule_fragment += [ "-d", normalizeIP6(rich_dest.addr) ] elif check_address("ipv6", rich_dest.addr): addr_split = rich_dest.addr.split("/") rule_fragment += [ "-d", normalizeIP6(addr_split[0]) + "/" + addr_split[1] ] else: rule_fragment += [ "-d", rich_dest.addr ] return rule_fragment def _rich_rule_source_fragment(self, rich_source): if not rich_source: return [] rule_fragment = [] if rich_source.addr: if rich_source.invert: rule_fragment.append("!") if check_single_address("ipv6", rich_source.addr): rule_fragment += [ "-s", normalizeIP6(rich_source.addr) ] elif check_address("ipv6", rich_source.addr): addr_split = rich_source.addr.split("/") rule_fragment += [ "-s", normalizeIP6(addr_split[0]) + "/" + addr_split[1] ] else: rule_fragment += [ "-s", rich_source.addr ] elif hasattr(rich_source, "mac") and rich_source.mac: rule_fragment += [ "-m", "mac" ] if rich_source.invert: rule_fragment.append("!") rule_fragment += [ "--mac-source", rich_source.mac ] elif hasattr(rich_source, "ipset") and rich_source.ipset: rule_fragment += [ "-m", "set" ] if rich_source.invert: rule_fragment.append("!") flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src") rule_fragment += [ "--match-set", rich_source.ipset, flags ] return rule_fragment def build_zone_ports_rules(self, enable, zone, proto, port, destination=None, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) rule_fragment = [ "-p", proto ] if port: rule_fragment += [ "--dport", "%s" % portStr(port) ] if destination: rule_fragment += [ "-d", destination ] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) if not rich_rule or type(rich_rule.action) != Rich_Mark: rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) else: rules.append([add_del, "%s_allow" % (target), "-t", table] + rule_fragment + [ "-j", "ACCEPT" ]) return rules def build_zone_protocol_rules(self, enable, zone, protocol, destination=None, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) rule_fragment = [ "-p", protocol ] if destination: rule_fragment += [ "-d", destination ] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) if not rich_rule or type(rich_rule.action) != Rich_Mark: rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) else: rules.append([add_del, "%s_allow" % (target), "-t", table] + rule_fragment + [ "-j", "ACCEPT" ]) return rules def build_zone_source_ports_rules(self, enable, zone, proto, port, destination=None, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) rule_fragment = [ "-p", proto ] if port: rule_fragment += [ "--sport", "%s" % portStr(port) ] if destination: rule_fragment += [ "-d", destination ] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) if not rich_rule or type(rich_rule.action) != Rich_Mark: rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) else: rules.append([add_del, "%s_allow" % (target), "-t", table] + rule_fragment + [ "-j", "ACCEPT" ]) return rules def build_zone_helper_ports_rules(self, enable, zone, proto, port, destination, helper_name, module_short_name): add_del = { True: "-A", False: "-D" }[enable] target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], zone=zone) rule = [ add_del, "%s_allow" % (target), "-t", "raw", "-p", proto ] if port: rule += [ "--dport", "%s" % portStr(port) ] if destination: rule += [ "-d", destination ] rule += [ "-j", "CT", "--helper", module_short_name ] return [rule] def build_zone_masquerade_rules(self, enable, zone, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["POSTROUTING"], zone=zone) rule_fragment = [] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment += self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) else: chain_suffix = "allow" rules = [] rules.append(["-t", "nat", add_del, "%s_%s" % (target, chain_suffix)] + rule_fragment + [ "!", "-o", "lo", "-j", "MASQUERADE" ]) # FORWARD_OUT target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["FORWARD_OUT"], zone=zone) rule_fragment = [] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment += self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) else: chain_suffix = "allow" rules.append(["-t", "filter", add_del, "%s_%s" % (target, chain_suffix)] + rule_fragment + ["-m", "conntrack", "--ctstate", "NEW,UNTRACKED", "-j", "ACCEPT" ]) return rules def build_zone_forward_port_rules(self, enable, zone, port, protocol, toport, toaddr, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] to = "" if toaddr: if check_single_address("ipv6", toaddr): to += "[%s]" % normalizeIP6(toaddr) else: to += toaddr if toport and toport != "": to += ":%s" % portStr(toport, "-") target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], zone=zone) rule_fragment = [] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment = self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) else: chain_suffix = "allow" rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, "nat", target, rule_fragment)) rules.append(["-t", "nat", add_del, "%s_%s" % (target, chain_suffix)] + rule_fragment + ["-p", protocol, "--dport", portStr(port), "-j", "DNAT", "--to-destination", to]) return rules def build_zone_icmp_block_rules(self, enable, zone, ict, rich_rule=None): table = "filter" add_del = { True: "-A", False: "-D" }[enable] if self.ipv == "ipv4": proto = [ "-p", "icmp" ] match = [ "-m", "icmp", "--icmp-type", ict.name ] else: proto = [ "-p", "ipv6-icmp" ] match = [ "-m", "icmp6", "--icmpv6-type", ict.name ] rules = [] for chain in ["INPUT", "FORWARD_IN"]: target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) if self._fw.zone.query_icmp_block_inversion(zone): final_chain = "%s_allow" % target final_target = "ACCEPT" else: final_chain = "%s_deny" % target final_target = "%%REJECT%%" rule_fragment = [] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) rule_fragment += proto + match if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, rule_fragment)) if rich_rule.action: rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) else: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rules.append(["-t", table, add_del, "%s_%s" % (target, chain_suffix)] + self._rich_rule_priority_fragment(rich_rule) + rule_fragment + [ "-j", "%%REJECT%%" ]) else: if self._fw.get_log_denied() != "off" and final_target != "ACCEPT": rules.append([ add_del, final_chain, "-t", table ] + rule_fragment + [ "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_ICMP_BLOCK: \"" % zone ]) rules.append([ add_del, final_chain, "-t", table ] + rule_fragment + [ "-j", final_target ]) return rules def build_zone_icmp_block_inversion_rules(self, enable, zone): table = "filter" rules = [] for chain in [ "INPUT", "FORWARD_IN" ]: rule_idx = 6 _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) if self._fw.zone.query_icmp_block_inversion(zone): ibi_target = "%%REJECT%%" if self._fw.get_log_denied() != "off": if enable: rule = [ "-I", _zone, str(rule_idx) ] else: rule = [ "-D", _zone ] rule = rule + [ "-t", table, "-p", "%%ICMP%%", "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_ICMP_BLOCK: \"" % _zone ] rules.append(rule) rule_idx += 1 else: ibi_target = "ACCEPT" if enable: rule = [ "-I", _zone, str(rule_idx) ] else: rule = [ "-D", _zone ] rule = rule + [ "-t", table, "-p", "%%ICMP%%", "-j", ibi_target ] rules.append(rule) return rules def build_zone_rich_source_destination_rules(self, enable, zone, rich_rule): table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) rule_fragment = [] rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) rules = [] rules.append(self._rich_rule_log(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, rule_fragment)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, rule_fragment)) return rules def is_ipv_supported(self, ipv): return ipv == self.ipv class ip6tables(ip4tables): ipv = "ipv6" name = "ip6tables" def build_rpfilter_rules(self, log_denied=False): rules = [] rules.append([ "-I", "PREROUTING", "-t", "raw", "-m", "rpfilter", "--invert", "-j", "DROP" ]) if log_denied != "off": rules.append([ "-I", "PREROUTING", "-t", "raw", "-m", "rpfilter", "--invert", "-j", "LOG", "--log-prefix", "rpfilter_DROP: " ]) rules.append([ "-I", "PREROUTING", "-t", "raw", "-p", "ipv6-icmp", "--icmpv6-type=neighbour-solicitation", "-j", "ACCEPT" ]) # RHBZ#1575431, kernel bug in 4.16-4.17 rules.append([ "-I", "PREROUTING", "-t", "raw", "-p", "ipv6-icmp", "--icmpv6-type=router-advertisement", "-j", "ACCEPT" ]) # RHBZ#1058505 return rules def build_rfc3964_ipv4_rules(self): daddr_list = [ "::0.0.0.0/96", # IPv4 compatible "::ffff:0.0.0.0/96", # IPv4 mapped "2002:0000::/24", # 0.0.0.0/8 (the system has no address assigned yet) "2002:0a00::/24", # 10.0.0.0/8 (private) "2002:7f00::/24", # 127.0.0.0/8 (loopback) "2002:ac10::/28", # 172.16.0.0/12 (private) "2002:c0a8::/32", # 192.168.0.0/16 (private) "2002:a9fe::/32", # 169.254.0.0/16 (IANA Assigned DHCP link-local) "2002:e000::/19", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) ] chain_name = "RFC3964_IPv4" self.our_chains["filter"].add(chain_name) rules = [] rules.append(["-t", "filter", "-N", chain_name]) for daddr in daddr_list: rules.append(["-t", "filter", "-I", chain_name, "-d", daddr, "-j", "REJECT", "--reject-with", "addr-unreach"]) if self._fw._log_denied in ["unicast", "all"]: rules.append(["-t", "filter", "-I", chain_name, "-d", daddr, "-j", "LOG", "--log-prefix", "\"RFC3964_IPv4_REJECT: \""]) # Inject into FORWARD and OUTPUT chains rules.append(["-t", "filter", "-I", "OUTPUT", "3", "-j", chain_name]) rules.append(["-t", "filter", "-I", "FORWARD", "4", "-j", chain_name]) return rules firewalld-0.8.2/src/firewall/core/fw.py0000664007115300711530000013064113641105406021173 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Firewall" ] import os.path import sys import copy import time import traceback from firewall import config from firewall import functions from firewall.core import ipXtables from firewall.core import ebtables from firewall.core import nftables from firewall.core import ipset from firewall.core import modules from firewall.core.fw_icmptype import FirewallIcmpType from firewall.core.fw_service import FirewallService from firewall.core.fw_zone import FirewallZone from firewall.core.fw_direct import FirewallDirect from firewall.core.fw_config import FirewallConfig from firewall.core.fw_policies import FirewallPolicies from firewall.core.fw_ipset import FirewallIPSet from firewall.core.fw_transaction import FirewallTransaction from firewall.core.fw_helper import FirewallHelper from firewall.core.fw_nm import nm_get_bus_name, nm_get_interfaces_in_zone from firewall.core.logger import log from firewall.core.io.firewalld_conf import firewalld_conf from firewall.core.io.direct import Direct from firewall.core.io.service import service_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.zone import zone_reader, Zone from firewall.core.io.ipset import ipset_reader from firewall.core.ipset import IPSET_TYPES from firewall.core.io.helper import helper_reader from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class Firewall # ############################################################################ class Firewall(object): def __init__(self, offline=False): self._firewalld_conf = firewalld_conf(config.FIREWALLD_CONF) self._offline = offline if self._offline: self.ip4tables_enabled = False self.ip6tables_enabled = False self.ebtables_enabled = False self.ipset_enabled = False self.ipset_supported_types = IPSET_TYPES self.nftables_enabled = False else: self.ip4tables_backend = ipXtables.ip4tables(self) self.ip4tables_enabled = True self.ip4tables_supported_icmp_types = [ ] self.ip6tables_backend = ipXtables.ip6tables(self) self.ip6tables_enabled = True self.ip6tables_supported_icmp_types = [ ] self.ebtables_backend = ebtables.ebtables() self.ebtables_enabled = True self.ipset_backend = ipset.ipset() self.ipset_enabled = True self.ipset_supported_types = [ ] self.nftables_backend = nftables.nftables(self) self.nftables_enabled = True self.modules_backend = modules.modules() self.icmptype = FirewallIcmpType(self) self.service = FirewallService(self) self.zone = FirewallZone(self) self.direct = FirewallDirect(self) self.config = FirewallConfig(self) self.policies = FirewallPolicies() self.ipset = FirewallIPSet(self) self.helper = FirewallHelper(self) self.__init_vars() def __repr__(self): return '%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)' % \ (self.__class__, self.ip4tables_enabled, self.ip6tables_enabled, self.ebtables_enabled, self._state, self._panic, self._default_zone, self._module_refcount, self._marks, self.cleanup_on_exit, self.ipv6_rpfilter_enabled, self.ipset_enabled, self._individual_calls, self._log_denied) def __init_vars(self): self._state = "INIT" self._panic = False self._default_zone = "" self._module_refcount = { } self._marks = [ ] # fallback settings will be overloaded by firewalld.conf self.cleanup_on_exit = config.FALLBACK_CLEANUP_ON_EXIT self.ipv6_rpfilter_enabled = config.FALLBACK_IPV6_RPFILTER self._individual_calls = config.FALLBACK_INDIVIDUAL_CALLS self._log_denied = config.FALLBACK_LOG_DENIED self._firewall_backend = config.FALLBACK_FIREWALL_BACKEND self._flush_all_on_reload = config.FALLBACK_FLUSH_ALL_ON_RELOAD self._rfc3964_ipv4 = config.FALLBACK_RFC3964_IPV4 self._allow_zone_drifting = config.FALLBACK_ALLOW_ZONE_DRIFTING def individual_calls(self): return self._individual_calls def _check_tables(self): # check if iptables, ip6tables and ebtables are usable, else disable if self.ip4tables_enabled and \ "filter" not in self.get_backend_by_ipv("ipv4").get_available_tables(): log.warning("iptables not usable, disabling IPv4 firewall.") self.ip4tables_enabled = False if self.ip6tables_enabled and \ "filter" not in self.get_backend_by_ipv("ipv6").get_available_tables(): log.warning("ip6tables not usable, disabling IPv6 firewall.") self.ip6tables_enabled = False if self.ebtables_enabled and \ "filter" not in self.get_backend_by_ipv("eb").get_available_tables(): log.warning("ebtables not usable, disabling ethernet bridge firewall.") self.ebtables_enabled = False # is there at least support for ipv4 or ipv6 if not self.ip4tables_enabled and not self.ip6tables_enabled \ and not self.nftables_enabled: log.fatal("No IPv4 and IPv6 firewall.") sys.exit(1) def _start_check(self): try: self.ipset_backend.set_list() except ValueError: log.warning("ipset not usable, disabling ipset usage in firewall.") # ipset is not usable, no supported types self.ipset_enabled = False self.ipset_supported_types = [ ] else: # ipset is usable, get all supported types self.ipset_supported_types = self.ipset_backend.set_supported_types() self.ip4tables_backend.fill_exists() if not self.ip4tables_backend.restore_command_exists: if self.ip4tables_backend.command_exists: log.warning("iptables-restore is missing, using " "individual calls for IPv4 firewall.") else: log.warning("iptables-restore and iptables are missing, " "disabling IPv4 firewall.") self.ip4tables_enabled = False if self.ip4tables_enabled: self.ip4tables_supported_icmp_types = \ self.ip4tables_backend.supported_icmp_types() else: self.ip4tables_supported_icmp_types = [ ] self.ip6tables_backend.fill_exists() if not self.ip6tables_backend.restore_command_exists: if self.ip6tables_backend.command_exists: log.warning("ip6tables-restore is missing, using " "individual calls for IPv6 firewall.") else: log.warning("ip6tables-restore and ip6tables are missing, " "disabling IPv6 firewall.") self.ip6tables_enabled = False if self.ip6tables_enabled: self.ip6tables_supported_icmp_types = \ self.ip6tables_backend.supported_icmp_types() else: self.ip6tables_supported_icmp_types = [ ] self.ebtables_backend.fill_exists() if not self.ebtables_backend.restore_command_exists: if self.ebtables_backend.command_exists: log.warning("ebtables-restore is missing, using " "individual calls for bridge firewall.") else: log.warning("ebtables-restore and ebtables are missing, " "disabling bridge firewall.") self.ebtables_enabled = False if self.ebtables_enabled and not self._individual_calls and \ not self.ebtables_backend.restore_noflush_option: log.debug1("ebtables-restore is not supporting the --noflush " "option, will therefore not be used") def _start(self, reload=False, complete_reload=False): # initialize firewall default_zone = config.FALLBACK_ZONE # load firewalld config log.debug1("Loading firewalld config file '%s'", config.FIREWALLD_CONF) try: self._firewalld_conf.read() except Exception as msg: log.warning(msg) log.warning("Using fallback firewalld configuration settings.") else: if self._firewalld_conf.get("DefaultZone"): default_zone = self._firewalld_conf.get("DefaultZone") if self._firewalld_conf.get("CleanupOnExit"): value = self._firewalld_conf.get("CleanupOnExit") if value is not None and value.lower() in [ "no", "false" ]: self.cleanup_on_exit = False log.debug1("CleanupOnExit is set to '%s'", self.cleanup_on_exit) if self._firewalld_conf.get("Lockdown"): value = self._firewalld_conf.get("Lockdown") if value is not None and value.lower() in [ "yes", "true" ]: log.debug1("Lockdown is enabled") try: self.policies.enable_lockdown() except FirewallError: # already enabled, this is probably reload pass if self._firewalld_conf.get("IPv6_rpfilter"): value = self._firewalld_conf.get("IPv6_rpfilter") if value is not None: if value.lower() in [ "no", "false" ]: self.ipv6_rpfilter_enabled = False if value.lower() in [ "yes", "true" ]: self.ipv6_rpfilter_enabled = True if self.ipv6_rpfilter_enabled: log.debug1("IPv6 rpfilter is enabled") else: log.debug1("IPV6 rpfilter is disabled") if self._firewalld_conf.get("IndividualCalls"): value = self._firewalld_conf.get("IndividualCalls") if value is not None and value.lower() in [ "yes", "true" ]: log.debug1("IndividualCalls is enabled") self._individual_calls = True if self._firewalld_conf.get("LogDenied"): value = self._firewalld_conf.get("LogDenied") if value is None or value.lower() == "no": self._log_denied = "off" else: self._log_denied = value.lower() log.debug1("LogDenied is set to '%s'", self._log_denied) if self._firewalld_conf.get("FirewallBackend"): self._firewall_backend = self._firewalld_conf.get("FirewallBackend") log.debug1("FirewallBackend is set to '%s'", self._firewall_backend) if self._firewalld_conf.get("FlushAllOnReload"): value = self._firewalld_conf.get("FlushAllOnReload") if value.lower() in [ "no", "false" ]: self._flush_all_on_reload = False else: self._flush_all_on_reload = True log.debug1("FlushAllOnReload is set to '%s'", self._flush_all_on_reload) if self._firewalld_conf.get("RFC3964_IPv4"): value = self._firewalld_conf.get("RFC3964_IPv4") if value.lower() in [ "no", "false" ]: self._rfc3964_ipv4 = False else: self._rfc3964_ipv4 = True log.debug1("RFC3964_IPv4 is set to '%s'", self._rfc3964_ipv4) if self._firewalld_conf.get("AllowZoneDrifting"): value = self._firewalld_conf.get("AllowZoneDrifting") if value.lower() in [ "no", "false" ]: self._allow_zone_drifting = False else: self._allow_zone_drifting = True if not self._offline: log.warning("AllowZoneDrifting is enabled. This is considered " "an insecure configuration option. It will be " "removed in a future release. Please consider " "disabling it now.") log.debug1("AllowZoneDrifting is set to '%s'", self._allow_zone_drifting) self.config.set_firewalld_conf(copy.deepcopy(self._firewalld_conf)) self._select_firewall_backend(self._firewall_backend) if not self._offline: self._start_check() # load lockdown whitelist log.debug1("Loading lockdown whitelist") try: self.policies.lockdown_whitelist.read() except Exception as msg: if self.policies.query_lockdown(): log.error("Failed to load lockdown whitelist '%s': %s", self.policies.lockdown_whitelist.filename, msg) else: log.debug1("Failed to load lockdown whitelist '%s': %s", self.policies.lockdown_whitelist.filename, msg) # copy policies to config interface self.config.set_policies(copy.deepcopy(self.policies)) # load ipset files self._loader(config.FIREWALLD_IPSETS, "ipset") self._loader(config.ETC_FIREWALLD_IPSETS, "ipset") # load icmptype files self._loader(config.FIREWALLD_ICMPTYPES, "icmptype") self._loader(config.ETC_FIREWALLD_ICMPTYPES, "icmptype") if len(self.icmptype.get_icmptypes()) == 0: log.error("No icmptypes found.") # load helper files self._loader(config.FIREWALLD_HELPERS, "helper") self._loader(config.ETC_FIREWALLD_HELPERS, "helper") # load service files self._loader(config.FIREWALLD_SERVICES, "service") self._loader(config.ETC_FIREWALLD_SERVICES, "service") if len(self.service.get_services()) == 0: log.error("No services found.") # load zone files self._loader(config.FIREWALLD_ZONES, "zone") self._loader(config.ETC_FIREWALLD_ZONES, "zone") if len(self.zone.get_zones()) == 0: log.fatal("No zones found.") sys.exit(1) # check minimum required zones error = False for z in [ "block", "drop", "trusted" ]: if z not in self.zone.get_zones(): log.fatal("Zone '%s' is not available.", z) error = True if error: sys.exit(1) # check if default_zone is a valid zone if default_zone not in self.zone.get_zones(): if "public" in self.zone.get_zones(): zone = "public" elif "external" in self.zone.get_zones(): zone = "external" else: zone = "block" # block is a base zone, therefore it has to exist log.error("Default zone '%s' is not valid. Using '%s'.", default_zone, zone) default_zone = zone else: log.debug1("Using default zone '%s'", default_zone) # load direct rules obj = Direct(config.FIREWALLD_DIRECT) if os.path.exists(config.FIREWALLD_DIRECT): log.debug1("Loading direct rules file '%s'" % \ config.FIREWALLD_DIRECT) try: obj.read() except Exception as msg: log.error("Failed to load direct rules file '%s': %s", config.FIREWALLD_DIRECT, msg) self.direct.set_permanent_config(obj) self.config.set_direct(copy.deepcopy(obj)) self._default_zone = self.check_zone(default_zone) if self._offline: return # check if needed tables are there self._check_tables() if log.getDebugLogLevel() > 0: # get time before flushing and applying tm1 = time.time() # Start transaction transaction = FirewallTransaction(self) # flush rules self.flush(use_transaction=transaction) # If modules need to be unloaded in complete reload or if there are # ipsets to get applied, limit the transaction to flush. # # Future optimization for the ipset case in reload: The transaction # only needs to be split here if there are conflicting ipset types in # exsting ipsets and the configuration in firewalld. if (reload and complete_reload) or \ (self.ipset_enabled and self.ipset.has_ipsets()): transaction.execute(True) transaction.clear() # complete reload: unload modules also if reload and complete_reload: log.debug1("Unloading firewall modules") self.modules_backend.unload_firewall_modules() self.apply_default_tables(use_transaction=transaction) transaction.execute(True) transaction.clear() # apply settings for loaded ipsets while reloading here if self.ipset_enabled and self.ipset.has_ipsets(): log.debug1("Applying ipsets") self.ipset.apply_ipsets() # Start or continue with transaction # apply default rules log.debug1("Applying default rule set") self.apply_default_rules(use_transaction=transaction) # apply settings for loaded zones log.debug1("Applying used zones") self.zone.apply_zones(use_transaction=transaction) self.zone.change_default_zone(None, self._default_zone, use_transaction=transaction) # Execute transaction transaction.execute(True) # Start new transaction for direct rules transaction.clear() # apply direct chains, rules and passthrough rules if self.direct.has_configuration(): log.debug1("Applying direct chains rules and passthrough rules") self.direct.apply_direct(transaction) # since direct rules are easy to make syntax errors lets highlight # the cause if the transaction fails. try: transaction.execute(True) transaction.clear() except FirewallError as e: raise FirewallError(e.code, "Direct: %s" % (e.msg if e.msg else "")) except Exception: raise del transaction if log.getDebugLogLevel() > 1: # get time after flushing and applying tm2 = time.time() log.debug2("Flushing and applying took %f seconds" % (tm2 - tm1)) def start(self): try: self._start() except Exception: self._state = "FAILED" self.set_policy("ACCEPT") raise else: self._state = "RUNNING" self.set_policy("ACCEPT") def _loader(self, path, reader_type, combine=False): # combine: several zone files are getting combined into one obj if not os.path.isdir(path): return if combine: if path.startswith(config.ETC_FIREWALLD) and reader_type == "zone": combined_zone = Zone() combined_zone.name = os.path.basename(path) combined_zone.check_name(combined_zone.name) combined_zone.path = path combined_zone.default = False else: combine = False for filename in sorted(os.listdir(path)): if not filename.endswith(".xml"): if path.startswith(config.ETC_FIREWALLD) and \ reader_type == "zone" and \ os.path.isdir("%s/%s" % (path, filename)): self._loader("%s/%s" % (path, filename), reader_type, combine=True) continue name = "%s/%s" % (path, filename) log.debug1("Loading %s file '%s'", reader_type, name) try: if reader_type == "icmptype": obj = icmptype_reader(filename, path) if obj.name in self.icmptype.get_icmptypes(): orig_obj = self.icmptype.get_icmptype(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.icmptype.remove_icmptype(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True try: self.icmptype.add_icmptype(obj) except FirewallError as error: log.info1("%s: %s, ignoring for run-time." % \ (obj.name, str(error))) # add a deep copy to the configuration interface self.config.add_icmptype(copy.deepcopy(obj)) elif reader_type == "service": obj = service_reader(filename, path) if obj.name in self.service.get_services(): orig_obj = self.service.get_service(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.service.remove_service(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True self.service.add_service(obj) # add a deep copy to the configuration interface self.config.add_service(copy.deepcopy(obj)) elif reader_type == "zone": obj = zone_reader(filename, path, no_check_name=combine) if combine: # Change name for permanent configuration obj.name = "%s/%s" % ( os.path.basename(path), os.path.basename(filename)[0:-4]) obj.check_name(obj.name) # Copy object before combine config_obj = copy.deepcopy(obj) if obj.name in self.zone.get_zones(): orig_obj = self.zone.get_zone(obj.name) self.zone.remove_zone(orig_obj.name) if orig_obj.combined: log.debug1(" Combining %s '%s' ('%s/%s')", reader_type, obj.name, path, filename) obj.combine(orig_obj) else: log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True config_obj.default = True self.config.add_zone(config_obj) if combine: log.debug1(" Combining %s '%s' ('%s/%s')", reader_type, combined_zone.name, path, filename) combined_zone.combine(obj) else: self.zone.add_zone(obj) elif reader_type == "ipset": obj = ipset_reader(filename, path) if obj.name in self.ipset.get_ipsets(): orig_obj = self.ipset.get_ipset(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.ipset.remove_ipset(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True try: self.ipset.add_ipset(obj) except FirewallError as error: log.warning("%s: %s, ignoring for run-time." % \ (obj.name, str(error))) # add a deep copy to the configuration interface self.config.add_ipset(copy.deepcopy(obj)) elif reader_type == "helper": obj = helper_reader(filename, path) if obj.name in self.helper.get_helpers(): orig_obj = self.helper.get_helper(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.helper.remove_helper(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True self.helper.add_helper(obj) # add a deep copy to the configuration interface self.config.add_helper(copy.deepcopy(obj)) else: log.fatal("Unknown reader type %s", reader_type) except FirewallError as msg: log.error("Failed to load %s file '%s': %s", reader_type, name, msg) except Exception: log.error("Failed to load %s file '%s':", reader_type, name) log.exception() if combine and combined_zone.combined: if combined_zone.name in self.zone.get_zones(): orig_obj = self.zone.get_zone(combined_zone.name) log.debug1(" Overloading and deactivating %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) try: self.zone.remove_zone(combined_zone.name) except Exception: pass self.config.forget_zone(combined_zone.name) self.zone.add_zone(combined_zone) def cleanup(self): self.icmptype.cleanup() self.service.cleanup() self.zone.cleanup() self.ipset.cleanup() self.helper.cleanup() self.config.cleanup() self.direct.cleanup() self.policies.cleanup() self._firewalld_conf.cleanup() self.__init_vars() def stop(self): if self.cleanup_on_exit and not self._offline: self.flush() self.ipset.flush() self.set_policy("ACCEPT") self.modules_backend.unload_firewall_modules() self.cleanup() # handle modules def handle_modules(self, _modules, enable): num_failed = 0 error_msgs = "" for i,module in enumerate(_modules): if enable: (status, msg) = self.modules_backend.load_module(module) else: if self._module_refcount[module] > 1: status = 0 # module referenced more then one, do not unload else: (status, msg) = self.modules_backend.unload_module(module) if status != 0: num_failed += 1 error_msgs += msg continue if enable: self._module_refcount.setdefault(module, 0) self._module_refcount[module] += 1 else: if module in self._module_refcount: self._module_refcount[module] -= 1 if self._module_refcount[module] == 0: del self._module_refcount[module] return (num_failed, error_msgs) def _select_firewall_backend(self, backend): if backend != "nftables": self.nftables_enabled = False # even if using nftables, the other backends are enabled for use with # the direct interface. nftables is used for the firewalld primitives. def get_backend_by_name(self, name): for backend in self.all_backends(): if backend.name == name: return backend raise FirewallError(errors.UNKNOWN_ERROR, "'%s' backend does not exist" % name) def get_backend_by_ipv(self, ipv): if self.nftables_enabled: return self.nftables_backend if ipv == "ipv4" and self.ip4tables_enabled: return self.ip4tables_backend elif ipv == "ipv6" and self.ip6tables_enabled: return self.ip6tables_backend elif ipv == "eb" and self.ebtables_enabled: return self.ebtables_backend raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend or is unavailable" % ipv) def get_direct_backend_by_ipv(self, ipv): if ipv == "ipv4" and self.ip4tables_enabled: return self.ip4tables_backend elif ipv == "ipv6" and self.ip6tables_enabled: return self.ip6tables_backend elif ipv == "eb" and self.ebtables_enabled: return self.ebtables_backend raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend or is unavailable" % ipv) def is_backend_enabled(self, name): if name == "ip4tables": return self.ip4tables_enabled elif name == "ip6tables": return self.ip6tables_enabled elif name == "ebtables": return self.ebtables_enabled elif name == "nftables": return self.nftables_enabled return False def is_ipv_enabled(self, ipv): if self.nftables_enabled: return True if ipv == "ipv4": return self.ip4tables_enabled elif ipv == "ipv6": return self.ip6tables_enabled elif ipv == "eb": return self.ebtables_enabled return False def enabled_backends(self): backends = [] if self.nftables_enabled: backends.append(self.nftables_backend) else: if self.ip4tables_enabled: backends.append(self.ip4tables_backend) if self.ip6tables_enabled: backends.append(self.ip6tables_backend) if self.ebtables_enabled: backends.append(self.ebtables_backend) return backends def all_backends(self): backends = [] if self.ip4tables_enabled: backends.append(self.ip4tables_backend) if self.ip6tables_enabled: backends.append(self.ip6tables_backend) if self.ebtables_enabled: backends.append(self.ebtables_backend) if self.nftables_enabled: backends.append(self.nftables_backend) return backends def apply_default_tables(self, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction for backend in self.enabled_backends(): transaction.add_rules(backend, backend.build_default_tables()) if use_transaction is None: transaction.execute(True) def apply_default_rules(self, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction for backend in self.enabled_backends(): rules = backend.build_default_rules(self._log_denied) transaction.add_rules(backend, rules) if self.is_ipv_enabled("ipv6"): ipv6_backend = self.get_backend_by_ipv("ipv6") if "raw" in ipv6_backend.get_available_tables(): if self.ipv6_rpfilter_enabled: rules = ipv6_backend.build_rpfilter_rules(self._log_denied) transaction.add_rules(ipv6_backend, rules) if self.is_ipv_enabled("ipv6") and self._rfc3964_ipv4: rules = ipv6_backend.build_rfc3964_ipv4_rules() transaction.add_rules(ipv6_backend, rules) if use_transaction is None: transaction.execute(True) # flush and policy def flush(self, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction log.debug1("Flushing rule set") for backend in self.all_backends(): rules = backend.build_flush_rules() transaction.add_rules(backend, rules) if use_transaction is None: transaction.execute(True) def set_policy(self, policy, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction log.debug1("Setting policy to '%s'", policy) for backend in self.enabled_backends(): rules = backend.build_set_policy_rules(policy) transaction.add_rules(backend, rules) if use_transaction is None: transaction.execute(True) # rule function used in handle_ functions def rule(self, backend_name, rule): if not rule: return "" backend = self.get_backend_by_name(backend_name) if not backend: raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend" % backend_name) if not self.is_backend_enabled(backend_name): return "" return backend.set_rule(rule, self._log_denied) def rules(self, backend_name, rules): _rules = list(filter(None, rules)) backend = self.get_backend_by_name(backend_name) if not backend: raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend" % backend_name) if not self.is_backend_enabled(backend_name): return if self._individual_calls or \ not backend.restore_command_exists or \ (backend_name == "ebtables" and not self.ebtables_backend.restore_noflush_option): for i,rule in enumerate(_rules): try: backend.set_rule(rule, self._log_denied) except Exception as msg: log.debug1(traceback.format_exc()) log.error(msg) for rule in reversed(_rules[:i]): try: backend.set_rule(backend.reverse_rule(rule), self._log_denied) except Exception: # ignore errors here pass raise msg else: backend.set_rules(_rules, self._log_denied) # check functions def check_panic(self): if self._panic: raise FirewallError(errors.PANIC_MODE) def check_zone(self, zone): _zone = zone if not _zone or _zone == "": _zone = self.get_default_zone() if _zone not in self.zone.get_zones(): raise FirewallError(errors.INVALID_ZONE, _zone) return _zone def check_interface(self, interface): if not functions.checkInterface(interface): raise FirewallError(errors.INVALID_INTERFACE, interface) def check_service(self, service): self.service.check_service(service) def check_port(self, port): if not functions.check_port(port): raise FirewallError(errors.INVALID_PORT, port) def check_tcpudp(self, protocol): if not protocol: raise FirewallError(errors.MISSING_PROTOCOL) if protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \ protocol) def check_ip(self, ip): if not functions.checkIP(ip): raise FirewallError(errors.INVALID_ADDR, ip) def check_address(self, ipv, source): if ipv == "ipv4": if not functions.checkIPnMask(source): raise FirewallError(errors.INVALID_ADDR, source) elif ipv == "ipv6": if not functions.checkIP6nMask(source): raise FirewallError(errors.INVALID_ADDR, source) else: raise FirewallError(errors.INVALID_IPV, "'%s' not in {'ipv4'|'ipv6'}") def check_icmptype(self, icmp): self.icmptype.check_icmptype(icmp) def check_timeout(self, timeout): if not isinstance(timeout, int): raise TypeError("%s is %s, expected int" % (timeout, type(timeout))) if int(timeout) < 0: raise FirewallError(errors.INVALID_VALUE, "timeout '%d' is not positive number" % timeout) # RELOAD def reload(self, stop=False): _panic = self._panic # must stash this. The value may change after _start() flush_all = self._flush_all_on_reload if not flush_all: # save zone interfaces _zone_interfaces = { } for zone in self.zone.get_zones(): _zone_interfaces[zone] = self.zone.get_settings(zone)["interfaces"] # save direct config _direct_config = self.direct.get_runtime_config() _old_dz = self.get_default_zone() _ipset_objs = [] for _name in self.ipset.get_ipsets(): _ipset_objs.append(self.ipset.get_ipset(_name)) if not _panic: self.set_policy("DROP") # stop self.cleanup() start_exception = None try: self._start(reload=True, complete_reload=stop) except Exception as e: # save the exception for later, but continue restoring interfaces, # etc. We'll re-raise it at the end. start_exception = e # destroy ipsets no longer in the permanent configuration if flush_all: for obj in _ipset_objs: if not self.ipset.query_ipset(obj.name): for backend in self.ipset.backends(): # nftables sets are part of the normal firewall ruleset. if backend.name == "nftables": continue backend.set_destroy(obj.name) if not flush_all: # handle interfaces in the default zone and move them to the new # default zone if it changed _new_dz = self.get_default_zone() if _new_dz != _old_dz: # if_new_dz has been introduced with the reload, we need to add it # https://github.com/firewalld/firewalld/issues/53 if _new_dz not in _zone_interfaces: _zone_interfaces[_new_dz] = { } # default zone changed. Move interfaces from old default zone to # the new one. for iface, settings in list(_zone_interfaces[_old_dz].items()): if settings["__default__"]: # move only those that were added to default zone # (not those that were added to specific zone same as # default) _zone_interfaces[_new_dz][iface] = \ _zone_interfaces[_old_dz][iface] del _zone_interfaces[_old_dz][iface] # add interfaces to zones again for zone in self.zone.get_zones(): if zone in _zone_interfaces: self.zone.set_settings(zone, { "interfaces": _zone_interfaces[zone] }) del _zone_interfaces[zone] else: log.info1("New zone '%s'.", zone) if len(_zone_interfaces) > 0: for zone in list(_zone_interfaces.keys()): log.info1("Lost zone '%s', zone interfaces dropped.", zone) del _zone_interfaces[zone] del _zone_interfaces # restore runtime-only ipsets for obj in _ipset_objs: if self.ipset.query_ipset(obj.name): for entry in obj.entries: try: self.ipset.add_entry(obj.name, entry) except FirewallError as msg: if msg.code != errors.ALREADY_ENABLED: raise msg else: self.ipset.add_ipset(obj) self.ipset.apply_ipset(obj.name) # restore direct config self.direct.set_config(_direct_config) # Restore permanent interfaces from NetworkManager nm_bus_name = nm_get_bus_name() if nm_bus_name: for zone in self.zone.get_zones() + [""]: for interface in nm_get_interfaces_in_zone(zone): self.zone.change_zone_of_interface(zone, interface, sender=nm_bus_name) self._panic = _panic if not self._panic: self.set_policy("ACCEPT") if start_exception: self._state = "FAILED" raise start_exception else: self._state = "RUNNING" # STATE def get_state(self): return self._state # PANIC MODE def enable_panic_mode(self): if self._panic: raise FirewallError(errors.ALREADY_ENABLED, "panic mode already enabled") try: self.set_policy("PANIC") except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) self._panic = True def disable_panic_mode(self): if not self._panic: raise FirewallError(errors.NOT_ENABLED, "panic mode is not enabled") try: self.set_policy("ACCEPT") except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) self._panic = False def query_panic_mode(self): return self._panic # LOG DENIED def get_log_denied(self): return self._log_denied def set_log_denied(self, value): if value not in config.LOG_DENIED_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s', choose from '%s'" % \ (value, "','".join(config.LOG_DENIED_VALUES))) if value != self.get_log_denied(): self._log_denied = value self._firewalld_conf.set("LogDenied", value) self._firewalld_conf.write() else: raise FirewallError(errors.ALREADY_SET, value) # DEFAULT ZONE def get_default_zone(self): return self._default_zone def set_default_zone(self, zone): _zone = self.check_zone(zone) if _zone != self._default_zone: _old_dz = self._default_zone self._default_zone = _zone self._firewalld_conf.set("DefaultZone", _zone) self._firewalld_conf.write() # remove old default zone from ZONES and add new default zone self.zone.change_default_zone(_old_dz, _zone) # Move interfaces from old default zone to the new one. _old_dz_settings = self.zone.get_settings(_old_dz) for iface, settings in list(_old_dz_settings["interfaces"].items()): if settings["__default__"]: # move only those that were added to default zone # (not those that were added to specific zone same as default) self.zone.change_zone_of_interface("", iface) else: raise FirewallError(errors.ZONE_ALREADY_SET, _zone) firewalld-0.8.2/src/firewall/core/fw_icmptype.py0000664007115300711530000000543013341016621023077 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallIcmpType" ] import copy from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class FirewallIcmpType(object): def __init__(self, fw): self._fw = fw self._icmptypes = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._icmptypes) def cleanup(self): self._icmptypes.clear() # zones def get_icmptypes(self): return sorted(self._icmptypes.keys()) def check_icmptype(self, icmptype): if icmptype not in self._icmptypes: raise FirewallError(errors.INVALID_ICMPTYPE, icmptype) def get_icmptype(self, icmptype): self.check_icmptype(icmptype) return self._icmptypes[icmptype] def add_icmptype(self, obj): orig_ipvs = obj.destination if len(orig_ipvs) == 0: orig_ipvs = [ "ipv4", "ipv6" ] ipvs = orig_ipvs[:] for ipv in orig_ipvs: if ipv == "ipv4": if not self._fw.ip4tables_enabled: continue supported_icmps = self._fw.ip4tables_supported_icmp_types elif ipv == "ipv6": if not self._fw.ip6tables_enabled: continue supported_icmps = self._fw.ip6tables_supported_icmp_types else: supported_icmps = [ ] if obj.name.lower() not in supported_icmps: log.info1("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv)) ipvs.remove(ipv) if len(ipvs) != len(orig_ipvs): if len(ipvs) < 1: raise FirewallError(errors.INVALID_ICMPTYPE, "No supported ICMP type.") new_obj = copy.deepcopy(obj) new_obj.destination = ipvs self._icmptypes[obj.name] = new_obj else: self._icmptypes[obj.name] = obj def remove_icmptype(self, icmptype): self.check_icmptype(icmptype) del self._icmptypes[icmptype] firewalld-0.8.2/src/firewall/core/prog.py0000664007115300711530000000274613341016621021527 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import subprocess __all__ = ["runProg"] def runProg(prog, argv=None, stdin=None): if argv is None: argv = [] args = [prog] + argv input_string = None if stdin: with open(stdin, 'r') as handle: input_string = handle.read().encode() env = {'LANG': 'C'} try: process = subprocess.Popen(args, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, close_fds=True, env=env) except OSError: return (255, '') (output, err_output) = process.communicate(input_string) output = output.decode('utf-8', 'replace') return (process.returncode, output) firewalld-0.8.2/src/firewall/core/fw_direct.py0000664007115300711530000005016613617024232022530 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallDirect" ] from firewall.fw_types import LastUpdatedOrderedDict from firewall.core import ipXtables from firewall.core import ebtables from firewall.core.fw_transaction import FirewallTransaction from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class Firewall # ############################################################################ class FirewallDirect(object): def __init__(self, fw): self._fw = fw self.__init_vars() def __repr__(self): return '%s(%r, %r, %r)' % (self.__class__, self._chains, self._rules, self._rule_priority_positions) def __init_vars(self): self._chains = { } self._rules = { } self._rule_priority_positions = { } self._passthroughs = { } self._obj = None def cleanup(self): self.__init_vars() # transaction def new_transaction(self): return FirewallTransaction(self._fw) # configuration def set_permanent_config(self, obj): self._obj = obj def has_configuration(self): if len(self._chains) + len(self._rules) + len(self._passthroughs) > 0: return True if len(self._obj.get_all_chains()) + \ len(self._obj.get_all_rules()) + \ len(self._obj.get_all_passthroughs()) > 0: return True return False def apply_direct(self, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction # Apply permanent configuration and save the obj to be able to # remove permanent configuration settings within get_runtime_config # for use in firewalld reload. self.set_config((self._obj.get_all_chains(), self._obj.get_all_rules(), self._obj.get_all_passthroughs()), transaction) if use_transaction is None: transaction.execute(True) def get_runtime_config(self): # Return only runtime changes # Remove all chains, rules and passthroughs that are in self._obj # (permanent config applied in firewalld _start. chains = { } rules = { } passthroughs = { } for table_id in self._chains: (ipv, table) = table_id for chain in self._chains[table_id]: if not self._obj.query_chain(ipv, table, chain): chains.setdefault(table_id, [ ]).append(chain) for chain_id in self._rules: (ipv, table, chain) = chain_id for (priority, args) in self._rules[chain_id]: if not self._obj.query_rule(ipv, table, chain, priority, args): if chain_id not in rules: rules[chain_id] = LastUpdatedOrderedDict() rules[chain_id][(priority, args)] = priority for ipv in self._passthroughs: for args in self._passthroughs[ipv]: if not self._obj.query_passthrough(ipv, args): if ipv not in passthroughs: passthroughs[ipv] = [ ] passthroughs[ipv].append(args) return (chains, rules, passthroughs) def get_config(self): return (self._chains, self._rules, self._passthroughs) def set_config(self, conf, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction (_chains, _rules, _passthroughs) = conf for table_id in _chains: (ipv, table) = table_id for chain in _chains[table_id]: if not self.query_chain(ipv, table, chain): try: self.add_chain(ipv, table, chain, use_transaction=transaction) except FirewallError as error: log.warning(str(error)) for chain_id in _rules: (ipv, table, chain) = chain_id for (priority, args) in _rules[chain_id]: if not self.query_rule(ipv, table, chain, priority, args): try: self.add_rule(ipv, table, chain, priority, args, use_transaction=transaction) except FirewallError as error: log.warning(str(error)) for ipv in _passthroughs: for args in _passthroughs[ipv]: if not self.query_passthrough(ipv, args): try: self.add_passthrough(ipv, args, use_transaction=transaction) except FirewallError as error: log.warning(str(error)) if use_transaction is None: transaction.execute(True) def _check_ipv(self, ipv): ipvs = ['ipv4', 'ipv6', 'eb'] if ipv not in ipvs: raise FirewallError(errors.INVALID_IPV, "'%s' not in '%s'" % (ipv, ipvs)) def _check_ipv_table(self, ipv, table): self._check_ipv(ipv) tables = ipXtables.BUILT_IN_CHAINS.keys() if ipv in [ 'ipv4', 'ipv6' ] \ else ebtables.BUILT_IN_CHAINS.keys() if table not in tables: raise FirewallError(errors.INVALID_TABLE, "'%s' not in '%s'" % (table, tables)) def _check_builtin_chain(self, ipv, table, chain): if ipv in ['ipv4', 'ipv6']: built_in_chains = ipXtables.BUILT_IN_CHAINS[table] if self._fw.nftables_enabled: our_chains = {} else: our_chains = self._fw.get_direct_backend_by_ipv(ipv).our_chains[table] else: built_in_chains = ebtables.BUILT_IN_CHAINS[table] our_chains = ebtables.OUR_CHAINS[table] if chain in built_in_chains: raise FirewallError(errors.BUILTIN_CHAIN, "chain '%s' is built-in chain" % chain) if chain in our_chains: raise FirewallError(errors.BUILTIN_CHAIN, "chain '%s' is reserved" % chain) if ipv in [ "ipv4", "ipv6" ]: if self._fw.zone.zone_from_chain(chain) is not None: raise FirewallError(errors.INVALID_CHAIN, "Chain '%s' is reserved" % chain) def _register_chain(self, table_id, chain, add): if add: self._chains.setdefault(table_id, [ ]).append(chain) else: self._chains[table_id].remove(chain) if len(self._chains[table_id]) == 0: del self._chains[table_id] def add_chain(self, ipv, table, chain, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction #TODO: policy="ACCEPT" self._chain(True, ipv, table, chain, transaction) if use_transaction is None: transaction.execute(True) def remove_chain(self, ipv, table, chain, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._chain(False, ipv, table, chain, transaction) if use_transaction is None: transaction.execute(True) def query_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) self._check_builtin_chain(ipv, table, chain) table_id = (ipv, table) return (table_id in self._chains and chain in self._chains[table_id]) def get_chains(self, ipv, table): self._check_ipv_table(ipv, table) table_id = (ipv, table) if table_id in self._chains: return self._chains[table_id] return [ ] def get_all_chains(self): r = [ ] for key in self._chains: (ipv, table) = key for chain in self._chains[key]: r.append((ipv, table, chain)) return r def add_rule(self, ipv, table, chain, priority, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._rule(True, ipv, table, chain, priority, args, transaction) if use_transaction is None: transaction.execute(True) def remove_rule(self, ipv, table, chain, priority, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._rule(False, ipv, table, chain, priority, args, transaction) if use_transaction is None: transaction.execute(True) def query_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) chain_id = (ipv, table, chain) return chain_id in self._rules and \ (priority, args) in self._rules[chain_id] def get_rules(self, ipv, table, chain): self._check_ipv_table(ipv, table) chain_id = (ipv, table, chain) if chain_id in self._rules: return list(self._rules[chain_id].keys()) return [ ] def get_all_rules(self): r = [ ] for key in self._rules: (ipv, table, chain) = key for (priority, args) in self._rules[key]: r.append((ipv, table, chain, priority, list(args))) return r def _register_rule(self, rule_id, chain_id, priority, enable): if enable: if chain_id not in self._rules: self._rules[chain_id] = LastUpdatedOrderedDict() self._rules[chain_id][rule_id] = priority if chain_id not in self._rule_priority_positions: self._rule_priority_positions[chain_id] = { } if priority in self._rule_priority_positions[chain_id]: self._rule_priority_positions[chain_id][priority] += 1 else: self._rule_priority_positions[chain_id][priority] = 1 else: del self._rules[chain_id][rule_id] if len(self._rules[chain_id]) == 0: del self._rules[chain_id] self._rule_priority_positions[chain_id][priority] -= 1 # DIRECT PASSTHROUGH (untracked) def passthrough(self, ipv, args): try: return self._fw.rule(self._fw.get_direct_backend_by_ipv(ipv).name, args) except Exception as msg: log.debug2(msg) raise FirewallError(errors.COMMAND_FAILED, msg) def _register_passthrough(self, ipv, args, enable): if enable: if ipv not in self._passthroughs: self._passthroughs[ipv] = [ ] self._passthroughs[ipv].append(args) else: self._passthroughs[ipv].remove(args) if len(self._passthroughs[ipv]) == 0: del self._passthroughs[ipv] def add_passthrough(self, ipv, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._passthrough(True, ipv, list(args), transaction) if use_transaction is None: transaction.execute(True) def remove_passthrough(self, ipv, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._passthrough(False, ipv, list(args), transaction) if use_transaction is None: transaction.execute(True) def query_passthrough(self, ipv, args): return ipv in self._passthroughs and \ tuple(args) in self._passthroughs[ipv] def get_all_passthroughs(self): r = [ ] for ipv in self._passthroughs: for args in self._passthroughs[ipv]: r.append((ipv, list(args))) return r def get_passthroughs(self, ipv): r = [ ] if ipv in self._passthroughs: for args in self._passthroughs[ipv]: r.append(list(args)) return r def _rule(self, enable, ipv, table, chain, priority, args, transaction): self._check_ipv_table(ipv, table) # Do not create zone chains if we're using nftables. Only allow direct # rules in the built in chains. if not self._fw.nftables_enabled \ and ipv in [ "ipv4", "ipv6" ]: self._fw.zone.create_zone_base_by_chain(ipv, table, chain, transaction) _chain = chain backend = self._fw.get_direct_backend_by_ipv(ipv) # if nftables is in use, just put the direct rules in the chain # specified by the user. i.e. don't append _direct. if not self._fw.nftables_enabled \ and backend.is_chain_builtin(ipv, table, chain): _chain = "%s_direct" % (chain) elif self._fw.nftables_enabled and chain[-7:] == "_direct" \ and backend.is_chain_builtin(ipv, table, chain[:-7]): # strip _direct suffix. If we're using nftables we don't bother # creating the *_direct chains for builtin chains. _chain = chain[:-7] chain_id = (ipv, table, chain) rule_id = (priority, args) if enable: if chain_id in self._rules and \ rule_id in self._rules[chain_id]: raise FirewallError(errors.ALREADY_ENABLED, "rule '%s' already is in '%s:%s:%s'" % \ (args, ipv, table, chain)) else: if chain_id not in self._rules or \ rule_id not in self._rules[chain_id]: raise FirewallError(errors.NOT_ENABLED, "rule '%s' is not in '%s:%s:%s'" % \ (args, ipv, table, chain)) # get priority of rule priority = self._rules[chain_id][rule_id] # If a rule gets added, the initial rule index position within the # ipv, table and chain combination (chain_id) is 1. # Tf the chain_id exists in _rule_priority_positions, there are already # other rules for this chain_id. The number of rules for a priority # less or equal to the priority of the new rule will increase the # index of the new rule. The index is the ip*tables -I insert rule # number. # # Example: We have the following rules for chain_id (ipv4, filter, # INPUT) already: # ipv4, filter, INPUT, 1, -i, foo1, -j, ACCEPT # ipv4, filter, INPUT, 2, -i, foo2, -j, ACCEPT # ipv4, filter, INPUT, 2, -i, foo2_1, -j, ACCEPT # ipv4, filter, INPUT, 3, -i, foo3, -j, ACCEPT # This results in the following _rule_priority_positions structure: # _rule_priority_positions[(ipv4,filter,INPUT)][1] = 1 # _rule_priority_positions[(ipv4,filter,INPUT)][2] = 2 # _rule_priority_positions[(ipv4,filter,INPUT)][3] = 1 # The new rule # ipv4, filter, INPUT, 2, -i, foo2_2, -j, ACCEPT # has the same pritority as the second rule before and will be added # right after it. # The initial index is 1 and the chain_id is already in # _rule_priority_positions. Therefore the index will increase for # the number of rules in every rule position in # _rule_priority_positions[(ipv4,filter,INPUT)].keys() # where position is smaller or equal to the entry in keys. # With the example from above: # The priority of the new rule is 2. Therefore for all keys in # _rule_priority_positions[chain_id] where priority is 1 or 2, the # number of the rules will increase the index of the rule. # For _rule_priority_positions[chain_id][1]: index += 1 # _rule_priority_positions[chain_id][2]: index += 2 # index will be 4 in the end and the rule in the table chain # combination will be added at index 4. # If there are no rules in the table chain combination, a new rule # has index 1. index = 1 if chain_id in self._rule_priority_positions: positions = sorted(self._rule_priority_positions[chain_id].keys()) j = 0 while j < len(positions) and priority >= positions[j]: index += self._rule_priority_positions[chain_id][positions[j]] j += 1 transaction.add_rule(backend, backend.build_rule(enable, table, _chain, index, args)) self._register_rule(rule_id, chain_id, priority, enable) transaction.add_fail(self._register_rule, rule_id, chain_id, priority, not enable) def _chain(self, add, ipv, table, chain, transaction): self._check_ipv_table(ipv, table) self._check_builtin_chain(ipv, table, chain) table_id = (ipv, table) if add: if table_id in self._chains and \ chain in self._chains[table_id]: raise FirewallError(errors.ALREADY_ENABLED, "chain '%s' already is in '%s:%s'" % \ (chain, ipv, table)) else: if table_id not in self._chains or \ chain not in self._chains[table_id]: raise FirewallError(errors.NOT_ENABLED, "chain '%s' is not in '%s:%s'" % \ (chain, ipv, table)) backend = self._fw.get_direct_backend_by_ipv(ipv) transaction.add_rules(backend, backend.build_chain_rules(add, table, chain)) self._register_chain(table_id, chain, add) transaction.add_fail(self._register_chain, table_id, chain, not add) def _passthrough(self, enable, ipv, args, transaction): self._check_ipv(ipv) tuple_args = tuple(args) if enable: if ipv in self._passthroughs and \ tuple_args in self._passthroughs[ipv]: raise FirewallError(errors.ALREADY_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) else: if ipv not in self._passthroughs or \ tuple_args not in self._passthroughs[ipv]: raise FirewallError(errors.NOT_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) backend = self._fw.get_direct_backend_by_ipv(ipv) if enable: backend.check_passthrough(args) # try to find out if a zone chain should be used if ipv in [ "ipv4", "ipv6" ]: table, chain = backend.passthrough_parse_table_chain(args) if table and chain: self._fw.zone.create_zone_base_by_chain(ipv, table, chain) _args = args else: _args = backend.reverse_passthrough(args) transaction.add_rule(backend, _args) self._register_passthrough(ipv, tuple_args, enable) transaction.add_fail(self._register_passthrough, ipv, tuple_args, not enable) firewalld-0.8.2/src/firewall/core/nftables.py0000664007115300711530000026137413641106137022367 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2018 Red Hat, Inc. # # Authors: # Eric Garver # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import absolute_import import copy import json from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET from firewall.core.logger import log from firewall.functions import check_mac, getPortRange, normalizeIP6, \ check_single_address, check_address from firewall.errors import FirewallError, UNKNOWN_ERROR, INVALID_RULE, \ INVALID_ICMPTYPE, INVALID_TYPE, INVALID_ENTRY, \ INVALID_PORT from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, \ Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock from nftables.nftables import Nftables TABLE_NAME = "firewalld" TABLE_NAME_POLICY = TABLE_NAME + "_" + "policy_drop" # Map iptables (table, chain) to hooks and priorities. # These are well defined by NF_IP_PRI_* defines in netfilter. # # This is analogous to ipXtables.BUILT_IN_CHAINS, but we omit the chains that # are only used for direct rules. # # Note: All hooks use their standard position + NFT_HOOK_OFFSET. This means # iptables will have DROP precedence. It also means that even if iptables # ACCEPTs a packet it may still be dropped later by firewalld's rules. # NFT_HOOK_OFFSET = 10 IPTABLES_TO_NFT_HOOK = { #"security": { # "INPUT": ("input", 50 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", 50 + NFT_HOOK_OFFSET), # "FORWARD": ("forward", 50 + NFT_HOOK_OFFSET), #}, "raw": { "PREROUTING": ("prerouting", -300 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", -300 + NFT_HOOK_OFFSET), }, "mangle": { "PREROUTING": ("prerouting", -150 + NFT_HOOK_OFFSET), # "POSTROUTING": ("postrouting", -150 + NFT_HOOK_OFFSET), # "INPUT": ("input", -150 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", -150 + NFT_HOOK_OFFSET), # "FORWARD": ("forward", -150 + NFT_HOOK_OFFSET), }, "nat": { "PREROUTING": ("prerouting", -100 + NFT_HOOK_OFFSET), "POSTROUTING": ("postrouting", 100 + NFT_HOOK_OFFSET), # "INPUT": ("input", 100 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", -100 + NFT_HOOK_OFFSET), }, "filter": { "INPUT": ("input", 0 + NFT_HOOK_OFFSET), "FORWARD": ("forward", 0 + NFT_HOOK_OFFSET), "OUTPUT": ("output", 0 + NFT_HOOK_OFFSET), }, } def _icmp_types_fragments(protocol, type, code=None): fragments = [{"match": {"left": {"payload": {"protocol": protocol, "field": "type"}}, "op": "==", "right": type}}] if code: fragments.append({"match": {"left": {"payload": {"protocol": protocol, "field": "code"}}, "op": "==", "right": code}}) return fragments # Most ICMP types are provided by nft, but for the codes we have to use numeric # values. # ICMP_TYPES_FRAGMENTS = { "ipv4": { "communication-prohibited": _icmp_types_fragments("icmp", "destination-unreachable", 13), "destination-unreachable": _icmp_types_fragments("icmp", "destination-unreachable"), "echo-reply": _icmp_types_fragments("icmp", "echo-reply"), "echo-request": _icmp_types_fragments("icmp", "echo-request"), "fragmentation-needed": _icmp_types_fragments("icmp", "destination-unreachable", 4), "host-precedence-violation": _icmp_types_fragments("icmp", "destination-unreachable", 14), "host-prohibited": _icmp_types_fragments("icmp", "destination-unreachable", 10), "host-redirect": _icmp_types_fragments("icmp", "redirect", 1), "host-unknown": _icmp_types_fragments("icmp", "destination-unreachable", 7), "host-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 1), "ip-header-bad": _icmp_types_fragments("icmp", "parameter-problem", 1), "network-prohibited": _icmp_types_fragments("icmp", "destination-unreachable", 8), "network-redirect": _icmp_types_fragments("icmp", "redirect", 0), "network-unknown": _icmp_types_fragments("icmp", "destination-unreachable", 6), "network-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 0), "parameter-problem": _icmp_types_fragments("icmp", "parameter-problem"), "port-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 3), "precedence-cutoff": _icmp_types_fragments("icmp", "destination-unreachable", 15), "protocol-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 2), "redirect": _icmp_types_fragments("icmp", "redirect"), "required-option-missing": _icmp_types_fragments("icmp", "parameter-problem", 1), "router-advertisement": _icmp_types_fragments("icmp", "router-advertisement"), "router-solicitation": _icmp_types_fragments("icmp", "router-solicitation"), "source-quench": _icmp_types_fragments("icmp", "source-quench"), "source-route-failed": _icmp_types_fragments("icmp", "destination-unreachable", 5), "time-exceeded": _icmp_types_fragments("icmp", "time-exceeded"), "timestamp-reply": _icmp_types_fragments("icmp", "timestamp-reply"), "timestamp-request": _icmp_types_fragments("icmp", "timestamp-request"), "tos-host-redirect": _icmp_types_fragments("icmp", "redirect", 3), "tos-host-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 12), "tos-network-redirect": _icmp_types_fragments("icmp", "redirect", 2), "tos-network-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 11), "ttl-zero-during-reassembly": _icmp_types_fragments("icmp", "time-exceeded", 1), "ttl-zero-during-transit": _icmp_types_fragments("icmp", "time-exceeded", 0), }, "ipv6": { "address-unreachable": _icmp_types_fragments("icmpv6", "destination-unreachable", 3), "bad-header": _icmp_types_fragments("icmpv6", "parameter-problem", 0), "beyond-scope": _icmp_types_fragments("icmpv6", "destination-unreachable", 2), "communication-prohibited": _icmp_types_fragments("icmpv6", "destination-unreachable", 1), "destination-unreachable": _icmp_types_fragments("icmpv6", "destination-unreachable"), "echo-reply": _icmp_types_fragments("icmpv6", "echo-reply"), "echo-request": _icmp_types_fragments("icmpv6", "echo-request"), "failed-policy": _icmp_types_fragments("icmpv6", "destination-unreachable", 5), "neighbour-advertisement": _icmp_types_fragments("icmpv6", "nd-neighbor-advert"), "neighbour-solicitation": _icmp_types_fragments("icmpv6", "nd-neighbor-solicit"), "no-route": _icmp_types_fragments("icmpv6", "destination-unreachable", 0), "packet-too-big": _icmp_types_fragments("icmpv6", "packet-too-big"), "parameter-problem": _icmp_types_fragments("icmpv6", "parameter-problem"), "port-unreachable": _icmp_types_fragments("icmpv6", "destination-unreachable", 4), "redirect": _icmp_types_fragments("icmpv6", "nd-redirect"), "reject-route": _icmp_types_fragments("icmpv6", "destination-unreachable", 6), "router-advertisement": _icmp_types_fragments("icmpv6", "nd-router-advert"), "router-solicitation": _icmp_types_fragments("icmpv6", "nd-router-solicit"), "time-exceeded": _icmp_types_fragments("icmpv6", "time-exceeded"), "ttl-zero-during-reassembly": _icmp_types_fragments("icmpv6", "time-exceeded", 1), "ttl-zero-during-transit": _icmp_types_fragments("icmpv6", "time-exceeded", 0), "unknown-header-type": _icmp_types_fragments("icmpv6", "parameter-problem", 1), "unknown-option": _icmp_types_fragments("icmpv6", "parameter-problem", 2), } } class nftables(object): name = "nftables" zones_supported = True def __init__(self, fw): self._fw = fw self.restore_command_exists = True self.available_tables = [] self.rule_to_handle = {} self.rule_ref_count = {} self.rich_rule_priority_counts = {} self.zone_source_index_cache = {} self.created_tables = {"inet": [], "ip": [], "ip6": []} self.nftables = Nftables() self.nftables.set_echo_output(True) self.nftables.set_handle_output(True) def _run_replace_zone_source(self, rule, zone_source_index_cache): for verb in ["add", "insert", "delete"]: if verb in rule: break if "%%ZONE_SOURCE%%" in rule[verb]["rule"]: zone_source = (rule[verb]["rule"]["%%ZONE_SOURCE%%"]["zone"], rule[verb]["rule"]["%%ZONE_SOURCE%%"]["address"]) del rule[verb]["rule"]["%%ZONE_SOURCE%%"] elif "%%ZONE_INTERFACE%%" in rule[verb]["rule"]: zone_source = None del rule[verb]["rule"]["%%ZONE_INTERFACE%%"] else: return family = rule[verb]["rule"]["family"] if zone_source and verb == "delete": if family in zone_source_index_cache and \ zone_source in zone_source_index_cache[family]: zone_source_index_cache[family].remove(zone_source) elif verb != "delete": if family not in zone_source_index_cache: zone_source_index_cache[family] = [] if zone_source: # order source based dispatch by zone name if zone_source not in zone_source_index_cache[family]: zone_source_index_cache[family].append(zone_source) zone_source_index_cache[family].sort(key=lambda x: x[0]) index = zone_source_index_cache[family].index(zone_source) else: if self._fw._allow_zone_drifting: index = 0 else: index = len(zone_source_index_cache[family]) _verb_snippet = rule[verb] del rule[verb] if index == 0: rule["insert"] = _verb_snippet else: index -= 1 # point to the rule before insertion point rule["add"] = _verb_snippet rule["add"]["rule"]["index"] = index def reverse_rule(self, dict): if "insert" in dict: return {"delete": copy.deepcopy(dict["insert"])} elif "add" in dict: return {"delete": copy.deepcopy(dict["add"])} else: raise FirewallError(UNKNOWN_ERROR, "Failed to reverse rule") def _set_rule_replace_rich_rule_priority(self, rule, rich_rule_priority_counts): for verb in ["add", "insert", "delete"]: if verb in rule: break if "%%RICH_RULE_PRIORITY%%" in rule[verb]["rule"]: priority = rule[verb]["rule"]["%%RICH_RULE_PRIORITY%%"] del rule[verb]["rule"]["%%RICH_RULE_PRIORITY%%"] if type(priority) != int: raise FirewallError(INVALID_RULE, "rich rule priority must be followed by a number") chain = (rule[verb]["rule"]["family"], rule[verb]["rule"]["chain"]) # family, chain # Add the rule to the priority counts. We don't need to store the # rule, just bump the ref count for the priority value. if verb == "delete": if chain not in rich_rule_priority_counts or \ priority not in rich_rule_priority_counts[chain] or \ rich_rule_priority_counts[chain][priority] <= 0: raise FirewallError(UNKNOWN_ERROR, "nonexistent or underflow of rich rule priority count") rich_rule_priority_counts[chain][priority] -= 1 else: if chain not in rich_rule_priority_counts: rich_rule_priority_counts[chain] = {} if priority not in rich_rule_priority_counts[chain]: rich_rule_priority_counts[chain][priority] = 0 # calculate index of new rule index = 0 for p in sorted(rich_rule_priority_counts[chain].keys()): if p == priority and verb == "insert": break index += rich_rule_priority_counts[chain][p] if p == priority and verb == "add": break rich_rule_priority_counts[chain][priority] += 1 _verb_snippet = rule[verb] del rule[verb] if index == 0: rule["insert"] = _verb_snippet else: index -= 1 # point to the rule before insertion point rule["add"] = _verb_snippet rule["add"]["rule"]["index"] = index def _get_rule_key(self, rule): for verb in ["add", "insert", "delete"]: if verb in rule and "rule" in rule[verb]: rule_key = copy.deepcopy(rule[verb]["rule"]) for non_key in ["index", "handle", "position"]: if non_key in rule_key: del rule_key[non_key] # str(rule_key) is insufficient because dictionary order is # not stable.. so abuse the JSON library rule_key = json.dumps(rule_key, sort_keys=True) return rule_key # Not a rule (it's a table, chain, etc) return None def set_rules(self, rules, log_denied): _valid_verbs = ["add", "insert", "delete", "flush", "replace"] _valid_add_verbs = ["add", "insert", "replace"] _deduplicated_rules = [] _executed_rules = [] rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) rule_ref_count = self.rule_ref_count.copy() for rule in rules: if type(rule) != dict: raise FirewallError(UNKNOWN_ERROR, "rule must be a dictionary, rule: %s" % (rule)) for verb in _valid_verbs: if verb in rule: break if verb not in rule: raise FirewallError(INVALID_RULE, "no valid verb found, rule: %s" % (rule)) rule_key = self._get_rule_key(rule) # rule deduplication if rule_key in rule_ref_count: log.debug2("%s: prev rule ref cnt %d, %s", self.__class__, rule_ref_count[rule_key], rule_key) if verb != "delete": rule_ref_count[rule_key] += 1 continue elif rule_ref_count[rule_key] > 1: rule_ref_count[rule_key] -= 1 continue elif rule_ref_count[rule_key] == 1: rule_ref_count[rule_key] -= 1 else: raise FirewallError(UNKNOWN_ERROR, "rule ref count bug: rule_key '%s', cnt %d" % (rule_key, rule_ref_count[rule_key])) elif rule_key and verb != "delete": rule_ref_count[rule_key] = 1 _deduplicated_rules.append(rule) _rule = copy.deepcopy(rule) if rule_key: # filter empty rule expressions. Rich rules add quite a bit of # them, but it makes the rest of the code simpler. libnftables # does not tolerate them. _rule[verb]["rule"]["expr"] = list(filter(None, _rule[verb]["rule"]["expr"])) self._set_rule_replace_rich_rule_priority(_rule, rich_rule_priority_counts) self._run_replace_zone_source(_rule, zone_source_index_cache) # delete using rule handle if verb == "delete": _rule = {"delete": {"rule": {"family": _rule["delete"]["rule"]["family"], "table": _rule["delete"]["rule"]["table"], "chain": _rule["delete"]["rule"]["chain"], "handle": self.rule_to_handle[rule_key]}}} _executed_rules.append(_rule) json_blob = {"nftables": [{"metainfo": {"json_schema_version": 1}}] + _executed_rules} if log.getDebugLogLevel() >= 3: # guarded with if statement because json.dumps() is expensive. log.debug3("%s: calling python-nftables with JSON blob: %s", self.__class__, json.dumps(json_blob)) rc, output, error = self.nftables.json_cmd(json_blob) if rc != 0: raise ValueError("'%s' failed: %s\nJSON blob:\n%s" % ("python-nftables", error, json.dumps(json_blob))) self.rich_rule_priority_counts = rich_rule_priority_counts self.zone_source_index_cache = zone_source_index_cache self.rule_ref_count = rule_ref_count index = 0 for rule in _deduplicated_rules: index += 1 # +1 due to metainfo rule_key = self._get_rule_key(rule) if not rule_key: continue if "delete" in rule: del self.rule_to_handle[rule_key] del self.rule_ref_count[rule_key] continue for verb in _valid_add_verbs: if verb in output["nftables"][index]: break if verb not in output["nftables"][index]: continue self.rule_to_handle[rule_key] = output["nftables"][index][verb]["rule"]["handle"] def set_rule(self, rule, log_denied): self.set_rules([rule], log_denied) return "" def get_available_tables(self, table=None): # Tables always exist in nftables return [table] if table else IPTABLES_TO_NFT_HOOK.keys() def build_flush_rules(self): # Policy is stashed in a separate table that we're _not_ going to # flush. As such, we retain the policy rule handles and ref counts. saved_rule_to_handle = {} saved_rule_ref_count = {} for rule in self._build_set_policy_rules_ct_rules(True): policy_key = self._get_rule_key(rule) if policy_key in self.rule_to_handle: saved_rule_to_handle[policy_key] = self.rule_to_handle[policy_key] saved_rule_ref_count[policy_key] = self.rule_ref_count[policy_key] self.rule_to_handle = saved_rule_to_handle self.rule_ref_count = saved_rule_ref_count self.rich_rule_priority_counts = {} self.zone_source_index_cache = {} rules = [] for family in ["inet", "ip", "ip6"]: if TABLE_NAME in self.created_tables[family]: rules.append({"delete": {"table": {"family": family, "name": TABLE_NAME}}}) self.created_tables[family].remove(TABLE_NAME) return rules def _build_set_policy_rules_ct_rules(self, enable): add_del = { True: "add", False: "delete" }[enable] rules = [] for hook in ["input", "forward", "output"]: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME_POLICY, "chain": "%s_%s" % ("filter", hook), "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) return rules def build_set_policy_rules(self, policy): # Policy is not exposed to the user. It's only to make sure we DROP # packets while reloading and for panic mode. As such, using hooks with # a higher priority than our base chains is sufficient. rules = [] if policy == "PANIC": rules.append({"add": {"table": {"family": "inet", "name": TABLE_NAME_POLICY}}}) self.created_tables["inet"].append(TABLE_NAME_POLICY) # Use "raw" priority for panic mode. This occurs before # conntrack, mangle, nat, etc for hook in ["prerouting", "output"]: rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME_POLICY, "name": "%s_%s" % ("raw", hook), "type": "filter", "hook": hook, "prio": -300 + NFT_HOOK_OFFSET - 1, "policy": "drop"}}}) if policy == "DROP": rules.append({"add": {"table": {"family": "inet", "name": TABLE_NAME_POLICY}}}) self.created_tables["inet"].append(TABLE_NAME_POLICY) # To drop everything except existing connections we use # "filter" because it occurs _after_ conntrack. for hook in ["input", "forward", "output"]: rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME_POLICY, "name": "%s_%s" % ("filter", hook), "type": "filter", "hook": hook, "prio": 0 + NFT_HOOK_OFFSET - 1, "policy": "drop"}}}) rules += self._build_set_policy_rules_ct_rules(True) elif policy == "ACCEPT": for rule in self._build_set_policy_rules_ct_rules(False): policy_key = self._get_rule_key(rule) if policy_key in self.rule_to_handle: rules.append(rule) if TABLE_NAME_POLICY in self.created_tables["inet"]: rules.append({"delete": {"table": {"family": "inet", "name": TABLE_NAME_POLICY}}}) self.created_tables["inet"].remove(TABLE_NAME_POLICY) else: FirewallError(UNKNOWN_ERROR, "not implemented") return rules def supported_icmp_types(self): # nftables supports any icmp_type via arbitrary type/code matching. # We just need a translation for it in ICMP_TYPES_FRAGMENTS. supported = set() for ipv in ICMP_TYPES_FRAGMENTS.keys(): supported.update(ICMP_TYPES_FRAGMENTS[ipv].keys()) return list(supported) def build_default_tables(self): default_tables = [] for family in ["inet", "ip", "ip6"]: default_tables.append({"add": {"table": {"family": family, "name": TABLE_NAME}}}) self.created_tables[family].append(TABLE_NAME) return default_tables def build_default_rules(self, log_denied="off"): default_rules = [] for chain in IPTABLES_TO_NFT_HOOK["raw"].keys(): default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "raw_%s" % chain, "type": "filter", "hook": "%s" % IPTABLES_TO_NFT_HOOK["raw"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["raw"][chain][1]}}}) for chain in ["PREROUTING"]: for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "raw_%s_%s" % (chain, dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "raw_%s" % chain, "expr": [{"jump": {"target": "raw_%s_%s" % (chain, dispatch_suffix)}}]}}}) for chain in IPTABLES_TO_NFT_HOOK["mangle"].keys(): default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "mangle_%s" % chain, "type": "filter", "hook": "%s" % IPTABLES_TO_NFT_HOOK["mangle"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["mangle"][chain][1]}}}) for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "mangle_%s_%s" % (chain, dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "mangle_%s" % chain, "expr": [{"jump": {"target": "mangle_%s_%s" % (chain, dispatch_suffix)}}]}}}) for family in ["ip", "ip6"]: for chain in IPTABLES_TO_NFT_HOOK["nat"].keys(): default_rules.append({"add": {"chain": {"family": family, "table": TABLE_NAME, "name": "nat_%s" % chain, "type": "nat", "hook": "%s" % IPTABLES_TO_NFT_HOOK["nat"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["nat"][chain][1]}}}) for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules.append({"add": {"chain": {"family": family, "table": TABLE_NAME, "name": "nat_%s_%s" % (chain, dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": family, "table": TABLE_NAME, "chain": "nat_%s" % chain, "expr": [{"jump": {"target": "nat_%s_%s" % (chain, dispatch_suffix)}}]}}}) for chain in IPTABLES_TO_NFT_HOOK["filter"].keys(): default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s" % chain, "type": "filter", "hook": "%s" % IPTABLES_TO_NFT_HOOK["filter"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["filter"][chain][1]}}}) # filter, INPUT default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": None}]}}}) for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("INPUT", dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"jump": {"target": "filter_%s_%s" % ("INPUT", dispatch_suffix)}}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, self._pkttype_match_fragment(log_denied), {"log": {"prefix": "STATE_INVALID_DROP: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": None}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [self._pkttype_match_fragment(log_denied), {"log": {"prefix": "FINAL_REJECT: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}) # filter, FORWARD default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": None}]}}}) for direction in ["IN", "OUT"]: for dispatch_suffix in ["ZONES_SOURCE", "ZONES"] if self._fw._allow_zone_drifting else ["ZONES"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s_%s" % ("FORWARD", direction, dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"jump": {"target": "filter_%s_%s_%s" % ("FORWARD", direction, dispatch_suffix)}}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, self._pkttype_match_fragment(log_denied), {"log": {"prefix": "STATE_INVALID_DROP: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": None}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [self._pkttype_match_fragment(log_denied), {"log": {"prefix": "FINAL_REJECT: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}) # filter, OUTPUT default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": None}]}}}) return default_rules def get_zone_table_chains(self, table): if table == "filter": return ["INPUT", "FORWARD_IN", "FORWARD_OUT"] if table == "mangle": return ["PREROUTING"] if table == "nat": return ["PREROUTING", "POSTROUTING"] if table == "raw": return ["PREROUTING"] return [] def build_zone_source_interface_rules(self, enable, zone, interface, table, chain, append=False, family="inet"): # nat tables needs to use ip/ip6 family if table == "nat" and family == "inet": rules = [] rules.extend(self.build_zone_source_interface_rules(enable, zone, interface, table, chain, append, "ip")) rules.extend(self.build_zone_source_interface_rules(enable, zone, interface, table, chain, append, "ip6")) return rules opt = { "PREROUTING": "iifname", "POSTROUTING": "oifname", "INPUT": "iifname", "FORWARD_IN": "iifname", "FORWARD_OUT": "oifname", "OUTPUT": "oifname", }[chain] if interface[len(interface)-1] == "+": interface = interface[:len(interface)-1] + "*" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) action = "goto" if interface == "*": expr_fragments = [{action: {"target": "%s_%s" % (table, target)}}] else: expr_fragments = [{"match": {"left": {"meta": {"key": opt}}, "op": "==", "right": interface}}, {action: {"target": "%s_%s" % (table, target)}}] if enable and not append: verb = "insert" rule = {"family": family, "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": expr_fragments} rule.update(self._zone_interface_fragment()) elif enable: verb = "add" rule = {"family": family, "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": expr_fragments} else: verb = "delete" rule = {"family": family, "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": expr_fragments} if not append: rule.update(self._zone_interface_fragment()) return [{verb: {"rule": rule}}] def build_zone_source_address_rules(self, enable, zone, address, table, chain, family="inet"): # nat tables needs to use ip/ip6 family if table == "nat" and family == "inet": rules = [] if address.startswith("ipset:"): ipset_family = self._set_get_family(address[len("ipset:"):]) else: ipset_family = None if check_address("ipv4", address) or check_mac(address) or ipset_family == "ip": rules.extend(self.build_zone_source_address_rules(enable, zone, address, table, chain, "ip")) if check_address("ipv6", address) or check_mac(address) or ipset_family == "ip6": rules.extend(self.build_zone_source_address_rules(enable, zone, address, table, chain, "ip6")) return rules add_del = { True: "insert", False: "delete" }[enable] opt = { "PREROUTING": "saddr", "POSTROUTING": "daddr", "INPUT": "saddr", "FORWARD_IN": "saddr", "FORWARD_OUT": "daddr", "OUTPUT": "daddr", }[chain] if self._fw._allow_zone_drifting: zone_dispatch_chain = "%s_%s_ZONES_SOURCE" % (table, chain) else: zone_dispatch_chain = "%s_%s_ZONES" % (table, chain) target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) action = "goto" rule = {"family": family, "table": TABLE_NAME, "chain": zone_dispatch_chain, "expr": [self._rule_addr_fragment(opt, address), {action: {"target": "%s_%s" % (table, target)}}]} rule.update(self._zone_source_fragment(zone, address)) return [{add_del: {"rule": rule}}] def build_zone_chain_rules(self, zone, table, chain, family="inet"): # nat tables needs to use ip/ip6 family if table == "nat" and family == "inet": rules = [] rules.extend(self.build_zone_chain_rules(zone, table, chain, "ip")) rules.extend(self.build_zone_chain_rules(zone, table, chain, "ip6")) return rules _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) rules = [] rules.append({"add": {"chain": {"family": family, "table": TABLE_NAME, "name": "%s_%s" % (table, _zone)}}}) for chain_suffix in ["pre", "log", "deny", "allow", "post"]: rules.append({"add": {"chain": {"family": family, "table": TABLE_NAME, "name": "%s_%s_%s" % (table, _zone, chain_suffix)}}}) for chain_suffix in ["pre", "log", "deny", "allow", "post"]: rules.append({"add": {"rule": {"family": family, "table": TABLE_NAME, "chain": "%s_%s" % (table, _zone), "expr": [{"jump": {"target": "%s_%s_%s" % (table, _zone, chain_suffix)}}]}}}) target = self._fw.zone._zones[zone].target if self._fw.get_log_denied() != "off": if table == "filter" and \ chain in ["INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT"]: if target in ["REJECT", "%%REJECT%%", "DROP"]: log_suffix = target if target == "%%REJECT%%": log_suffix = "REJECT" rules.append({"add": {"rule": {"family": family, "table": TABLE_NAME, "chain": "%s_%s" % (table, _zone), "expr": [self._pkttype_match_fragment(self._fw.get_log_denied()), {"log": {"prefix": "\"filter_%s_%s: \"" % (_zone, log_suffix)}}]}}}) # Handle trust, block and drop zones: # Add an additional rule with the zone target (accept, reject # or drop) to the base zone only in the filter table. # Otherwise it is not be possible to have a zone with drop # target, that is allowing traffic that is locally initiated # or that adds additional rules. (RHBZ#1055190) if table == "filter" and \ target in ["ACCEPT", "REJECT", "%%REJECT%%", "DROP"] and \ chain in ["INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT"]: if target == "%%REJECT%%": target_fragment = self._reject_fragment() else: target_fragment = {target.lower(): None} rules.append({"add": {"rule": {"family": family, "table": TABLE_NAME, "chain": "%s_%s" % (table, _zone), "expr": [target_fragment]}}}) return rules def _pkttype_match_fragment(self, pkttype): if pkttype == "all": return {} elif pkttype in ["unicast", "broadcast", "multicast"]: return {"match": {"left": {"meta": {"key": "pkttype"}}, "op": "==", "right": pkttype}} raise FirewallError(INVALID_RULE, "Invalid pkttype \"%s\"", pkttype) def _reject_types_fragment(self, reject_type): frags = { # REJECT_TYPES : "icmp-host-prohibited" : {"reject": {"type": "icmp", "expr": "host-prohibited"}}, "host-prohib" : {"reject": {"type": "icmp", "expr": "host-prohibited"}}, "icmp-net-prohibited" : {"reject": {"type": "icmp", "expr": "net-prohibited"}}, "net-prohib" : {"reject": {"type": "icmp", "expr": "net-prohibited"}}, "icmp-admin-prohibited" : {"reject": {"type": "icmp", "expr": "admin-prohibited"}}, "admin-prohib" : {"reject": {"type": "icmp", "expr": "admin-prohibited"}}, "icmp6-adm-prohibited" : {"reject": {"type": "icmpv6", "expr": "admin-prohibited"}}, "adm-prohibited" : {"reject": {"type": "icmpv6", "expr": "admin-prohibited"}}, "icmp-net-unreachable" : {"reject": {"type": "icmp", "expr": "net-unreachable"}}, "net-unreach" : {"reject": {"type": "icmp", "expr": "net-unreachable"}}, "icmp-host-unreachable" : {"reject": {"type": "icmp", "expr": "host-unreachable"}}, "host-unreach" : {"reject": {"type": "icmp", "expr": "host-unreachable"}}, "icmp-port-unreachable" : {"reject": {"type": "icmp", "expr": "port-unreachable"}}, "icmp6-port-unreachable" : {"reject": {"type": "icmpv6", "expr": "port-unreachable"}}, "port-unreach" : {"reject": {"type": "icmpx", "expr": "port-unreachable"}}, "icmp-proto-unreachable" : {"reject": {"type": "icmp", "expr": "prot-unreachable"}}, "proto-unreach" : {"reject": {"type": "icmp", "expr": "prot-unreachable"}}, "icmp6-addr-unreachable" : {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}, "addr-unreach" : {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}, "icmp6-no-route" : {"reject": {"type": "icmpv6", "expr": "no-route"}}, "no-route" : {"reject": {"type": "icmpv6", "expr": "no-route"}}, "tcp-reset" : {"reject": {"type": "tcp reset"}}, "tcp-rst" : {"reject": {"type": "tcp reset"}}, } return frags[reject_type] def _reject_fragment(self): return {"reject": {"type": "icmpx", "expr": "admin-prohibited"}} def _icmp_match_fragment(self): return {"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}} def _rich_rule_limit_fragment(self, limit): if not limit: return {} rich_to_nft = { "s" : "second", "m" : "minute", "h" : "hour", "d" : "day", } try: i = limit.value.index("/") except ValueError: raise FirewallError(INVALID_RULE, "Expected '/' in limit") return {"limit": {"rate": int(limit.value[0:i]), "per": rich_to_nft[limit.value[i+1]]}} def _rich_rule_chain_suffix(self, rich_rule): if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock]: # These are special and don't have an explicit action pass elif rich_rule.action: if type(rich_rule.action) not in [Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark]: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) else: raise FirewallError(INVALID_RULE, "No rule action specified.") if rich_rule.priority == 0: if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort] or \ type(rich_rule.action) in [Rich_Accept, Rich_Mark]: return "allow" elif type(rich_rule.element) in [Rich_IcmpBlock] or \ type(rich_rule.action) in [Rich_Reject, Rich_Drop]: return "deny" elif rich_rule.priority < 0: return "pre" else: return "post" def _rich_rule_chain_suffix_from_log(self, rich_rule): if not rich_rule.log and not rich_rule.audit: raise FirewallError(INVALID_RULE, "Not log or audit") if rich_rule.priority == 0: return "log" elif rich_rule.priority < 0: return "pre" else: return "post" def _zone_interface_fragment(self): return {"%%ZONE_INTERFACE%%": None} def _zone_source_fragment(self, zone, address): if check_single_address("ipv6", address): address = normalizeIP6(address) elif check_address("ipv6", address): addr_split = address.split("/") address = normalizeIP6(addr_split[0]) + "/" + addr_split[1] return {"%%ZONE_SOURCE%%": {"zone": zone, "address": address}} def _rich_rule_priority_fragment(self, rich_rule): if not rich_rule or rich_rule.priority == 0: return {} return {"%%RICH_RULE_PRIORITY%%": rich_rule.priority} def _rich_rule_log(self, rich_rule, enable, table, target, expr_fragments): if not rich_rule.log: return {} add_del = { True: "add", False: "delete" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) log_options = {} if rich_rule.log.prefix: log_options["prefix"] = "%s" % rich_rule.log.prefix if rich_rule.log.level: log_options["level"] = "%s" % rich_rule.log.level rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_%s" % (table, target, chain_suffix), "expr": expr_fragments + [{"log": log_options}, self._rich_rule_limit_fragment(rich_rule.log.limit)]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return {add_del: {"rule": rule}} def _rich_rule_audit(self, rich_rule, enable, table, target, expr_fragments): if not rich_rule.audit: return {} add_del = { True: "add", False: "delete" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_%s" % (table, target, chain_suffix), "expr": expr_fragments + [{"log": {"level": "audit"}}, self._rich_rule_limit_fragment(rich_rule.audit.limit)]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return {add_del: {"rule": rule}} def _rich_rule_action(self, zone, rich_rule, enable, table, target, expr_fragments): if not rich_rule.action: return {} add_del = { True: "add", False: "delete" }[enable] chain_suffix = self._rich_rule_chain_suffix(rich_rule) chain = "%s_%s_%s" % (table, target, chain_suffix) if type(rich_rule.action) == Rich_Accept: rule_action = {"accept": None} elif type(rich_rule.action) == Rich_Reject: if rich_rule.action.type: rule_action = self._reject_types_fragment(rich_rule.action.type) else: rule_action = {"reject": None} elif type(rich_rule.action) == Rich_Drop: rule_action = {"drop": None} elif type(rich_rule.action) == Rich_Mark: target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], zone=zone) table = "mangle" chain = "%s_%s_%s" % (table, target, chain_suffix) rule_action = {"mangle": {"key": {"meta": {"key": "mark"}}, "value": rich_rule.action.set}} else: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) rule = {"family": "inet", "table": TABLE_NAME, "chain": chain, "expr": expr_fragments + [self._rich_rule_limit_fragment(rich_rule.action.limit), rule_action]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return {add_del: {"rule": rule}} def _rule_addr_fragment(self, addr_field, address, invert=False): if address.startswith("ipset:"): return self._set_match_fragment(address[len("ipset:"):], True if "daddr" == addr_field else False, invert) else: if check_mac(address): if addr_field == "daddr": raise FirewallError(INVALID_RULE, "%s._rule_addr_fragment()", (self.__class__)) family = "ether" if check_single_address("ipv4", address): family = "ip" elif check_address("ipv4", address): family = "ip" addr_len = address.split("/") address = {"prefix": {"addr": addr_len[0], "len": int(addr_len[1])}} elif check_single_address("ipv6", address): family = "ip6" address = normalizeIP6(address) else: family = "ip6" addr_len = address.split("/") address = {"prefix": {"addr": normalizeIP6(addr_len[0]), "len": int(addr_len[1])}} return {"match": {"left": {"payload": {"protocol": family, "field": addr_field}}, "op": "!=" if invert else "==", "right": address}} def _rich_rule_family_fragment(self, rich_family): if not rich_family: return {} if rich_family not in ["ipv4", "ipv6"]: raise FirewallError(INVALID_RULE, "Invalid family" % rich_family) return {"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": rich_family}} def _rich_rule_destination_fragment(self, rich_dest): if not rich_dest: return {} return self._rule_addr_fragment("daddr", rich_dest.addr, invert=rich_dest.invert) def _rich_rule_source_fragment(self, rich_source): if not rich_source: return {} if rich_source.addr: address = rich_source.addr elif hasattr(rich_source, "mac") and rich_source.mac: address = rich_source.mac elif hasattr(rich_source, "ipset") and rich_source.ipset: address = "ipset:" + rich_source.ipset return self._rule_addr_fragment("saddr", address, invert=rich_source.invert) def _port_fragment(self, port): range = getPortRange(port) if isinstance(range, int) and range < 0: raise FirewallError(INVALID_PORT) elif len(range) == 1: return range[0] else: return {"range": [range[0], range[1]]} def build_zone_ports_rules(self, enable, zone, proto, port, destination=None, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.append({"match": {"left": {"payload": {"protocol": proto, "field": "dport"}}, "op": "==", "right": self._port_fragment(port)}}) if not rich_rule or type(rich_rule.action) != Rich_Mark: expr_fragments.append({"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}) rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, expr_fragments)) else: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_allow" % (table, target), "expr": expr_fragments + [{"accept": None}]}}}) return rules def build_zone_protocol_rules(self, enable, zone, protocol, destination=None, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.append({"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": protocol}}) if not rich_rule or type(rich_rule.action) != Rich_Mark: expr_fragments.append({"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}) rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, expr_fragments)) else: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_allow" % (table, target), "expr": expr_fragments + [{"accept": None}]}}}) return rules def build_zone_source_ports_rules(self, enable, zone, proto, port, destination=None, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.append({"match": {"left": {"payload": {"protocol": proto, "field": "sport"}}, "op": "==", "right": self._port_fragment(port)}}) if not rich_rule or type(rich_rule.action) != Rich_Mark: expr_fragments.append({"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}) rules = [] if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, expr_fragments)) else: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_allow" % (table, target), "expr": expr_fragments + [{"accept": None}]}}}) return rules def build_zone_helper_ports_rules(self, enable, zone, proto, port, destination, helper_name, module_short_name): add_del = { True: "add", False: "delete" }[enable] rules = [] if enable: rules.append({"add": {"ct helper": {"family": "inet", "table": TABLE_NAME, "name": "helper-%s-%s" % (helper_name, proto), "type": module_short_name, "protocol": proto}}}) target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) expr_fragments = [] if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) expr_fragments.append({"match": {"left": {"payload": {"protocol": proto, "field": "dport"}}, "op": "==", "right": self._port_fragment(port)}}) expr_fragments.append({"ct helper": "helper-%s-%s" % (helper_name, proto)}) rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s_allow" % (target), "expr": expr_fragments}}}) return rules def _build_zone_masquerade_nat_rules(self, enable, zone, family, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["POSTROUTING"], zone=zone) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) chain_suffix = self._rich_rule_chain_suffix(rich_rule) else: chain_suffix = "allow" rule = {"family": family, "table": TABLE_NAME, "chain": "nat_%s_%s" % (target, chain_suffix), "expr": expr_fragments + [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "!=", "right": "lo"}}, {"masquerade": None}]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return [{add_del: {"rule": rule}}] def build_zone_masquerade_rules(self, enable, zone, rich_rule=None): # nat tables needs to use ip/ip6 family rules = [] if rich_rule and (rich_rule.family and rich_rule.family == "ipv6" or rich_rule.source and check_address("ipv6", rich_rule.source.addr)): rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip6", rich_rule)) elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4" or rich_rule.source and check_address("ipv4", rich_rule.source.addr)): rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip", rich_rule)) else: rules.extend(self._build_zone_masquerade_nat_rules(enable, zone, "ip", rich_rule)) add_del = { True: "add", False: "delete" }[enable] target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["FORWARD_OUT"], zone=zone) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) chain_suffix = self._rich_rule_chain_suffix(rich_rule) else: chain_suffix = "allow" rule = {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s_%s" % (target, chain_suffix), "expr": expr_fragments + [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": None}]} rule.update(self._rich_rule_priority_fragment(rich_rule)) rules.append({add_del: {"rule": rule}}) return rules def _build_zone_forward_port_nat_rules(self, enable, zone, port, protocol, toaddr, toport, family, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["PREROUTING"], zone=zone) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) chain_suffix = self._rich_rule_chain_suffix(rich_rule) else: chain_suffix = "allow" expr_fragments.append({"match": {"left": {"payload": {"protocol": protocol, "field": "dport"}}, "op": "==", "right": self._port_fragment(port)}}) if toaddr: if check_single_address("ipv6", toaddr): toaddr = normalizeIP6(toaddr) if toport and toport != "": expr_fragments.append({"dnat": {"addr": toaddr, "port": self._port_fragment(toport)}}) else: expr_fragments.append({"dnat": {"addr": toaddr}}) else: expr_fragments.append({"redirect": {"port": self._port_fragment(toport)}}) rule = {"family": family, "table": TABLE_NAME, "chain": "nat_%s_%s" % (target, chain_suffix), "expr": expr_fragments} rule.update(self._rich_rule_priority_fragment(rich_rule)) return [{add_del: {"rule": rule}}] def build_zone_forward_port_rules(self, enable, zone, port, protocol, toport, toaddr, rich_rule=None): rules = [] if rich_rule and (rich_rule.family and rich_rule.family == "ipv6" or toaddr and check_single_address("ipv6", toaddr)): rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, port, protocol, toaddr, toport, "ip6", rich_rule)) elif rich_rule and (rich_rule.family and rich_rule.family == "ipv4" or toaddr and check_single_address("ipv4", toaddr)): rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, port, protocol, toaddr, toport, "ip", rich_rule)) else: if toaddr and check_single_address("ipv6", toaddr): rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, port, protocol, toaddr, toport, "ip6", rich_rule)) else: rules.extend(self._build_zone_forward_port_nat_rules(enable, zone, port, protocol, toaddr, toport, "ip", rich_rule)) return rules def _icmp_types_to_nft_fragments(self, ipv, icmp_type): if icmp_type in ICMP_TYPES_FRAGMENTS[ipv]: return ICMP_TYPES_FRAGMENTS[ipv][icmp_type] else: raise FirewallError(INVALID_ICMPTYPE, "ICMP type '%s' not supported by %s" % (icmp_type, self.name)) def build_zone_icmp_block_rules(self, enable, zone, ict, rich_rule=None): table = "filter" add_del = { True: "add", False: "delete" }[enable] if rich_rule and rich_rule.ipvs: ipvs = rich_rule.ipvs elif ict.destination: ipvs = [] if "ipv4" in ict.destination: ipvs.append("ipv4") if "ipv6" in ict.destination: ipvs.append("ipv6") else: ipvs = ["ipv4", "ipv6"] rules = [] for ipv in ipvs: for chain in ["INPUT", "FORWARD_IN"]: target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) if self._fw.zone.query_icmp_block_inversion(zone): final_chain = "%s_%s_allow" % (table, target) target_fragment = {"accept": None} else: final_chain = "%s_%s_deny" % (table, target) target_fragment = self._reject_fragment() expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.extend(self._icmp_types_to_nft_fragments(ipv, ict.name)) if rich_rule: rules.append(self._rich_rule_log(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, expr_fragments)) if rich_rule.action: rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, expr_fragments)) else: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_%s" % (table, target, chain_suffix), "expr": expr_fragments + [self._reject_fragment()]} rule.update(self._rich_rule_priority_fragment(rich_rule)) rules.append({add_del: {"rule": rule}}) else: if self._fw.get_log_denied() != "off" and self._fw.zone.query_icmp_block_inversion(zone): rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": final_chain, "expr": (expr_fragments + [self._pkttype_match_fragment(self._fw.get_log_denied()), {"log": {"prefix": "\"%s_%s_ICMP_BLOCK: \"" % (table, zone)}}])}}}) rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": final_chain, "expr": expr_fragments + [target_fragment]}}}) return rules def build_zone_icmp_block_inversion_rules(self, enable, zone): table = "filter" rules = [] add_del = { True: "add", False: "delete" }[enable] for chain in ["INPUT", "FORWARD_IN"]: _zone = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone) if self._fw.zone.query_icmp_block_inversion(zone): target_fragment = self._reject_fragment() else: target_fragment = {"accept": None} # WARN: The "index" used here must be kept in sync with # build_zone_chain_rules() # rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _zone), "index": 4, "expr": [self._icmp_match_fragment(), target_fragment]}}}) if self._fw.get_log_denied() != "off" and self._fw.zone.query_icmp_block_inversion(zone): rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _zone), "index": 4, "expr": [self._icmp_match_fragment(), self._pkttype_match_fragment(self._fw.get_log_denied()), {"log": {"prefix": "%s_%s_ICMP_BLOCK: " % (table, _zone)}}]}}}) return rules def build_rpfilter_rules(self, log_denied=False): rules = [] expr_fragments = [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": False}}] if log_denied != "off": expr_fragments.append({"log": {"prefix": "rpfilter_DROP: "}}) expr_fragments.append({"drop": None}) rules.append({"insert": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "raw_PREROUTING", "expr": expr_fragments}}}) # RHBZ#1058505, RHBZ#1575431 (bug in kernel 4.16-4.17) rules.append({"insert": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": None}]}}}) return rules def build_rfc3964_ipv4_rules(self): daddr_set = ["::0.0.0.0/96", # IPv4 compatible "::ffff:0.0.0.0/96", # IPv4 mapped "2002:0000::/24", # 0.0.0.0/8 (the system has no address assigned yet) "2002:0a00::/24", # 10.0.0.0/8 (private) "2002:7f00::/24", # 127.0.0.0/8 (loopback) "2002:ac10::/28", # 172.16.0.0/12 (private) "2002:c0a8::/32", # 192.168.0.0/16 (private) "2002:a9fe::/32", # 169.254.0.0/16 (IANA Assigned DHCP link-local) "2002:e000::/19", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) ] daddr_set = [{"prefix": {"addr": x.split("/")[0], "len": int(x.split("/")[1])}} for x in daddr_set] expr_fragments = [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": daddr_set}}}] if self._fw._log_denied in ["unicast", "all"]: expr_fragments.append({"log": {"prefix": "RFC3964_IPv4_REJECT: "}}) expr_fragments.append(self._reject_types_fragment("addr-unreach")) rules = [] # WARN: index must be kept in sync with build_default_rules() rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_OUTPUT", "index": 0, "expr": expr_fragments}}}) rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_FORWARD", "index": 2, "expr": expr_fragments}}}) return rules def build_zone_rich_source_destination_rules(self, enable, zone, rich_rule): table = "filter" target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS["INPUT"], zone=zone) expr_fragments = [] expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) rules = [] rules.append(self._rich_rule_log(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_audit(rich_rule, enable, table, target, expr_fragments)) rules.append(self._rich_rule_action(zone, rich_rule, enable, table, target, expr_fragments)) return rules def is_ipv_supported(self, ipv): if ipv in ["ipv4", "ipv6", "eb"]: return True return False def _set_type_list(self, ipv, type): ipv_addr = { "ipv4" : "ipv4_addr", "ipv6" : "ipv6_addr", } types = { "hash:ip" : ipv_addr[ipv], "hash:ip,port" : [ipv_addr[ipv], "inet_proto", "inet_service"], "hash:ip,port,ip" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:ip,port,net" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:ip,mark" : [ipv_addr[ipv], "mark"], "hash:net" : ipv_addr[ipv], "hash:net,port" : [ipv_addr[ipv], "inet_proto", "inet_service"], "hash:net,port,ip" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:net,port,net" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:net,iface" : [ipv_addr[ipv], "ifname"], "hash:mac" : "ether_addr", } if type in types: return types[type] else: raise FirewallError(INVALID_TYPE, "ipset type name '%s' is not valid" % type) def build_set_create_rules(self, name, type, options=None): if options and "family" in options and options["family"] == "inet6": ipv = "ipv6" else: ipv = "ipv4" set_dict = {"table": TABLE_NAME, "name": name, "type": self._set_type_list(ipv, type)} # Some types need the interval flag for t in type.split(":")[1].split(","): if t in ["net", "port"]: set_dict["flags"] = ["interval"] break if options: if "timeout" in options: set_dict["timeout"] = options["timeout"] if "maxelem" in options: set_dict["size"] = options["maxelem"] rules = [] for family in ["inet", "ip", "ip6"]: rule_dict = {"family": family} rule_dict.update(set_dict) rules.append({"add": {"set": rule_dict}}) return rules def set_create(self, name, type, options=None): rules = self.build_set_create_rules(name, type, options) self.set_rules(rules, self._fw.get_log_denied()) def set_destroy(self, name): for family in ["inet", "ip", "ip6"]: rule = {"delete": {"set": {"family": family, "table": TABLE_NAME, "name": name}}} self.set_rule(rule, self._fw.get_log_denied()) def _set_match_fragment(self, name, match_dest, invert=False): type_format = self._fw.ipset.get_ipset(name).type.split(":")[1].split(",") fragments = [] for i in range(len(type_format)): if type_format[i] == "port": fragments.append({"meta": {"key": "l4proto"}}) fragments.append({"payload": {"protocol": "th", "field": "dport" if match_dest else "sport"}}) elif type_format[i] in ["ip", "net", "mac"]: fragments.append({"payload": {"protocol": self._set_get_family(name), "field": "daddr" if match_dest else "saddr"}}) elif type_format[i] == "iface": fragments.append({"meta": {"key": "iifname" if match_dest else "oifname"}}) elif type_format[i] == "mark": fragments.append({"meta": {"key": "mark"}}) else: raise FirewallError("Unsupported ipset type for match fragment: %s" % (type_format[i])) return {"match": {"left": {"concat": fragments} if len(type_format) > 1 else fragments[0], "op": "!=" if invert else "==", "right": "@" + name}} def _set_entry_fragment(self, name, entry): # convert something like # 1.2.3.4,sctp:8080 (type hash:ip,port) # to # ["1.2.3.4", "sctp", "8080"] obj = self._fw.ipset.get_ipset(name) type_format = obj.type.split(":")[1].split(",") entry_tokens = entry.split(",") if len(type_format) != len(entry_tokens): raise FirewallError(INVALID_ENTRY, "Number of values does not match ipset type.") fragment = [] for i in range(len(type_format)): if type_format[i] == "port": try: index = entry_tokens[i].index(":") except ValueError: # no protocol means default tcp fragment.append("tcp") port_str = entry_tokens[i] else: fragment.append(entry_tokens[i][:index]) port_str = entry_tokens[i][index+1:] try: index = entry_tokens[i].index("-") except ValueError: fragment.append(port_str) else: fragment.append({"range": [port_str[:index], port_str[index+1:]]}) elif type_format[i] in ["ip", "net"]: try: index = entry_tokens[i].index("/") except ValueError: addr = entry_tokens[i] if "family" in obj.options and obj.options["family"] == "inet6": addr = normalizeIP6(addr) fragment.append(addr) else: addr = entry_tokens[i][:index] if "family" in obj.options and obj.options["family"] == "inet6": addr = normalizeIP6(addr) fragment.append({"prefix": {"addr": addr, "len": int(entry_tokens[i][index+1:])}}) else: fragment.append(entry_tokens[i]) return [{"concat": fragment}] if len(type_format) > 1 else fragment def build_set_add_rules(self, name, entry): rules = [] element = self._set_entry_fragment(name, entry) for family in ["inet", "ip", "ip6"]: rules.append({"add": {"element": {"family": family, "table": TABLE_NAME, "name": name, "elem": element}}}) return rules def set_add(self, name, entry): rules = self.build_set_add_rules(name, entry) self.set_rules(rules, self._fw.get_log_denied()) def set_delete(self, name, entry): element = self._set_entry_fragment(name, entry) for family in ["inet", "ip", "ip6"]: rule = {"delete": {"element": {"family": family, "table": TABLE_NAME, "name": name, "elem": element}}} self.set_rule(rule, self._fw.get_log_denied()) def build_set_flush_rules(self, name): rules = [] for family in ["inet", "ip", "ip6"]: rule = {"flush": {"set": {"family": family, "table": TABLE_NAME, "name": name}}} rules.append(rule) return rules def set_flush(self, name): rules = self.build_set_flush_rules(name) self.set_rules(rules, self._fw.get_log_denied()) def _set_get_family(self, name): ipset = self._fw.ipset.get_ipset(name) if ipset.type == "hash:mac": family = "ether" elif ipset.options and "family" in ipset.options \ and ipset.options["family"] == "inet6": family = "ip6" else: family = "ip" return family def set_restore(self, set_name, type_name, entries, create_options=None, entry_options=None): rules = [] rules.extend(self.build_set_create_rules(set_name, type_name, create_options)) rules.extend(self.build_set_flush_rules(set_name)) for entry in entries: rules.extend(self.build_set_add_rules(set_name, entry)) self.set_rules(rules, self._fw.get_log_denied()) firewalld-0.8.2/src/firewall/core/fw_transaction.py0000664007115300711530000001512613641105304023575 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Transaction classes for firewalld""" __all__ = [ "FirewallTransaction" ] import traceback from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class FirewallTransaction(object): def __init__(self, fw): self.fw = fw self.rules = { } # [ ( backend.name, [ rule,.. ] ),.. ] self.pre_funcs = [ ] # [ (func, args),.. ] self.post_funcs = [ ] # [ (func, args),.. ] self.fail_funcs = [ ] # [ (func, args),.. ] self.chains = [ ] # [ (zone, table, chain),.. ] self.modules = [ ] # [ module,.. ] def clear(self): self.rules.clear() del self.pre_funcs[:] del self.post_funcs[:] del self.fail_funcs[:] def add_rule(self, backend, rule): self.rules.setdefault(backend.name, [ ]).append(rule) def add_rules(self, backend, rules): for rule in rules: self.add_rule(backend, rule) def query_rule(self, backend, rule): return backend.name in self.rules and rule in self.rules[backend.name] def remove_rule(self, backend, rule): if backend.name in self.rules and rule in self.rules[backend.name]: self.rules[backend.name].remove(rule) def add_pre(self, func, *args): self.pre_funcs.append((func, args)) def add_post(self, func, *args): self.post_funcs.append((func, args)) def add_fail(self, func, *args): self.fail_funcs.append((func, args)) def add_chain(self, zone, table, chain): ztc = (zone, table, chain) if ztc not in self.chains: self.fw.zone.gen_chain_rules(zone, True, table, chain, self) self.chains.append(ztc) def remove_chain(self, zone, table, chain): ztc = (zone, table, chain) if ztc in self.chains: self.chains.remove(ztc) def add_module(self, module): if module not in self.modules: self.modules.append(module) def remove_module(self, module): if module in self.modules: self.modules.remove(module) def add_modules(self, modules): for module in modules: self.add_module(module) def remove_modules(self, modules): for module in modules: self.remove_module(module) def prepare(self, enable): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules = { } if not enable: # reverse rule order for cleanup for backend_name in self.rules: for rule in reversed(self.rules[backend_name]): rules.setdefault(backend_name, [ ]).append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) else: for backend_name in self.rules: rules.setdefault(backend_name, [ ]).extend(self.rules[backend_name]) return rules, self.modules def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False errorMsg = "" done = [ ] for backend_name in rules: try: self.fw.rules(backend_name, rules[backend_name]) except Exception as msg: error = True errorMsg = msg log.debug1(traceback.format_exc()) log.error(msg) else: done.append(backend_name) # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: # Debug log about issues loading modules, but don't error. The # modules may be builtin or CONFIG_MODULES=n, in which case # modprobe will fail. Or we may be running inside a container # that doesn't have sufficient privileges. Unfortunately there # is no way for us to know. (status, msg) = module_return if status: log.debug1(msg) # error case: revert rules if error: undo_rules = { } for backend_name in done: undo_rules[backend_name] = [ ] for rule in reversed(rules[backend_name]): undo_rules[backend_name].append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) for backend_name in undo_rules: try: self.fw.rules(backend_name, undo_rules[backend_name]) except Exception as msg: log.debug1(traceback.format_exc()) log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.debug1(traceback.format_exc()) log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED, errorMsg) # post self.post() def pre(self): log.debug4("%s.pre()" % type(self)) for (func, args) in self.pre_funcs: try: func(*args) except Exception as msg: log.debug1(traceback.format_exc()) log.error("Calling pre func %s(%s) failed: %s" % \ (func, args, msg)) def post(self): log.debug4("%s.post()" % type(self)) for (func, args) in self.post_funcs: try: func(*args) except Exception as msg: log.debug1(traceback.format_exc()) log.error("Calling post func %s(%s) failed: %s" % \ (func, args, msg)) firewalld-0.8.2/src/firewall/core/rich.py0000664007115300711530000007431313620317435021513 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2013-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Rich_Source", "Rich_Destination", "Rich_Service", "Rich_Port", "Rich_Protocol", "Rich_Masquerade", "Rich_IcmpBlock", "Rich_IcmpType", "Rich_SourcePort", "Rich_ForwardPort", "Rich_Log", "Rich_Audit", "Rich_Accept", "Rich_Reject", "Rich_Drop", "Rich_Mark", "Rich_Limit", "Rich_Rule" ] from firewall import functions from firewall.core.ipset import check_ipset_name from firewall.core.base import REJECT_TYPES from firewall import errors from firewall.errors import FirewallError class Rich_Source(object): def __init__(self, addr, mac, ipset, invert=False): self.addr = addr if self.addr == "": self.addr = None self.mac = mac if self.mac == "" or self.mac is None: self.mac = None elif self.mac is not None: self.mac = self.mac.upper() self.ipset = ipset if self.ipset == "": self.ipset = None self.invert = invert if self.addr is None and self.mac is None and self.ipset is None: raise FirewallError(errors.INVALID_RULE, "no address, mac and ipset") def __str__(self): ret = 'source%s ' % (" NOT" if self.invert else "") if self.addr is not None: return ret + 'address="%s"' % self.addr elif self.mac is not None: return ret + 'mac="%s"' % self.mac elif self.ipset is not None: return ret + 'ipset="%s"' % self.ipset else: raise FirewallError(errors.INVALID_RULE, "no address, mac and ipset") class Rich_Destination(object): def __init__(self, addr, invert=False): self.addr = addr self.invert = invert def __str__(self): return 'destination %saddress="%s"' % ("not " if self.invert else "", self.addr) class Rich_Service(object): def __init__(self, name): self.name = name def __str__(self): return 'service name="%s"' % (self.name) class Rich_Port(object): def __init__(self, port, protocol): self.port = port self.protocol = protocol def __str__(self): return 'port port="%s" protocol="%s"' % (self.port, self.protocol) class Rich_SourcePort(Rich_Port): def __str__(self): return 'source-port port="%s" protocol="%s"' % (self.port, self.protocol) class Rich_Protocol(object): def __init__(self, value): self.value = value def __str__(self): return 'protocol value="%s"' % (self.value) class Rich_Masquerade(object): def __init__(self): pass def __str__(self): return 'masquerade' class Rich_IcmpBlock(object): def __init__(self, name): self.name = name def __str__(self): return 'icmp-block name="%s"' % (self.name) class Rich_IcmpType(object): def __init__(self, name): self.name = name def __str__(self): return 'icmp-type name="%s"' % (self.name) class Rich_ForwardPort(object): def __init__(self, port, protocol, to_port, to_address): self.port = port self.protocol = protocol self.to_port = to_port self.to_address = to_address # replace None with "" in to_port and/or to_address if self.to_port is None: self.to_port = "" if self.to_address is None: self.to_address = "" def __str__(self): return 'forward-port port="%s" protocol="%s"%s%s' % \ (self.port, self.protocol, ' to-port="%s"' % self.to_port if self.to_port != "" else '', ' to-addr="%s"' % self.to_address if self.to_address != "" else '') class Rich_Log(object): def __init__(self, prefix=None, level=None, limit=None): #TODO check default level in iptables self.prefix = prefix self.level = level self.limit = limit def __str__(self): return 'log%s%s%s' % \ (' prefix="%s"' % (self.prefix) if self.prefix else "", ' level="%s"' % (self.level) if self.level else "", " %s" % self.limit if self.limit else "") class Rich_Audit(object): def __init__(self, limit=None): #TODO check default level in iptables self.limit = limit def __str__(self): return 'audit%s' % (" %s" % self.limit if self.limit else "") class Rich_Accept(object): def __init__(self, limit=None): self.limit = limit def __str__(self): return "accept%s" % (" %s" % self.limit if self.limit else "") class Rich_Reject(object): def __init__(self, _type=None, limit=None): self.type = _type self.limit = limit def __str__(self): return "reject%s%s" % (' type="%s"' % self.type if self.type else "", " %s" % self.limit if self.limit else "") def check(self, family): if self.type: if not family: raise FirewallError(errors.INVALID_RULE, "When using reject type you must specify also rule family.") if family in ['ipv4', 'ipv6'] and \ self.type not in REJECT_TYPES[family]: valid_types = ", ".join(REJECT_TYPES[family]) raise FirewallError(errors.INVALID_RULE, "Wrong reject type %s.\nUse one of: %s." % (self.type, valid_types)) class Rich_Drop(Rich_Accept): def __str__(self): return "drop%s" % (" %s" % self.limit if self.limit else "") class Rich_Mark(object): def __init__(self, _set, limit=None): self.set = _set self.limit = limit def __str__(self): return "mark set=%s%s" % (self.set, " %s" % self.limit if self.limit else "") def check(self): if self.set is not None: x = self.set else: raise FirewallError(errors.INVALID_MARK, "no value set") if "/" in x: splits = x.split("/") if len(splits) != 2: raise FirewallError(errors.INVALID_MARK, x) if not functions.checkUINT32(splits[0]) or \ not functions.checkUINT32(splits[1]): # value and mask are uint32 raise FirewallError(errors.INVALID_MARK, x) else: if not functions.checkUINT32(x): # value is uint32 raise FirewallError(errors.INVALID_MARK, x) class Rich_Limit(object): def __init__(self, value): self.value = value if "/" in self.value: splits = self.value.split("/") if len(splits) == 2 and \ splits[1] in [ "second", "minute", "hour", "day" ]: self.value = "%s/%s" % (splits[0], splits[1][:1]) def check(self): splits = None if "/" in self.value: splits = self.value.split("/") if not splits or len(splits) != 2: raise FirewallError(errors.INVALID_LIMIT, self.value) (rate, duration) = splits try: rate = int(rate) except: raise FirewallError(errors.INVALID_LIMIT, self.value) if rate < 1 or duration not in [ "s", "m", "h", "d" ]: raise FirewallError(errors.INVALID_LIMIT, self.value) mult = 1 if duration == "s": mult = 1 elif duration == "m": mult = 60 elif duration == "h": mult = 60*60 elif duration == "d": mult = 24*60*60 if 10000 * mult / rate == 0: raise FirewallError(errors.INVALID_LIMIT, "%s too fast" % self.value) if rate == 1 and duration == "d": # iptables (v1.4.21) doesn't accept 1/d raise FirewallError(errors.INVALID_LIMIT, "%s too slow" % self.value) def __str__(self): return 'limit value="%s"' % (self.value) def command(self): return '' class Rich_Rule(object): priority_min = -32768 priority_max = 32767 def __init__(self, family=None, rule_str=None, priority=0): if family is not None: self.family = str(family) else: self.family = None self.priority = priority self.source = None self.destination = None self.element = None self.log = None self.audit = None self.action = None if rule_str: self._import_from_string(rule_str) def _lexer(self, rule_str): """ Lexical analysis """ tokens = [] for r in functions.splitArgs(rule_str): if "=" in r: attr = r.split('=') if len(attr) != 2 or not attr[0] or not attr[1]: raise FirewallError(errors.INVALID_RULE, 'internal error in _lexer(): %s' % r) tokens.append({'attr_name':attr[0], 'attr_value':attr[1]}) else: tokens.append({'element':r}) tokens.append({'element':'EOL'}) return tokens def _import_from_string(self, rule_str): if not rule_str: raise FirewallError(errors.INVALID_RULE, 'empty rule') self.priority = 0 self.family = None self.source = None self.destination = None self.element = None self.log = None self.audit = None self.action = None tokens = self._lexer(rule_str) if tokens and tokens[0].get('element') == 'EOL': raise FirewallError(errors.INVALID_RULE, 'empty rule') attrs = {} # attributes of elements in_elements = [] # stack with elements we are in index = 0 # index into tokens while not (tokens[index].get('element') == 'EOL' and in_elements == ['rule']): element = tokens[index].get('element') attr_name = tokens[index].get('attr_name') attr_value = tokens[index].get('attr_value') #print ("in_elements: ", in_elements) #print ("index: %s, element: %s, attribute: %s=%s" % (index, element, attr_name, attr_value)) if attr_name: # attribute if attr_name not in ['priority', 'family', 'address', 'mac', 'ipset', 'invert', 'value', 'port', 'protocol', 'to-port', 'to-addr', 'name', 'prefix', 'level', 'type', 'set']: raise FirewallError(errors.INVALID_RULE, "bad attribute '%s'" % attr_name) else: # element if element in ['rule', 'source', 'destination', 'protocol', 'service', 'port', 'icmp-block', 'icmp-type', 'masquerade', 'forward-port', 'source-port', 'log', 'audit', 'accept', 'drop', 'reject', 'mark', 'limit', 'not', 'NOT', 'EOL']: if element == 'source' and self.source: raise FirewallError(errors.INVALID_RULE, "more than one 'source' element") elif element == 'destination' and self.destination: raise FirewallError(errors.INVALID_RULE, "more than one 'destination' element") elif element in ['protocol', 'service', 'port', 'icmp-block', 'icmp-type', 'masquerade', 'forward-port', 'source-port'] and self.element: raise FirewallError(errors.INVALID_RULE, "more than one element. There cannot be both '%s' and '%s' in one rule." % (element, self.element)) elif element == 'log' and self.log: raise FirewallError(errors.INVALID_RULE, "more than one 'log' element") elif element == 'audit' and self.audit: raise FirewallError(errors.INVALID_RULE, "more than one 'audit' element") elif element in ['accept', 'drop', 'reject', 'mark'] and self.action: raise FirewallError(errors.INVALID_RULE, "more than one 'action' element. There cannot be both '%s' and '%s' in one rule." % (element, self.action)) else: raise FirewallError(errors.INVALID_RULE, "unknown element %s" % element) in_element = in_elements[len(in_elements)-1] if len(in_elements) > 0 else '' if in_element == '': if not element and attr_name: if attr_name == 'family': raise FirewallError(errors.INVALID_RULE, "'family' outside of rule. Use 'rule family=...'.") elif attr_name == 'priority': raise FirewallError(errors.INVALID_RULE, "'priority' outside of rule. Use 'rule priority=...'.") else: raise FirewallError(errors.INVALID_RULE, "'%s' outside of any element. Use 'rule %s= ...'." % (attr_name, attr_name)) elif 'rule' not in element: raise FirewallError(errors.INVALID_RULE, "'%s' outside of rule. Use 'rule ... %s ...'." % (element, element)) else: in_elements.append('rule') # push into stack elif in_element == 'rule': if attr_name == 'family': if attr_value not in ['ipv4', 'ipv6']: raise FirewallError(errors.INVALID_RULE, "'family' attribute cannot have '%s' value. Use 'ipv4' or 'ipv6' instead." % attr_value) self.family = attr_value elif attr_name == 'priority': self.priority = int(attr_value) elif attr_name: if attr_name == 'protocol': err_msg = "wrong 'protocol' usage. Use either 'rule protocol value=...' or 'rule [forward-]port protocol=...'." else: err_msg = "attribute '%s' outside of any element. Use 'rule %s= ...'." % (attr_name, attr_name) raise FirewallError(errors.INVALID_RULE, err_msg) else: in_elements.append(element) # push into stack elif in_element == 'source': if attr_name in ['address', 'mac', 'ipset', 'invert']: attrs[attr_name] = attr_value elif element in ['not', 'NOT']: attrs['invert'] = True else: self.source = Rich_Source(attrs.get('address'), attrs.get('mac'), attrs.get('ipset'), attrs.get('invert', False)) in_elements.pop() # source attrs.clear() index = index -1 # return token to input elif in_element == 'destination': if attr_name in ['address', 'invert']: attrs[attr_name] = attr_value elif element in ['not', 'NOT']: attrs['invert'] = True else: self.destination = Rich_Destination(attrs.get('address'), attrs.get('invert')) in_elements.pop() # destination attrs.clear() index = index -1 # return token to input elif in_element == 'protocol': if attr_name == 'value': self.element = Rich_Protocol(attr_value) in_elements.pop() # protocol else: raise FirewallError(errors.INVALID_RULE, "invalid 'protocol' element") elif in_element == 'service': if attr_name == 'name': self.element = Rich_Service(attr_value) in_elements.pop() # service else: raise FirewallError(errors.INVALID_RULE, "invalid 'service' element") elif in_element == 'port': if attr_name in ['port', 'protocol']: attrs[attr_name] = attr_value else: self.element = Rich_Port(attrs.get('port'), attrs.get('protocol')) in_elements.pop() # port attrs.clear() index = index -1 # return token to input elif in_element == 'icmp-block': if attr_name == 'name': self.element = Rich_IcmpBlock(attr_value) in_elements.pop() # icmp-block else: raise FirewallError(errors.INVALID_RULE, "invalid 'icmp-block' element") elif in_element == 'icmp-type': if attr_name == 'name': self.element = Rich_IcmpType(attr_value) in_elements.pop() # icmp-type else: raise FirewallError(errors.INVALID_RULE, "invalid 'icmp-type' element") elif in_element == 'masquerade': self.element = Rich_Masquerade() in_elements.pop() attrs.clear() index = index -1 # return token to input elif in_element == 'forward-port': if attr_name in ['port', 'protocol', 'to-port', 'to-addr']: attrs[attr_name] = attr_value else: self.element = Rich_ForwardPort(attrs.get('port'), attrs.get('protocol'), attrs.get('to-port'), attrs.get('to-addr')) in_elements.pop() # forward-port attrs.clear() index = index -1 # return token to input elif in_element == 'source-port': if attr_name in ['port', 'protocol']: attrs[attr_name] = attr_value else: self.element = Rich_SourcePort(attrs.get('port'), attrs.get('protocol')) in_elements.pop() # source-port attrs.clear() index = index -1 # return token to input elif in_element == 'log': if attr_name in ['prefix', 'level']: attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.log = Rich_Log(attrs.get('prefix'), attrs.get('level'), attrs.get('limit')) in_elements.pop() # log attrs.clear() index = index -1 # return token to input elif in_element == 'audit': if element == 'limit': in_elements.append('limit') else: self.audit = Rich_Audit(attrs.get('limit')) in_elements.pop() # audit attrs.clear() index = index -1 # return token to input elif in_element == 'accept': if element == 'limit': in_elements.append('limit') else: self.action = Rich_Accept(attrs.get('limit')) in_elements.pop() # accept attrs.clear() index = index -1 # return token to input elif in_element == 'drop': if element == 'limit': in_elements.append('limit') else: self.action = Rich_Drop(attrs.get('limit')) in_elements.pop() # drop attrs.clear() index = index -1 # return token to input elif in_element == 'reject': if attr_name == 'type': attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.action = Rich_Reject(attrs.get('type'), attrs.get('limit')) in_elements.pop() # accept attrs.clear() index = index -1 # return token to input elif in_element == 'mark': if attr_name == 'set': attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.action = Rich_Mark(attrs.get('set'), attrs.get('limit')) in_elements.pop() # accept attrs.clear() index = index -1 # return token to input elif in_element == 'limit': if attr_name == 'value': attrs['limit'] = Rich_Limit(attr_value) in_elements.pop() # limit else: raise FirewallError(errors.INVALID_RULE, "invalid 'limit' element") index = index + 1 self.check() def check(self): if self.family is not None and self.family not in [ "ipv4", "ipv6" ]: raise FirewallError(errors.INVALID_FAMILY, self.family) if self.family is None: if (self.source is not None and self.source.addr is not None) or \ self.destination is not None: raise FirewallError(errors.MISSING_FAMILY) if type(self.element) == Rich_ForwardPort: raise FirewallError(errors.MISSING_FAMILY) if self.priority < self.priority_min or self.priority > self.priority_max: raise FirewallError(errors.INVALID_PRIORITY, "'priority' attribute must be between %d and %d." \ % (self.priority_min, self.priority_max)) if self.element is None and \ (self.log is None or (self.log is not None and self.priority == 0)): if self.action is None: raise FirewallError(errors.INVALID_RULE, "no element, no action") if self.source is None and self.destination is None and self.priority == 0: raise FirewallError(errors.INVALID_RULE, "no element, no source, no destination") if type(self.element) not in [ Rich_IcmpBlock, Rich_ForwardPort, Rich_Masquerade ]: if self.log is None and self.audit is None and \ self.action is None: raise FirewallError(errors.INVALID_RULE, "no action, no log, no audit") # source if self.source is not None: if self.source.addr is not None: if self.family is None: raise FirewallError(errors.INVALID_FAMILY) if self.source.mac is not None: raise FirewallError(errors.INVALID_RULE, "address and mac") if self.source.ipset is not None: raise FirewallError(errors.INVALID_RULE, "address and ipset") if not functions.check_address(self.family, self.source.addr): raise FirewallError(errors.INVALID_ADDR, str(self.source.addr)) elif self.source.mac is not None: if self.source.ipset is not None: raise FirewallError(errors.INVALID_RULE, "mac and ipset") if not functions.check_mac(self.source.mac): raise FirewallError(errors.INVALID_MAC, str(self.source.mac)) elif self.source.ipset is not None: if not check_ipset_name(self.source.ipset): raise FirewallError(errors.INVALID_IPSET, str(self.source.ipset)) else: raise FirewallError(errors.INVALID_RULE, "invalid source") # destination if self.destination is not None: if self.family is None: raise FirewallError(errors.INVALID_FAMILY) if self.destination.addr is None or \ not functions.check_address(self.family, self.destination.addr): raise FirewallError(errors.INVALID_ADDR, str(self.destination.addr)) # service if type(self.element) == Rich_Service: # service availability needs to be checked in Firewall, here is no # knowledge about this, therefore only simple check if self.element.name is None or len(self.element.name) < 1: raise FirewallError(errors.INVALID_SERVICE, str(self.element.name)) # port elif type(self.element) == Rich_Port: if not functions.check_port(self.element.port): raise FirewallError(errors.INVALID_PORT, self.element.port) if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol) # protocol elif type(self.element) == Rich_Protocol: if not functions.checkProtocol(self.element.value): raise FirewallError(errors.INVALID_PROTOCOL, self.element.value) # masquerade elif type(self.element) == Rich_Masquerade: if self.action is not None: raise FirewallError(errors.INVALID_RULE, "masquerade and action") if self.source is not None and self.source.mac is not None: raise FirewallError(errors.INVALID_RULE, "masquerade and mac source") # icmp-block elif type(self.element) == Rich_IcmpBlock: # icmp type availability needs to be checked in Firewall, here is no # knowledge about this, therefore only simple check if self.element.name is None or len(self.element.name) < 1: raise FirewallError(errors.INVALID_ICMPTYPE, str(self.element.name)) if self.action: raise FirewallError(errors.INVALID_RULE, "icmp-block and action") # icmp-type elif type(self.element) == Rich_IcmpType: # icmp type availability needs to be checked in Firewall, here is no # knowledge about this, therefore only simple check if self.element.name is None or len(self.element.name) < 1: raise FirewallError(errors.INVALID_ICMPTYPE, str(self.element.name)) # forward-port elif type(self.element) == Rich_ForwardPort: if not functions.check_port(self.element.port): raise FirewallError(errors.INVALID_PORT, self.element.port) if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol) if self.element.to_port == "" and self.element.to_address == "": raise FirewallError(errors.INVALID_PORT, self.element.to_port) if self.element.to_port != "" and \ not functions.check_port(self.element.to_port): raise FirewallError(errors.INVALID_PORT, self.element.to_port) if self.element.to_address != "" and \ not functions.check_single_address(self.family, self.element.to_address): raise FirewallError(errors.INVALID_ADDR, self.element.to_address) if self.family is None: raise FirewallError(errors.INVALID_FAMILY) if self.action is not None: raise FirewallError(errors.INVALID_RULE, "forward-port and action") # source-port elif type(self.element) == Rich_SourcePort: if not functions.check_port(self.element.port): raise FirewallError(errors.INVALID_PORT, self.element.port) if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol) # other element and not empty? elif self.element is not None: raise FirewallError(errors.INVALID_RULE, "Unknown element %s" % type(self.element)) # log if self.log is not None: if self.log.level and \ self.log.level not in [ "emerg", "alert", "crit", "error", "warning", "notice", "info", "debug" ]: raise FirewallError(errors.INVALID_LOG_LEVEL, self.log.level) if self.log.limit is not None: self.log.limit.check() # audit if self.audit is not None: if type(self.action) not in [ Rich_Accept, Rich_Reject, Rich_Drop ]: raise FirewallError(errors.INVALID_AUDIT_TYPE, type(self.action)) if self.audit.limit is not None: self.audit.limit.check() # action if self.action is not None: if type(self.action) == Rich_Reject: self.action.check(self.family) elif type(self.action) == Rich_Mark: self.action.check() if self.action.limit is not None: self.action.limit.check() def __str__(self): ret = 'rule' if self.priority: ret += ' priority="%d"' % self.priority if self.family: ret += ' family="%s"' % self.family if self.source: ret += " %s" % self.source if self.destination: ret += " %s" % self.destination if self.element: ret += " %s" % self.element if self.log: ret += " %s" % self.log if self.audit: ret += " %s" % self.audit if self.action: ret += " %s" % self.action return (functions.u2b(ret)) if functions.PY2 else ret #class Rich_RawRule(object): #class Rich_RuleSet(object): #class Rich_AddressList(object): firewalld-0.8.2/src/firewall/core/fw_config.py0000664007115300711530000011373313620317435022527 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallConfig" ] import copy import os import os.path import shutil from firewall import config from firewall.core.logger import log from firewall.core.io.icmptype import IcmpType, icmptype_reader, icmptype_writer from firewall.core.io.service import Service, service_reader, service_writer from firewall.core.io.zone import Zone, zone_reader, zone_writer from firewall.core.io.ipset import IPSet, ipset_reader, ipset_writer from firewall.core.io.helper import Helper, helper_reader, helper_writer from firewall import errors from firewall.errors import FirewallError class FirewallConfig(object): def __init__(self, fw): self._fw = fw self.__init_vars() def __repr__(self): return '%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)' % \ (self.__class__, self._ipsets, self._icmptypes, self._services, self._zones, self._helpers, self._builtin_ipsets, self._builtin_icmptypes, self._builtin_services, self._builtin_zones, self._builtin_helpers, self._firewalld_conf, self._policies, self._direct) def __init_vars(self): self._ipsets = { } self._icmptypes = { } self._services = { } self._zones = { } self._helpers = { } self._builtin_ipsets = { } self._builtin_icmptypes = { } self._builtin_services = { } self._builtin_zones = { } self._builtin_helpers = { } self._firewalld_conf = None self._policies = None self._direct = None def cleanup(self): for x in list(self._builtin_ipsets.keys()): self._builtin_ipsets[x].cleanup() del self._builtin_ipsets[x] for x in list(self._ipsets.keys()): self._ipsets[x].cleanup() del self._ipsets[x] for x in list(self._builtin_icmptypes.keys()): self._builtin_icmptypes[x].cleanup() del self._builtin_icmptypes[x] for x in list(self._icmptypes.keys()): self._icmptypes[x].cleanup() del self._icmptypes[x] for x in list(self._builtin_services.keys()): self._builtin_services[x].cleanup() del self._builtin_services[x] for x in list(self._services.keys()): self._services[x].cleanup() del self._services[x] for x in list(self._builtin_zones.keys()): self._builtin_zones[x].cleanup() del self._builtin_zones[x] for x in list(self._zones.keys()): self._zones[x].cleanup() del self._zones[x] for x in list(self._builtin_helpers.keys()): self._builtin_helpers[x].cleanup() del self._builtin_helpers[x] for x in list(self._helpers.keys()): self._helpers[x].cleanup() del self._helpers[x] if self._firewalld_conf: self._firewalld_conf.cleanup() del self._firewalld_conf self._firewalld_conf = None if self._policies: self._policies.cleanup() del self._policies self._policies = None if self._direct: self._direct.cleanup() del self._direct self._direct = None self.__init_vars() # access check def lockdown_enabled(self): return self._fw.policies.query_lockdown() def access_check(self, key, value): return self._fw.policies.access_check(key, value) # firewalld_conf def set_firewalld_conf(self, conf): self._firewalld_conf = conf def get_firewalld_conf(self): return self._firewalld_conf def update_firewalld_conf(self): if not os.path.exists(config.FIREWALLD_CONF): self._firewalld_conf.clear() else: self._firewalld_conf.read() # policies def set_policies(self, policies): self._policies = policies def get_policies(self): return self._policies def update_lockdown_whitelist(self): if not os.path.exists(config.LOCKDOWN_WHITELIST): self._policies.lockdown_whitelist.cleanup() else: self._policies.lockdown_whitelist.read() # direct def set_direct(self, direct): self._direct = direct def get_direct(self): return self._direct def update_direct(self): if not os.path.exists(config.FIREWALLD_DIRECT): self._direct.cleanup() else: self._direct.read() # ipset def get_ipsets(self): return sorted(set(list(self._ipsets.keys()) + \ list(self._builtin_ipsets.keys()))) def add_ipset(self, obj): if obj.builtin: self._builtin_ipsets[obj.name] = obj else: self._ipsets[obj.name] = obj def get_ipset(self, name): if name in self._ipsets: return self._ipsets[name] elif name in self._builtin_ipsets: return self._builtin_ipsets[name] raise FirewallError(errors.INVALID_IPSET, name) def load_ipset_defaults(self, obj): if obj.name not in self._ipsets: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._ipsets[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._ipsets[%s] != obj" % obj.name) elif obj.name not in self._builtin_ipsets: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in ipset" % obj.name) self._remove_ipset(obj) return self._builtin_ipsets[obj.name] def get_ipset_config(self, obj): return obj.export_config() def set_ipset_config(self, obj, conf): if obj.builtin: x = copy.copy(obj) x.import_config(conf) x.path = config.ETC_FIREWALLD_IPSETS x.builtin = False if obj.path != x.path: x.default = False self.add_ipset(x) ipset_writer(x) return x else: obj.import_config(conf) ipset_writer(obj) return obj def new_ipset(self, name, conf): if name in self._ipsets or name in self._builtin_ipsets: raise FirewallError(errors.NAME_CONFLICT, "new_ipset(): '%s'" % name) x = IPSet() x.check_name(name) x.import_config(conf) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_IPSETS # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True ipset_writer(x) self.add_ipset(x) return x def update_ipset_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_IPSETS: # removed custom ipset for x in self._ipsets.keys(): obj = self._ipsets[x] if obj.filename == filename: del self._ipsets[x] if obj.name in self._builtin_ipsets: return ("update", self._builtin_ipsets[obj.name]) return ("remove", obj) else: # removed builtin ipset for x in self._builtin_ipsets.keys(): obj = self._builtin_ipsets[x] if obj.filename == filename: del self._builtin_ipsets[x] if obj.name not in self._ipsets: # update dbus ipset return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # ipset not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading ipset file '%s'", name) try: obj = ipset_reader(filename, path) except Exception as msg: log.error("Failed to load ipset file '%s': %s", filename, msg) return (None, None) # new ipset if obj.name not in self._builtin_ipsets and obj.name not in self._ipsets: self.add_ipset(obj) return ("new", obj) # updated ipset if path == config.ETC_FIREWALLD_IPSETS: # custom ipset update if obj.name in self._ipsets: obj.default = self._ipsets[obj.name].default self._ipsets[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_ipsets: # builtin ipset update del self._builtin_ipsets[obj.name] self._builtin_ipsets[obj.name] = obj if obj.name not in self._ipsets: # update dbus ipset return ("update", obj) else: # builtin hidden, no update needed return (None, None) # ipset not known to firewalld, yet (timeout, ..) return (None, None) def _remove_ipset(self, obj): if obj.name not in self._ipsets: raise FirewallError(errors.INVALID_IPSET, obj.name) if obj.path != config.ETC_FIREWALLD_IPSETS: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % (obj.path, config.ETC_FIREWALLD_IPSETS)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._ipsets[obj.name] def check_builtin_ipset(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_IPSET, "'%s' is built-in ipset" % obj.name) def remove_ipset(self, obj): self.check_builtin_ipset(obj) self._remove_ipset(obj) def rename_ipset(self, obj, name): self.check_builtin_ipset(obj) new_ipset = self._copy_ipset(obj, name) self._remove_ipset(obj) return new_ipset def _copy_ipset(self, obj, name): return self.new_ipset(name, obj.export_config()) # icmptypes def get_icmptypes(self): return sorted(set(list(self._icmptypes.keys()) + \ list(self._builtin_icmptypes.keys()))) def add_icmptype(self, obj): if obj.builtin: self._builtin_icmptypes[obj.name] = obj else: self._icmptypes[obj.name] = obj def get_icmptype(self, name): if name in self._icmptypes: return self._icmptypes[name] elif name in self._builtin_icmptypes: return self._builtin_icmptypes[name] raise FirewallError(errors.INVALID_ICMPTYPE, name) def load_icmptype_defaults(self, obj): if obj.name not in self._icmptypes: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._icmptypes[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._icmptypes[%s] != obj" % obj.name) elif obj.name not in self._builtin_icmptypes: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in icmptype" % obj.name) self._remove_icmptype(obj) return self._builtin_icmptypes[obj.name] def get_icmptype_config(self, obj): return obj.export_config() def set_icmptype_config(self, obj, conf): if obj.builtin: x = copy.copy(obj) x.import_config(conf) x.path = config.ETC_FIREWALLD_ICMPTYPES x.builtin = False if obj.path != x.path: x.default = False self.add_icmptype(x) icmptype_writer(x) return x else: obj.import_config(conf) icmptype_writer(obj) return obj def new_icmptype(self, name, conf): if name in self._icmptypes or name in self._builtin_icmptypes: raise FirewallError(errors.NAME_CONFLICT, "new_icmptype(): '%s'" % name) x = IcmpType() x.check_name(name) x.import_config(conf) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_ICMPTYPES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True icmptype_writer(x) self.add_icmptype(x) return x def update_icmptype_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_ICMPTYPES: # removed custom icmptype for x in self._icmptypes.keys(): obj = self._icmptypes[x] if obj.filename == filename: del self._icmptypes[x] if obj.name in self._builtin_icmptypes: return ("update", self._builtin_icmptypes[obj.name]) return ("remove", obj) else: # removed builtin icmptype for x in self._builtin_icmptypes.keys(): obj = self._builtin_icmptypes[x] if obj.filename == filename: del self._builtin_icmptypes[x] if obj.name not in self._icmptypes: # update dbus icmptype return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # icmptype not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading icmptype file '%s'", name) try: obj = icmptype_reader(filename, path) except Exception as msg: log.error("Failed to load icmptype file '%s': %s", filename, msg) return (None, None) # new icmptype if obj.name not in self._builtin_icmptypes and obj.name not in self._icmptypes: self.add_icmptype(obj) return ("new", obj) # updated icmptype if path == config.ETC_FIREWALLD_ICMPTYPES: # custom icmptype update if obj.name in self._icmptypes: obj.default = self._icmptypes[obj.name].default self._icmptypes[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_icmptypes: # builtin icmptype update del self._builtin_icmptypes[obj.name] self._builtin_icmptypes[obj.name] = obj if obj.name not in self._icmptypes: # update dbus icmptype return ("update", obj) else: # builtin hidden, no update needed return (None, None) # icmptype not known to firewalld, yet (timeout, ..) return (None, None) def _remove_icmptype(self, obj): if obj.name not in self._icmptypes: raise FirewallError(errors.INVALID_ICMPTYPE, obj.name) if obj.path != config.ETC_FIREWALLD_ICMPTYPES: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % \ (obj.path, config.ETC_FIREWALLD_ICMPTYPES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._icmptypes[obj.name] def check_builtin_icmptype(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_ICMPTYPE, "'%s' is built-in icmp type" % obj.name) def remove_icmptype(self, obj): self.check_builtin_icmptype(obj) self._remove_icmptype(obj) def rename_icmptype(self, obj, name): self.check_builtin_icmptype(obj) new_icmptype = self._copy_icmptype(obj, name) self._remove_icmptype(obj) return new_icmptype def _copy_icmptype(self, obj, name): return self.new_icmptype(name, obj.export_config()) # services def get_services(self): return sorted(set(list(self._services.keys()) + \ list(self._builtin_services.keys()))) def add_service(self, obj): if obj.builtin: self._builtin_services[obj.name] = obj else: self._services[obj.name] = obj def get_service(self, name): if name in self._services: return self._services[name] elif name in self._builtin_services: return self._builtin_services[name] raise FirewallError(errors.INVALID_SERVICE, "get_service(): '%s'" % name) def load_service_defaults(self, obj): if obj.name not in self._services: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._services[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._services[%s] != obj" % obj.name) elif obj.name not in self._builtin_services: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in service" % obj.name) self._remove_service(obj) return self._builtin_services[obj.name] def get_service_config(self, obj): conf_dict = obj.export_config() conf_list = [] for i in range(8): # tuple based dbus API has 8 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # object otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) def get_service_config_dict(self, obj): return obj.export_config() def set_service_config(self, obj, conf): conf_dict = {} for i,value in enumerate(conf): conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]] = value if obj.builtin: x = copy.copy(obj) x.cleanup() x.import_config(conf_dict) x.path = config.ETC_FIREWALLD_SERVICES x.builtin = False if obj.path != x.path: x.default = False self.add_service(x) service_writer(x) return x else: obj.cleanup() obj.import_config(conf_dict) service_writer(obj) return obj def set_service_config_dict(self, obj, conf): if obj.builtin: x = copy.copy(obj) x.import_config(conf) x.path = config.ETC_FIREWALLD_SERVICES x.builtin = False if obj.path != x.path: x.default = False self.add_service(x) service_writer(x) return x else: obj.import_config(conf) service_writer(obj) return obj def new_service(self, name, conf): if name in self._services or name in self._builtin_services: raise FirewallError(errors.NAME_CONFLICT, "new_service(): '%s'" % name) conf_dict = {} for i,value in enumerate(conf): conf_dict[Service.IMPORT_EXPORT_STRUCTURE[i][0]] = value x = Service() x.check_name(name) x.import_config(conf_dict) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_SERVICES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True service_writer(x) self.add_service(x) return x def new_service_dict(self, name, conf): if name in self._services or name in self._builtin_services: raise FirewallError(errors.NAME_CONFLICT, "new_service(): '%s'" % name) x = Service() x.check_name(name) x.import_config(conf) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_SERVICES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True service_writer(x) self.add_service(x) return x def update_service_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_SERVICES: # removed custom service for x in self._services.keys(): obj = self._services[x] if obj.filename == filename: del self._services[x] if obj.name in self._builtin_services: return ("update", self._builtin_services[obj.name]) return ("remove", obj) else: # removed builtin service for x in self._builtin_services.keys(): obj = self._builtin_services[x] if obj.filename == filename: del self._builtin_services[x] if obj.name not in self._services: # update dbus service return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # service not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading service file '%s'", name) try: obj = service_reader(filename, path) except Exception as msg: log.error("Failed to load service file '%s': %s", filename, msg) return (None, None) # new service if obj.name not in self._builtin_services and obj.name not in self._services: self.add_service(obj) return ("new", obj) # updated service if path == config.ETC_FIREWALLD_SERVICES: # custom service update if obj.name in self._services: obj.default = self._services[obj.name].default self._services[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_services: # builtin service update del self._builtin_services[obj.name] self._builtin_services[obj.name] = obj if obj.name not in self._services: # update dbus service return ("update", obj) else: # builtin hidden, no update needed return (None, None) # service not known to firewalld, yet (timeout, ..) return (None, None) def _remove_service(self, obj): if obj.name not in self._services: raise FirewallError(errors.INVALID_SERVICE, obj.name) if obj.path != config.ETC_FIREWALLD_SERVICES: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % \ (obj.path, config.ETC_FIREWALLD_SERVICES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._services[obj.name] def check_builtin_service(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_SERVICE, "'%s' is built-in service" % obj.name) def remove_service(self, obj): self.check_builtin_service(obj) self._remove_service(obj) def rename_service(self, obj, name): self.check_builtin_service(obj) new_service = self._copy_service(obj, name) self._remove_service(obj) return new_service def _copy_service(self, obj, name): return self.new_service_dict(name, obj.export_config()) # zones def get_zones(self): return sorted(set(list(self._zones.keys()) + \ list(self._builtin_zones.keys()))) def add_zone(self, obj): if obj.builtin: self._builtin_zones[obj.name] = obj else: self._zones[obj.name] = obj def forget_zone(self, name): if name in self._builtin_zones: del self._builtin_zones[name] if name in self._zones: del self._zones[name] def get_zone(self, name): if name in self._zones: return self._zones[name] elif name in self._builtin_zones: return self._builtin_zones[name] raise FirewallError(errors.INVALID_ZONE, "get_zone(): %s" % name) def load_zone_defaults(self, obj): if obj.name not in self._zones: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._zones[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._zones[%s] != obj" % obj.name) elif obj.name not in self._builtin_zones: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in zone" % obj.name) self._remove_zone(obj) return self._builtin_zones[obj.name] def get_zone_config(self, obj): return obj.export_config() def set_zone_config(self, obj, conf): if obj.builtin: x = copy.copy(obj) x.fw_config = self x.import_config(conf) x.path = config.ETC_FIREWALLD_ZONES x.builtin = False if obj.path != x.path: x.default = False self.add_zone(x) zone_writer(x) return x else: obj.fw_config = self obj.import_config(conf) zone_writer(obj) return obj def new_zone(self, name, conf): if name in self._zones or name in self._builtin_zones: raise FirewallError(errors.NAME_CONFLICT, "new_zone(): '%s'" % name) x = Zone() x.check_name(name) x.fw_config = self x.import_config(conf) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_ZONES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True zone_writer(x) self.add_zone(x) return x def update_zone_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path.startswith(config.ETC_FIREWALLD_ZONES): # removed custom zone for x in self._zones.keys(): obj = self._zones[x] if obj.filename == filename: del self._zones[x] if obj.name in self._builtin_zones: return ("update", self._builtin_zones[obj.name]) return ("remove", obj) else: # removed builtin zone for x in self._builtin_zones.keys(): obj = self._builtin_zones[x] if obj.filename == filename: del self._builtin_zones[x] if obj.name not in self._zones: # update dbus zone return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # zone not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading zone file '%s'", name) try: obj = zone_reader(filename, path) except Exception as msg: log.error("Failed to load zone file '%s': %s", filename, msg) return (None, None) obj.fw_config = self if path.startswith(config.ETC_FIREWALLD_ZONES) and \ len(path) > len(config.ETC_FIREWALLD_ZONES): # custom combined zone part obj.name = "%s/%s" % (os.path.basename(path), os.path.basename(filename)[0:-4]) # new zone if obj.name not in self._builtin_zones and obj.name not in self._zones: self.add_zone(obj) return ("new", obj) # updated zone if path.startswith(config.ETC_FIREWALLD_ZONES): # custom zone update if obj.name in self._zones: obj.default = self._zones[obj.name].default self._zones[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_zones: # builtin zone update del self._builtin_zones[obj.name] self._builtin_zones[obj.name] = obj if obj.name not in self._zones: # update dbus zone return ("update", obj) else: # builtin hidden, no update needed return (None, None) # zone not known to firewalld, yet (timeout, ..) return (None, None) def _remove_zone(self, obj): if obj.name not in self._zones: raise FirewallError(errors.INVALID_ZONE, obj.name) if not obj.path.startswith(config.ETC_FIREWALLD_ZONES): raise FirewallError(errors.INVALID_DIRECTORY, "'%s' doesn't start with '%s'" % \ (obj.path, config.ETC_FIREWALLD_ZONES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._zones[obj.name] def check_builtin_zone(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_ZONE, "'%s' is built-in zone" % obj.name) def remove_zone(self, obj): self.check_builtin_zone(obj) self._remove_zone(obj) def rename_zone(self, obj, name): self.check_builtin_zone(obj) new_zone = self._copy_zone(obj, name) self._remove_zone(obj) return new_zone def _copy_zone(self, obj, name): return self.new_zone(name, obj.export_config()) # helper def get_helpers(self): return sorted(set(list(self._helpers.keys()) + \ list(self._builtin_helpers.keys()))) def add_helper(self, obj): if obj.builtin: self._builtin_helpers[obj.name] = obj else: self._helpers[obj.name] = obj def get_helper(self, name): if name in self._helpers: return self._helpers[name] elif name in self._builtin_helpers: return self._builtin_helpers[name] raise FirewallError(errors.INVALID_HELPER, name) def load_helper_defaults(self, obj): if obj.name not in self._helpers: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._helpers[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._helpers[%s] != obj" % obj.name) elif obj.name not in self._builtin_helpers: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in helper" % obj.name) self._remove_helper(obj) return self._builtin_helpers[obj.name] def get_helper_config(self, obj): return obj.export_config() def set_helper_config(self, obj, conf): if obj.builtin: x = copy.copy(obj) x.import_config(conf) x.path = config.ETC_FIREWALLD_HELPERS x.builtin = False if obj.path != x.path: x.default = False self.add_helper(x) helper_writer(x) return x else: obj.import_config(conf) helper_writer(obj) return obj def new_helper(self, name, conf): if name in self._helpers or name in self._builtin_helpers: raise FirewallError(errors.NAME_CONFLICT, "new_helper(): '%s'" % name) x = Helper() x.check_name(name) x.import_config(conf) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_HELPERS # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True helper_writer(x) self.add_helper(x) return x def update_helper_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_HELPERS: # removed custom helper for x in self._helpers.keys(): obj = self._helpers[x] if obj.filename == filename: del self._helpers[x] if obj.name in self._builtin_helpers: return ("update", self._builtin_helpers[obj.name]) return ("remove", obj) else: # removed builtin helper for x in self._builtin_helpers.keys(): obj = self._builtin_helpers[x] if obj.filename == filename: del self._builtin_helpers[x] if obj.name not in self._helpers: # update dbus helper return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # helper not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading helper file '%s'", name) try: obj = helper_reader(filename, path) except Exception as msg: log.error("Failed to load helper file '%s': %s", filename, msg) return (None, None) # new helper if obj.name not in self._builtin_helpers and obj.name not in self._helpers: self.add_helper(obj) return ("new", obj) # updated helper if path == config.ETC_FIREWALLD_HELPERS: # custom helper update if obj.name in self._helpers: obj.default = self._helpers[obj.name].default self._helpers[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_helpers: # builtin helper update del self._builtin_helpers[obj.name] self._builtin_helpers[obj.name] = obj if obj.name not in self._helpers: # update dbus helper return ("update", obj) else: # builtin hidden, no update needed return (None, None) # helper not known to firewalld, yet (timeout, ..) return (None, None) def _remove_helper(self, obj): if obj.name not in self._helpers: raise FirewallError(errors.INVALID_HELPER, obj.name) if obj.path != config.ETC_FIREWALLD_HELPERS: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % (obj.path, config.ETC_FIREWALLD_HELPERS)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._helpers[obj.name] def check_builtin_helper(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_HELPER, "'%s' is built-in helper" % obj.name) def remove_helper(self, obj): self.check_builtin_helper(obj) self._remove_helper(obj) def rename_helper(self, obj, name): self.check_builtin_helper(obj) new_helper = self._copy_helper(obj, name) self._remove_helper(obj) return new_helper def _copy_helper(self, obj, name): return self.new_helper(name, obj.export_config()) firewalld-0.8.2/src/firewall/core/ebtables.py0000664007115300711530000002225313641105304022334 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "ebtables" ] import os.path from firewall.core.prog import runProg from firewall.core.logger import log from firewall.functions import tempFile, readfile, splitArgs from firewall.config import COMMANDS from firewall.core import ipXtables # some common stuff lives there from firewall.errors import FirewallError, INVALID_IPV import string BUILT_IN_CHAINS = { "broute": [ "BROUTING" ], "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ], "filter": [ "INPUT", "OUTPUT", "FORWARD" ], } DEFAULT_RULES = { } LOG_RULES = { } OUR_CHAINS = {} # chains created by firewalld for table in BUILT_IN_CHAINS.keys(): DEFAULT_RULES[table] = [ ] OUR_CHAINS[table] = set() for chain in BUILT_IN_CHAINS[table]: DEFAULT_RULES[table].append("-N %s_direct" % chain) DEFAULT_RULES[table].append("-I %s 1 -j %s_direct" % (chain, chain)) DEFAULT_RULES[table].append("-I %s_direct 1 -j RETURN" % chain) OUR_CHAINS[table].add("%s_direct" % chain) class ebtables(object): ipv = "eb" name = "ebtables" zones_supported = False # ebtables only supported with direct interface def __init__(self): self._command = COMMANDS[self.ipv] self._restore_command = COMMANDS["%s-restore" % self.ipv] self.restore_noflush_option = self._detect_restore_noflush_option() self.concurrent_option = self._detect_concurrent_option() self.fill_exists() self.available_tables = [] def fill_exists(self): self.command_exists = os.path.exists(self._command) self.restore_command_exists = os.path.exists(self._restore_command) def _detect_concurrent_option(self): # Do not change any rules, just try to use the --concurrent option # with -L concurrent_option = "" ret = runProg(self._command, ["--concurrent", "-L"]) if ret[0] == 0: concurrent_option = "--concurrent" # concurrent for ebtables lock return concurrent_option def _detect_restore_noflush_option(self): # Do not change any rules, just try to use the restore command # with --noflush rules = [ ] try: self.set_rules(rules, "off") except ValueError: return False return True def __run(self, args): # convert to string list _args = [ ] if self.concurrent_option and self.concurrent_option not in args: _args.append(self.concurrent_option) _args += ["%s" % item for item in args] log.debug2("%s: %s %s", self.__class__, self._command, " ".join(_args)) (status, ret) = runProg(self._command, _args) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(args), ret)) return ret def _rule_validate(self, rule): for str in ["%%REJECT%%", "%%ICMP%%", "%%LOGTYPE%%"]: if str in rule: raise FirewallError(INVALID_IPV, "'%s' invalid for ebtables" % str) def is_chain_builtin(self, ipv, table, chain): return table in BUILT_IN_CHAINS and \ chain in BUILT_IN_CHAINS[table] def build_chain_rules(self, add, table, chain): rules = [] if add: rules.append([ "-t", table, "-N", chain ]) rules.append([ "-t", table, "-I", chain, "1", "-j", "RETURN" ]) else: rules.append([ "-t", table, "-X", chain ]) return rules def build_rule(self, add, table, chain, index, args): rule = [ "-t", table ] if add: rule += [ "-I", chain, str(index) ] else: rule += [ "-D", chain ] rule += args return rule def reverse_rule(self, args): return ipXtables.common_reverse_rule(args) def check_passthrough(self, args): ipXtables.common_check_passthrough(args) def reverse_passthrough(self, args): return ipXtables.common_reverse_passthrough(args) def set_rules(self, rules, log_denied): temp_file = tempFile() table = "filter" table_rules = { } for _rule in rules: rule = _rule[:] self._rule_validate(rule) # get table form rule for opt in [ "-t", "--table" ]: try: i = rule.index(opt) except ValueError: pass else: if len(rule) >= i+1: rule.pop(i) table = rule.pop(i) # we can not use joinArgs here, because it would use "'" instead # of '"' for the start and end of the string, this breaks # iptables-restore for i in range(len(rule)): for c in string.whitespace: if c in rule[i] and not (rule[i].startswith('"') and rule[i].endswith('"')): rule[i] = '"%s"' % rule[i] table_rules.setdefault(table, []).append(rule) for table in table_rules: temp_file.write("*%s\n" % table) for rule in table_rules[table]: temp_file.write(" ".join(rule) + "\n") temp_file.close() stat = os.stat(temp_file.name) log.debug2("%s: %s %s", self.__class__, self._restore_command, "%s: %d" % (temp_file.name, stat.st_size)) args = [ ] args.append("--noflush") (status, ret) = runProg(self._restore_command, args, stdin=temp_file.name) if log.getDebugLogLevel() > 2: lines = readfile(temp_file.name) if lines is not None: i = 1 for line in lines: log.debug3("%8d: %s" % (i, line), nofmt=1, nl=0) if not line.endswith("\n"): log.debug3("", nofmt=1) i += 1 os.unlink(temp_file.name) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._restore_command, " ".join(args), ret)) def set_rule(self, rule, log_denied): self._rule_validate(rule) return self.__run(rule) def get_available_tables(self, table=None): ret = [] tables = [ table ] if table else BUILT_IN_CHAINS.keys() for table in tables: if table in self.available_tables: ret.append(table) else: try: self.__run(["-t", table, "-L"]) self.available_tables.append(table) ret.append(table) except ValueError: log.debug1("ebtables table '%s' does not exist." % table) return ret def get_zone_table_chains(self, table): return {} def build_flush_rules(self): rules = [] for table in BUILT_IN_CHAINS.keys(): if table not in self.get_available_tables(): continue # Flush firewall rules: -F # Delete firewall chains: -X # Set counter to zero: -Z for flag in [ "-F", "-X", "-Z" ]: rules.append(["-t", table, flag]) return rules def build_set_policy_rules(self, policy): rules = [] _policy = "DROP" if policy == "PANIC" else policy for table in BUILT_IN_CHAINS.keys(): if table not in self.get_available_tables(): continue for chain in BUILT_IN_CHAINS[table]: rules.append(["-t", table, "-P", chain, _policy]) return rules def build_default_tables(self): # nothing to do, they always exist return [] def build_default_rules(self, log_denied="off"): default_rules = [] for table in DEFAULT_RULES: if table not in self.get_available_tables(): continue _default_rules = DEFAULT_RULES[table][:] if log_denied != "off" and table in LOG_RULES: _default_rules.extend(LOG_RULES[table]) prefix = [ "-t", table ] for rule in _default_rules: if type(rule) == list: default_rules.append(prefix + rule) else: default_rules.append(prefix + splitArgs(rule)) return default_rules def is_ipv_supported(self, ipv): return ipv == self.ipv firewalld-0.8.2/src/firewall/core/__init__.py0000664007115300711530000000000013341016621022274 0ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/core/fw_zone.py0000664007115300711530000021733613641106044022234 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import time from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET, \ ZONE_SOURCE_IPSET_TYPES from firewall.core.logger import log from firewall.functions import portStr, checkIPnMask, checkIP6nMask, \ checkProtocol, enable_ip_forwarding, check_single_address, check_mac, \ portInPortRange, get_nf_conntrack_short_name from firewall.core.rich import Rich_Rule, Rich_Accept, \ Rich_Mark, Rich_Service, Rich_Port, Rich_Protocol, \ Rich_Masquerade, Rich_ForwardPort, Rich_SourcePort, Rich_IcmpBlock, \ Rich_IcmpType from firewall.core.fw_transaction import FirewallTransaction from firewall import errors from firewall.errors import FirewallError from firewall.fw_types import LastUpdatedOrderedDict class FirewallZone(object): def __init__(self, fw): self._fw = fw self._chains = { } self._zones = { } def __repr__(self): return '%s(%r, %r)' % (self.__class__, self._chains, self._zones) def cleanup(self): self._chains.clear() self._zones.clear() # transaction def new_transaction(self): return FirewallTransaction(self._fw) # zones def get_zones(self): return sorted(self._zones.keys()) def get_zone_of_interface(self, interface): interface_id = self.__interface_id(interface) for zone in self._zones: if interface_id in self._zones[zone].settings["interfaces"]: # an interface can only be part of one zone return zone return None def get_zone_of_source(self, source): source_id = self.__source_id(source) for zone in self._zones: if source_id in self._zones[zone].settings["sources"]: # a source_id can only be part of one zone return zone return None def get_zone(self, zone): z = self._fw.check_zone(zone) return self._zones[z] def _first_except(self, e, f, name, *args, **kwargs): try: f(name, *args, **kwargs) except FirewallError as error: if not e: return error return e def add_zone(self, obj): obj.settings = { x : LastUpdatedOrderedDict() for x in [ "interfaces", "sources", "services", "ports", "masquerade", "forward_ports", "source_ports", "icmp_blocks", "rules", "protocols", "icmp_block_inversion" ] } self._zones[obj.name] = obj def remove_zone(self, zone): obj = self._zones[zone] if obj.applied: self.unapply_zone_settings(zone) obj.settings.clear() del self._zones[zone] def apply_zones(self, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction error = None for zone in self.get_zones(): obj = self._zones[zone] # register icmp block inversion setting but don't apply if obj.icmp_block_inversion: error = self._first_except(error, self.add_icmp_block_inversion, obj.name, use_transaction=transaction) if len(obj.interfaces) > 0 or len(obj.sources) > 0: obj.applied = True log.debug1("Applying zone '%s'", obj.name) # load zone in case of missing services, icmptypes etc. for args in obj.icmp_blocks: error = self._first_except(error, self.add_icmp_block, obj.name, args, use_transaction=transaction) for args in obj.forward_ports: error = self._first_except(error, self.add_forward_port, obj.name, *args, use_transaction=transaction) for args in obj.services: error = self._first_except(error, self.add_service, obj.name, args, use_transaction=transaction) for args in obj.ports: error = self._first_except(error, self.add_port, obj.name, *args, use_transaction=transaction) for args in obj.protocols: error = self._first_except(error, self.add_protocol, obj.name, args, use_transaction=transaction) for args in obj.source_ports: error = self._first_except(error, self.add_source_port, obj.name, *args, use_transaction=transaction) if obj.masquerade: error = self._first_except(error, self.add_masquerade, obj.name, use_transaction=transaction) for args in obj.rules: error = self._first_except(error, self.add_rule, obj.name, args, use_transaction=transaction) for args in obj.interfaces: error = self._first_except(error, self.add_interface, obj.name, args, use_transaction=transaction) for args in obj.sources: error = self._first_except(error, self.add_source, obj.name, args, use_transaction=transaction) # apply icmp accept/reject rule always if obj.applied: error = self._first_except(error, self._icmp_block_inversion, True, obj.name, transaction) if use_transaction is None: transaction.execute(True) if error: raise error def set_zone_applied(self, zone, applied): obj = self._zones[zone] obj.applied = applied # zone from chain def zone_from_chain(self, chain): if "_" not in chain: # no zone chain return None splits = chain.split("_") if len(splits) < 2: return None _chain = None for x in SHORTCUTS: if splits[0] == SHORTCUTS[x]: _chain = x if _chain is not None: # next part needs to be zone name if splits[1] not in self.get_zones(): return None if len(splits) == 2 or \ (len(splits) == 3 and splits[2] in [ "log", "deny", "allow" ]): return (splits[1], _chain) return None def create_zone_base_by_chain(self, ipv, table, chain, use_transaction=None): # Create zone base chains if the chain is reserved for a zone if ipv in [ "ipv4", "ipv6" ]: x = self.zone_from_chain(chain) if x is not None: (_zone, _chain) = x if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self.gen_chain_rules(_zone, True, [(table, _chain)], transaction) if use_transaction is None: transaction.execute(True) # dynamic chain handling def _register_chains(self, zone, create, chains): for (table, chain) in chains: if create: self._chains.setdefault(zone, { }).setdefault(table, [ ]).append(chain) else: self._chains[zone][table].remove(chain) if len(self._chains[zone][table]) == 0: del self._chains[zone][table] if len(self._chains[zone]) == 0: del self._chains[zone] # settings # generate settings record with sender, timeout def __gen_settings(self, timeout, sender): ret = { "date": time.time(), "sender": sender, "timeout": timeout, } return ret def get_settings(self, zone): return self.get_zone(zone).settings def set_settings(self, zone, settings): _obj = self.get_zone(zone) try: for key in settings: for args in settings[key]: if args in _obj.settings[key]: # do not add things, that are already active in the # zone configuration, also do not restore date, # sender and timeout continue if key == "icmp_blocks": self.add_icmp_block(zone, args) elif key == "forward_ports": self.add_forward_port(zone, *args) elif key == "services": self.add_service(zone, args) elif key == "ports": self.add_port(zone, *args) elif key == "protocols": self.add_protocol(zone, *args) elif key == "source_ports": self.add_source_port(zone, *args) elif key == "masquerade": self.add_masquerade(zone) elif key == "rules": self.add_rule(zone, Rich_Rule(rule_str=args)) elif key == "interfaces": self.change_zone_of_interface(zone, args) elif key == "sources": self.change_zone_of_source(zone, args) else: log.warning("Zone '%s': Unknown setting '%s:%s', " "unable to restore.", zone, key, args) # restore old date, sender and timeout if args in _obj.settings[key]: _obj.settings[key][args] = settings[key][args] except FirewallError as msg: log.warning(str(msg)) def __zone_settings(self, enable, zone, use_transaction=None): _zone = self._fw.check_zone(zone) obj = self._zones[_zone] if (enable and obj.applied) or (not enable and not obj.applied): return if enable: obj.applied = True if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction settings = self.get_settings(zone) for key in settings: for args in settings[key]: try: if key == "icmp_blocks": self._icmp_block(enable, _zone, args, transaction) elif key == "icmp_block_inversion": continue elif key == "forward_ports": self._forward_port(enable, _zone, transaction, *args) elif key == "services": self._service(enable, _zone, args, transaction) elif key == "ports": self._port(enable, _zone, args[0], args[1], transaction) elif key == "protocols": self._protocol(enable, _zone, args, transaction) elif key == "source_ports": self._source_port(enable, _zone, args[0], args[1], transaction) elif key == "masquerade": self._masquerade(enable, _zone, transaction) elif key == "rules": self.__rule(enable, _zone, Rich_Rule(rule_str=args), transaction) elif key == "interfaces": self._interface(enable, _zone, args, transaction) elif key == "sources": self._source(enable, _zone, args[0], args[1], transaction) else: log.warning("Zone '%s': Unknown setting '%s:%s', " "unable to apply", zone, key, args) except FirewallError as msg: log.warning(str(msg)) if enable: # add icmp rule(s) always self._icmp_block_inversion(True, obj.name, transaction) if use_transaction is None: transaction.execute(enable) def apply_zone_settings(self, zone, use_transaction=None): self.__zone_settings(True, zone, use_transaction) def unapply_zone_settings(self, zone, use_transaction=None): self.__zone_settings(False, zone, use_transaction) def unapply_zone_settings_if_unused(self, zone): obj = self._zones[zone] if len(obj.interfaces) == 0 and len(obj.sources) == 0: self.unapply_zone_settings(zone) def get_config_with_settings(self, zone): """ :return: exported config updated with runtime settings """ conf = list(self.get_zone(zone).export_config()) if conf[4] == DEFAULT_ZONE_TARGET: conf[4] = "default" conf[5] = self.list_services(zone) conf[6] = self.list_ports(zone) conf[7] = self.list_icmp_blocks(zone) conf[8] = self.query_masquerade(zone) conf[9] = self.list_forward_ports(zone) conf[10] = self.list_interfaces(zone) conf[11] = self.list_sources(zone) conf[12] = self.list_rules(zone) conf[13] = self.list_protocols(zone) conf[14] = self.list_source_ports(zone) conf[15] = self.query_icmp_block_inversion(zone) return tuple(conf) # INTERFACES def check_interface(self, interface): self._fw.check_interface(interface) def interface_get_sender(self, zone, interface): _zone = self._fw.check_zone(zone) _obj = self._zones[_zone] interface_id = self.__interface_id(interface) if interface_id in _obj.settings["interfaces"]: settings = _obj.settings["interfaces"][interface_id] if "sender" in settings and settings["sender"] is not None: return settings["sender"] return None def __interface_id(self, interface): self.check_interface(interface) return interface def add_interface(self, zone, interface, sender=None, use_transaction=None): self._fw.check_panic() _zone = self._fw.check_zone(zone) _obj = self._zones[_zone] interface_id = self.__interface_id(interface) if interface_id in _obj.settings["interfaces"]: raise FirewallError(errors.ZONE_ALREADY_SET, "'%s' already bound to '%s'" % (interface, zone)) if self.get_zone_of_interface(interface) is not None: raise FirewallError(errors.ZONE_CONFLICT, "'%s' already bound to a zone" % interface) log.debug1("Setting zone of interface '%s' to '%s'" % (interface, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if not _obj.applied: self.apply_zone_settings(zone, use_transaction=transaction) transaction.add_fail(self.set_zone_applied, _zone, False) self._interface(True, _zone, interface, transaction) self.__register_interface(_obj, interface_id, zone, sender) transaction.add_fail(self.__unregister_interface, _obj, interface_id) if use_transaction is None: transaction.execute(True) return _zone def __register_interface(self, _obj, interface_id, zone, sender): _obj.settings["interfaces"][interface_id] = \ self.__gen_settings(0, sender) # add information whether we add to default or specific zone _obj.settings["interfaces"][interface_id]["__default__"] = \ (not zone or zone == "") def change_zone_of_interface(self, zone, interface, sender=None): self._fw.check_panic() _old_zone = self.get_zone_of_interface(interface) _new_zone = self._fw.check_zone(zone) if _new_zone == _old_zone: return _old_zone if _old_zone is not None: self.remove_interface(_old_zone, interface) _zone = self.add_interface(zone, interface, sender) return _zone def change_default_zone(self, old_zone, new_zone, use_transaction=None): self._fw.check_panic() if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self.apply_zone_settings(new_zone, transaction) self._interface(True, new_zone, "+", transaction, append=True) if old_zone is not None and old_zone != "": self._interface(False, old_zone, "+", transaction, append=True) if use_transaction is None: transaction.execute(True) def remove_interface(self, zone, interface, use_transaction=None): self._fw.check_panic() zoi = self.get_zone_of_interface(interface) if zoi is None: raise FirewallError(errors.UNKNOWN_INTERFACE, "'%s' is not in any zone" % interface) _zone = zoi if zone == "" else self._fw.check_zone(zone) if zoi != _zone: raise FirewallError(errors.ZONE_CONFLICT, "remove_interface(%s, %s): zoi='%s'" % \ (zone, interface, zoi)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction _obj = self._zones[_zone] interface_id = self.__interface_id(interface) self._interface(False, _zone, interface, transaction) transaction.add_post(self.__unregister_interface, _obj, interface_id) if use_transaction is None: transaction.execute(True) # self.unapply_zone_settings_if_unused(_zone) return _zone def __unregister_interface(self, _obj, interface_id): if interface_id in _obj.settings["interfaces"]: del _obj.settings["interfaces"][interface_id] def query_interface(self, zone, interface): return self.__interface_id(interface) in self.get_settings(zone)["interfaces"] def list_interfaces(self, zone): return self.get_settings(zone)["interfaces"].keys() # SOURCES def check_source(self, source): if checkIPnMask(source): return "ipv4" elif checkIP6nMask(source): return "ipv6" elif check_mac(source): return "" elif source.startswith("ipset:"): self._check_ipset_type_for_source(source[6:]) self._check_ipset_applied(source[6:]) return self._ipset_family(source[6:]) else: raise FirewallError(errors.INVALID_ADDR, source) def __source_id(self, source): ipv = self.check_source(source) return (ipv, source) def add_source(self, zone, source, sender=None, use_transaction=None): self._fw.check_panic() _zone = self._fw.check_zone(zone) _obj = self._zones[_zone] if check_mac(source): source = source.upper() source_id = self.__source_id(source) if source_id in _obj.settings["sources"]: raise FirewallError(errors.ZONE_ALREADY_SET, "'%s' already bound to '%s'" % (source, _zone)) if self.get_zone_of_source(source) is not None: raise FirewallError(errors.ZONE_CONFLICT, "'%s' already bound to a zone" % source) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if not _obj.applied: self.apply_zone_settings(zone, use_transaction=transaction) transaction.add_fail(self.set_zone_applied, _zone, False) self._source(True, _zone, source_id[0], source_id[1], transaction) self.__register_source(_obj, source_id, zone, sender) transaction.add_fail(self.__unregister_source, _obj, source_id) if use_transaction is None: transaction.execute(True) return _zone def __register_source(self, _obj, source_id, zone, sender): _obj.settings["sources"][source_id] = \ self.__gen_settings(0, sender) # add information whether we add to default or specific zone _obj.settings["sources"][source_id]["__default__"] = (not zone or zone == "") def change_zone_of_source(self, zone, source, sender=None): self._fw.check_panic() _old_zone = self.get_zone_of_source(source) _new_zone = self._fw.check_zone(zone) if _new_zone == _old_zone: return _old_zone if check_mac(source): source = source.upper() if _old_zone is not None: self.remove_source(_old_zone, source) _zone = self.add_source(zone, source, sender) return _zone def remove_source(self, zone, source, use_transaction=None): self._fw.check_panic() if check_mac(source): source = source.upper() zos = self.get_zone_of_source(source) if zos is None: raise FirewallError(errors.UNKNOWN_SOURCE, "'%s' is not in any zone" % source) _zone = zos if zone == "" else self._fw.check_zone(zone) if zos != _zone: raise FirewallError(errors.ZONE_CONFLICT, "remove_source(%s, %s): zos='%s'" % \ (zone, source, zos)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction _obj = self._zones[_zone] source_id = self.__source_id(source) self._source(False, _zone, source_id[0], source_id[1], transaction) transaction.add_post(self.__unregister_source, _obj, source_id) if use_transaction is None: transaction.execute(True) # self.unapply_zone_settings_if_unused(_zone) return _zone def __unregister_source(self, _obj, source_id): if source_id in _obj.settings["sources"]: del _obj.settings["sources"][source_id] def query_source(self, zone, source): if check_mac(source): source = source.upper() return self.__source_id(source) in self.get_settings(zone)["sources"] def list_sources(self, zone): return [ k[1] for k in self.get_settings(zone)["sources"].keys() ] # RICH LANGUAGE def check_rule(self, rule): rule.check() def __rule_id(self, rule): self.check_rule(rule) return str(rule) def _rule_source_ipv(self, source): if not source: return None if source.addr: if checkIPnMask(source.addr): return "ipv4" elif checkIP6nMask(source.addr): return "ipv6" elif hasattr(source, "mac") and source.mac: return "" elif hasattr(source, "ipset") and source.ipset: self._check_ipset_type_for_source(source.ipset) self._check_ipset_applied(source.ipset) return self._ipset_family(source.ipset) return None def __rule(self, enable, zone, rule, transaction): self._rule_prepare(enable, zone, rule, transaction) def add_rule(self, zone, rule, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] rule_id = self.__rule_id(rule) if rule_id in _obj.settings["rules"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (rule, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self.__rule(True, _zone, rule, transaction) self.__register_rule(_obj, rule_id, timeout, sender) transaction.add_fail(self.__unregister_rule, _obj, rule_id) if use_transaction is None: transaction.execute(True) return _zone def __register_rule(self, _obj, rule_id, timeout, sender): _obj.settings["rules"][rule_id] = self.__gen_settings( timeout, sender) def remove_rule(self, zone, rule, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] rule_id = self.__rule_id(rule) if rule_id not in _obj.settings["rules"]: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (rule, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self.__rule(False, _zone, rule, transaction) transaction.add_post(self.__unregister_rule, _obj, rule_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_rule(self, _obj, rule_id): if rule_id in _obj.settings["rules"]: del _obj.settings["rules"][rule_id] def query_rule(self, zone, rule): return self.__rule_id(rule) in self.get_settings(zone)["rules"] def list_rules(self, zone): return list(self.get_settings(zone)["rules"].keys()) # SERVICES def check_service(self, service): self._fw.check_service(service) def __service_id(self, service): self.check_service(service) return service def add_service(self, zone, service, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] service_id = self.__service_id(service) if service_id in _obj.settings["services"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (service, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._service(True, _zone, service, transaction) self.__register_service(_obj, service_id, timeout, sender) transaction.add_fail(self.__unregister_service, _obj, service_id) if use_transaction is None: transaction.execute(True) return _zone def __register_service(self, _obj, service_id, timeout, sender): _obj.settings["services"][service_id] = \ self.__gen_settings(timeout, sender) def remove_service(self, zone, service, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] service_id = self.__service_id(service) if service_id not in _obj.settings["services"]: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (service, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._service(False, _zone, service, transaction) transaction.add_post(self.__unregister_service, _obj, service_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_service(self, _obj, service_id): if service_id in _obj.settings["services"]: del _obj.settings["services"][service_id] def query_service(self, zone, service): return self.__service_id(service) in self.get_settings(zone)["services"] def list_services(self, zone): return self.get_settings(zone)["services"].keys() def get_helpers_for_service_helpers(self, helpers): _helpers = [ ] for helper in helpers: try: _helper = self._fw.helper.get_helper(helper) except FirewallError: raise FirewallError(errors.INVALID_HELPER, helper) _helpers.append(_helper) return _helpers def get_helpers_for_service_modules(self, modules, enable): # If automatic helper assignment is turned off, helpers that # do not have ports defined will be replaced by the helpers # that the helper.module defines. _helpers = [ ] for module in modules: try: helper = self._fw.helper.get_helper(module) except FirewallError: raise FirewallError(errors.INVALID_HELPER, module) if len(helper.ports) < 1: _module_short_name = get_nf_conntrack_short_name(helper.module) try: _helper = self._fw.helper.get_helper(_module_short_name) _helpers.append(_helper) except FirewallError: if enable: log.warning("Helper '%s' is not available" % _module_short_name) continue else: _helpers.append(helper) return _helpers # PORTS def check_port(self, port, protocol): self._fw.check_port(port) self._fw.check_tcpudp(protocol) def __port_id(self, port, protocol): self.check_port(port, protocol) return (portStr(port, "-"), protocol) def add_port(self, zone, port, protocol, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] port_id = self.__port_id(port, protocol) if port_id in _obj.settings["ports"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s' already in '%s'" % (port, protocol, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._port(True, _zone, port, protocol, transaction) self.__register_port(_obj, port_id, timeout, sender) transaction.add_fail(self.__unregister_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _zone def __register_port(self, _obj, port_id, timeout, sender): _obj.settings["ports"][port_id] = \ self.__gen_settings(timeout, sender) def remove_port(self, zone, port, protocol, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] port_id = self.__port_id(port, protocol) if port_id not in _obj.settings["ports"]: raise FirewallError(errors.NOT_ENABLED, "'%s:%s' not in '%s'" % (port, protocol, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._port(False, _zone, port, protocol, transaction) transaction.add_post(self.__unregister_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_port(self, _obj, port_id): if port_id in _obj.settings["ports"]: del _obj.settings["ports"][port_id] def query_port(self, zone, port, protocol): if self.__port_id(port, protocol) in self.get_settings(zone)["ports"]: return True else: # It might be a single port query that is inside a range for (_port, _protocol) in self.get_settings(zone)["ports"]: if portInPortRange(port, _port) and protocol == _protocol: return True return False def list_ports(self, zone): return list(self.get_settings(zone)["ports"].keys()) # PROTOCOLS def check_protocol(self, protocol): if not checkProtocol(protocol): raise FirewallError(errors.INVALID_PROTOCOL, protocol) def __protocol_id(self, protocol): self.check_protocol(protocol) return protocol def add_protocol(self, zone, protocol, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] protocol_id = self.__protocol_id(protocol) if protocol_id in _obj.settings["protocols"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (protocol, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._protocol(True, _zone, protocol, transaction) self.__register_protocol(_obj, protocol_id, timeout, sender) transaction.add_fail(self.__unregister_protocol, _obj, protocol_id) if use_transaction is None: transaction.execute(True) return _zone def __register_protocol(self, _obj, protocol_id, timeout, sender): _obj.settings["protocols"][protocol_id] = \ self.__gen_settings(timeout, sender) def remove_protocol(self, zone, protocol, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] protocol_id = self.__protocol_id(protocol) if protocol_id not in _obj.settings["protocols"]: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (protocol, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._protocol(False, _zone, protocol, transaction) transaction.add_post(self.__unregister_protocol, _obj, protocol_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_protocol(self, _obj, protocol_id): if protocol_id in _obj.settings["protocols"]: del _obj.settings["protocols"][protocol_id] def query_protocol(self, zone, protocol): return self.__protocol_id(protocol) in self.get_settings(zone)["protocols"] def list_protocols(self, zone): return list(self.get_settings(zone)["protocols"].keys()) # SOURCE PORTS def __source_port_id(self, port, protocol): self.check_port(port, protocol) return (portStr(port, "-"), protocol) def add_source_port(self, zone, port, protocol, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] port_id = self.__source_port_id(port, protocol) if port_id in _obj.settings["source_ports"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s' already in '%s'" % (port, protocol, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._source_port(True, _zone, port, protocol, transaction) self.__register_source_port(_obj, port_id, timeout, sender) transaction.add_fail(self.__unregister_source_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _zone def __register_source_port(self, _obj, port_id, timeout, sender): _obj.settings["source_ports"][port_id] = \ self.__gen_settings(timeout, sender) def remove_source_port(self, zone, port, protocol, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] port_id = self.__source_port_id(port, protocol) if port_id not in _obj.settings["source_ports"]: raise FirewallError(errors.NOT_ENABLED, "'%s:%s' not in '%s'" % (port, protocol, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._source_port(False, _zone, port, protocol, transaction) transaction.add_post(self.__unregister_source_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_source_port(self, _obj, port_id): if port_id in _obj.settings["source_ports"]: del _obj.settings["source_ports"][port_id] def query_source_port(self, zone, port, protocol): for (_port, _protocol) in self.get_settings(zone)["source_ports"]: if portInPortRange(port, _port) and protocol == _protocol: return True return False def list_source_ports(self, zone): return list(self.get_settings(zone)["source_ports"].keys()) # MASQUERADE def __masquerade_id(self): return True def add_masquerade(self, zone, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] masquerade_id = self.__masquerade_id() if masquerade_id in _obj.settings["masquerade"]: raise FirewallError(errors.ALREADY_ENABLED, "masquerade already enabled in '%s'" % _zone) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._masquerade(True, _zone, transaction) self.__register_masquerade(_obj, masquerade_id, timeout, sender) transaction.add_fail(self.__unregister_masquerade, _obj, masquerade_id) if use_transaction is None: transaction.execute(True) return _zone def __register_masquerade(self, _obj, masquerade_id, timeout, sender): _obj.settings["masquerade"][masquerade_id] = \ self.__gen_settings(timeout, sender) def remove_masquerade(self, zone, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] masquerade_id = self.__masquerade_id() if masquerade_id not in _obj.settings["masquerade"]: raise FirewallError(errors.NOT_ENABLED, "masquerade not enabled in '%s'" % _zone) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._masquerade(False, _zone, transaction) transaction.add_post(self.__unregister_masquerade, _obj, masquerade_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_masquerade(self, _obj, masquerade_id): if masquerade_id in _obj.settings["masquerade"]: del _obj.settings["masquerade"][masquerade_id] def query_masquerade(self, zone): return self.__masquerade_id() in self.get_settings(zone)["masquerade"] # PORT FORWARDING def check_forward_port(self, ipv, port, protocol, toport=None, toaddr=None): self._fw.check_port(port) self._fw.check_tcpudp(protocol) if toport: self._fw.check_port(toport) if toaddr: if not check_single_address(ipv, toaddr): raise FirewallError(errors.INVALID_ADDR, toaddr) if not toport and not toaddr: raise FirewallError( errors.INVALID_FORWARD, "port-forwarding is missing to-port AND to-addr") def __forward_port_id(self, port, protocol, toport=None, toaddr=None): if check_single_address("ipv6", toaddr): self.check_forward_port("ipv6", port, protocol, toport, toaddr) else: self.check_forward_port("ipv4", port, protocol, toport, toaddr) return (portStr(port, "-"), protocol, portStr(toport, "-"), str(toaddr)) def add_forward_port(self, zone, port, protocol, toport=None, toaddr=None, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] forward_id = self.__forward_port_id(port, protocol, toport, toaddr) if forward_id in _obj.settings["forward_ports"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s:%s:%s' already in '%s'" % \ (port, protocol, toport, toaddr, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._forward_port(True, _zone, transaction, port, protocol, toport, toaddr) self.__register_forward_port(_obj, forward_id, timeout, sender) transaction.add_fail(self.__unregister_forward_port, _obj, forward_id) if use_transaction is None: transaction.execute(True) return _zone def __register_forward_port(self, _obj, forward_id, timeout, sender): _obj.settings["forward_ports"][forward_id] = \ self.__gen_settings(timeout, sender) def remove_forward_port(self, zone, port, protocol, toport=None, toaddr=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] forward_id = self.__forward_port_id(port, protocol, toport, toaddr) if forward_id not in _obj.settings["forward_ports"]: raise FirewallError(errors.NOT_ENABLED, "'%s:%s:%s:%s' not in '%s'" % \ (port, protocol, toport, toaddr, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._forward_port(False, _zone, transaction, port, protocol, toport, toaddr) transaction.add_post(self.__unregister_forward_port, _obj, forward_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_forward_port(self, _obj, forward_id): if forward_id in _obj.settings["forward_ports"]: del _obj.settings["forward_ports"][forward_id] def query_forward_port(self, zone, port, protocol, toport=None, toaddr=None): forward_id = self.__forward_port_id(port, protocol, toport, toaddr) return forward_id in self.get_settings(zone)["forward_ports"] def list_forward_ports(self, zone): return list(self.get_settings(zone)["forward_ports"].keys()) # ICMP BLOCK def check_icmp_block(self, icmp): self._fw.check_icmptype(icmp) def __icmp_block_id(self, icmp): self.check_icmp_block(icmp) return icmp def add_icmp_block(self, zone, icmp, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] icmp_id = self.__icmp_block_id(icmp) if icmp_id in _obj.settings["icmp_blocks"]: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (icmp, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._icmp_block(True, _zone, icmp, transaction) self.__register_icmp_block(_obj, icmp_id, timeout, sender) transaction.add_fail(self.__unregister_icmp_block, _obj, icmp_id) if use_transaction is None: transaction.execute(True) return _zone def __register_icmp_block(self, _obj, icmp_id, timeout, sender): _obj.settings["icmp_blocks"][icmp_id] = \ self.__gen_settings(timeout, sender) def remove_icmp_block(self, zone, icmp, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] icmp_id = self.__icmp_block_id(icmp) if icmp_id not in _obj.settings["icmp_blocks"]: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (icmp, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._icmp_block(False, _zone, icmp, transaction) transaction.add_post(self.__unregister_icmp_block, _obj, icmp_id) if use_transaction is None: transaction.execute(True) return _zone def __unregister_icmp_block(self, _obj, icmp_id): if icmp_id in _obj.settings["icmp_blocks"]: del _obj.settings["icmp_blocks"][icmp_id] def query_icmp_block(self, zone, icmp): return self.__icmp_block_id(icmp) in self.get_settings(zone)["icmp_blocks"] def list_icmp_blocks(self, zone): return self.get_settings(zone)["icmp_blocks"].keys() # ICMP BLOCK INVERSION def __icmp_block_inversion_id(self): return True def add_icmp_block_inversion(self, zone, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] icmp_block_inversion_id = self.__icmp_block_inversion_id() if icmp_block_inversion_id in _obj.settings["icmp_block_inversion"]: raise FirewallError( errors.ALREADY_ENABLED, "icmp-block-inversion already enabled in '%s'" % _zone) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: # undo icmp blocks for args in self.get_settings(_zone)["icmp_blocks"]: self._icmp_block(False, _zone, args, transaction) self._icmp_block_inversion(False, _zone, transaction) self.__register_icmp_block_inversion(_obj, icmp_block_inversion_id, sender) transaction.add_fail(self.__undo_icmp_block_inversion, _zone, _obj, icmp_block_inversion_id) # redo icmp blocks if _obj.applied: for args in self.get_settings(_zone)["icmp_blocks"]: self._icmp_block(True, _zone, args, transaction) self._icmp_block_inversion(True, _zone, transaction) if use_transaction is None: transaction.execute(True) return _zone def __register_icmp_block_inversion(self, _obj, icmp_block_inversion_id, sender): _obj.settings["icmp_block_inversion"][icmp_block_inversion_id] = \ self.__gen_settings(0, sender) def __undo_icmp_block_inversion(self, _zone, _obj, icmp_block_inversion_id): transaction = self.new_transaction() # undo icmp blocks if _obj.applied: for args in self.get_settings(_zone)["icmp_blocks"]: self._icmp_block(False, _zone, args, transaction) if icmp_block_inversion_id in _obj.settings["icmp_block_inversion"]: del _obj.settings["icmp_block_inversion"][icmp_block_inversion_id] # redo icmp blocks if _obj.applied: for args in self.get_settings(_zone)["icmp_blocks"]: self._icmp_block(True, _zone, args, transaction) transaction.execute(True) def remove_icmp_block_inversion(self, zone, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] icmp_block_inversion_id = self.__icmp_block_inversion_id() if icmp_block_inversion_id not in _obj.settings["icmp_block_inversion"]: raise FirewallError( errors.NOT_ENABLED, "icmp-block-inversion not enabled in '%s'" % _zone) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: # undo icmp blocks for args in self.get_settings(_zone)["icmp_blocks"]: self._icmp_block(False, _zone, args, transaction) self._icmp_block_inversion(False, _zone, transaction) self.__unregister_icmp_block_inversion(_obj, icmp_block_inversion_id) transaction.add_fail(self.__register_icmp_block_inversion, _obj, icmp_block_inversion_id, None) # redo icmp blocks if _obj.applied: for args in self.get_settings(_zone)["icmp_blocks"]: self._icmp_block(True, _zone, args, transaction) self._icmp_block_inversion(True, _zone, transaction) if use_transaction is None: transaction.execute(True) return _zone def __unregister_icmp_block_inversion(self, _obj, icmp_block_inversion_id): if icmp_block_inversion_id in _obj.settings["icmp_block_inversion"]: del _obj.settings["icmp_block_inversion"][icmp_block_inversion_id] def query_icmp_block_inversion(self, zone): return self.__icmp_block_inversion_id() in \ self.get_settings(zone)["icmp_block_inversion"] # dynamic chain handling def gen_chain_rules(self, zone, create, table, chain, transaction): if create: if zone in self._chains and \ table in self._chains[zone] and \ chain in self._chains[zone][table]: return else: if zone not in self._chains or \ table not in self._chains[zone] or \ chain not in self._chains[zone][table]: return for backend in self._fw.enabled_backends(): if backend.zones_supported and \ table in backend.get_available_tables(): rules = backend.build_zone_chain_rules(zone, table, chain) transaction.add_rules(backend, rules) self._register_chains(zone, create, [(table, chain)]) transaction.add_fail(self._register_chains, zone, create, [(table, chain)]) def _interface(self, enable, zone, interface, transaction, append=False): for backend in self._fw.enabled_backends(): if not backend.zones_supported: continue for table in backend.get_available_tables(): for chain in backend.get_zone_table_chains(table): # create needed chains if not done already if enable: transaction.add_chain(zone, table, chain) rules = backend.build_zone_source_interface_rules(enable, zone, interface, table, chain, append) transaction.add_rules(backend, rules) # IPSETS def _ipset_family(self, name): if self._fw.ipset.get_type(name) == "hash:mac": return None return self._fw.ipset.get_family(name) def __ipset_type(self, name): return self._fw.ipset.get_type(name) def _ipset_match_flags(self, name, flag): return ",".join([flag] * self._fw.ipset.get_dimension(name)) def _check_ipset_applied(self, name): return self._fw.ipset.check_applied(name) def _check_ipset_type_for_source(self, name): _type = self.__ipset_type(name) if _type not in ZONE_SOURCE_IPSET_TYPES: raise FirewallError( errors.INVALID_IPSET, "ipset '%s' with type '%s' not usable as source" % \ (name, _type)) def _source(self, enable, zone, ipv, source, transaction): # For mac source bindings ipv is an empty string, the mac source will # be added for ipv4 and ipv6 for backend in [self._fw.get_backend_by_ipv(ipv)] if ipv else self._fw.enabled_backends(): if not backend.zones_supported: continue for table in backend.get_available_tables(): for chain in backend.get_zone_table_chains(table): # create needed chains if not done already if enable: transaction.add_chain(zone, table, chain) rules = backend.build_zone_source_address_rules(enable, zone, source, table, chain) transaction.add_rules(backend, rules) def _rule_prepare(self, enable, zone, rule, transaction): if rule.family is not None: ipvs = [ rule.family ] else: ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)] source_ipv = self._rule_source_ipv(rule.source) if source_ipv is not None and source_ipv != "": if rule.family is not None: # rule family is defined by user, no way to change it if rule.family != source_ipv: raise FirewallError(errors.INVALID_RULE, "Source address family '%s' conflicts with rule family '%s'." % (source_ipv, rule.family)) else: # use the source family as rule family ipvs = [ source_ipv ] # add an element to object to allow backends to know what ipvs this applies to rule.ipvs = ipvs for backend in set([self._fw.get_backend_by_ipv(x) for x in ipvs]): # SERVICE if type(rule.element) == Rich_Service: svc = self._fw.service.get_service(rule.element.name) destinations = [] if len(svc.destination) > 0: if rule.destination: # we can not use two destinations at the same time raise FirewallError(errors.INVALID_RULE, "Destination conflict with service.") for ipv in ipvs: if ipv in svc.destination and backend.is_ipv_supported(ipv): destinations.append(svc.destination[ipv]) else: # dummy for the following for loop destinations.append(None) for destination in destinations: if enable: transaction.add_chain(zone, "filter", "INPUT") transaction.add_chain(zone, "raw", "PREROUTING") if type(rule.action) == Rich_Accept: # only load modules for accept action helpers = self.get_helpers_for_service_modules(svc.modules, enable) helpers += self.get_helpers_for_service_helpers(svc.helpers) helpers = sorted(set(helpers), key=lambda x: x.name) modules = [ ] for helper in helpers: module = helper.module _module_short_name = get_nf_conntrack_short_name(module) nat_module = module.replace("conntrack", "nat") modules.append(nat_module) if helper.family != "" and not backend.is_ipv_supported(helper.family): # no support for family ipv, continue continue if len(helper.ports) < 1: modules.append(module) else: for (port,proto) in helper.ports: rules = backend.build_zone_helper_ports_rules( enable, zone, proto, port, destination, helper.name, _module_short_name) transaction.add_rules(backend, rules) transaction.add_modules(modules) # create rules for (port,proto) in svc.ports: if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_ports_rules( enable, zone, proto, port, destination, rule) transaction.add_rules(backend, rules) for proto in svc.protocols: if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_protocol_rules( enable, zone, proto, destination, rule) transaction.add_rules(backend, rules) # create rules for (port,proto) in svc.source_ports: if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_source_ports_rules( enable, zone, proto, port, destination, rule) transaction.add_rules(backend, rules) # PORT elif type(rule.element) == Rich_Port: port = rule.element.port protocol = rule.element.protocol self.check_port(port, protocol) if enable: transaction.add_chain(zone, "filter", "INPUT") if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_ports_rules( enable, zone, protocol, port, None, rule) transaction.add_rules(backend, rules) # PROTOCOL elif type(rule.element) == Rich_Protocol: protocol = rule.element.value self.check_protocol(protocol) if enable: transaction.add_chain(zone, "filter", "INPUT") if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_protocol_rules( enable, zone, protocol, None, rule) transaction.add_rules(backend, rules) # MASQUERADE elif type(rule.element) == Rich_Masquerade: if enable: transaction.add_chain(zone, "nat", "POSTROUTING") transaction.add_chain(zone, "filter", "FORWARD_OUT") for ipv in ipvs: if backend.is_ipv_supported(ipv): transaction.add_post(enable_ip_forwarding, ipv) rules = backend.build_zone_masquerade_rules(enable, zone, rule) transaction.add_rules(backend, rules) # FORWARD PORT elif type(rule.element) == Rich_ForwardPort: port = rule.element.port protocol = rule.element.protocol toport = rule.element.to_port toaddr = rule.element.to_address for ipv in ipvs: if backend.is_ipv_supported(ipv): self.check_forward_port(ipv, port, protocol, toport, toaddr) if toaddr and enable: transaction.add_post(enable_ip_forwarding, ipv) if enable: transaction.add_chain(zone, "nat", "PREROUTING") rules = backend.build_zone_forward_port_rules( enable, zone, port, protocol, toport, toaddr, rule) transaction.add_rules(backend, rules) # SOURCE PORT elif type(rule.element) == Rich_SourcePort: port = rule.element.port protocol = rule.element.protocol self.check_port(port, protocol) if enable: transaction.add_chain(zone, "filter", "INPUT") if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_source_ports_rules( enable, zone, protocol, port, None, rule) transaction.add_rules(backend, rules) # ICMP BLOCK and ICMP TYPE elif type(rule.element) == Rich_IcmpBlock or \ type(rule.element) == Rich_IcmpType: ict = self._fw.icmptype.get_icmptype(rule.element.name) if type(rule.element) == Rich_IcmpBlock and \ rule.action and type(rule.action) == Rich_Accept: # icmp block might have reject or drop action, but not accept raise FirewallError(errors.INVALID_RULE, "IcmpBlock not usable with accept action") if ict.destination: for ipv in ipvs: if ipv in ict.destination \ and not backend.is_ipv_supported(ipv): raise FirewallError( errors.INVALID_RULE, "Icmp%s %s not usable with %s" % \ ("Block" if type(rule.element) == \ Rich_IcmpBlock else "Type", rule.element.name, backend.name)) table = "filter" if enable: transaction.add_chain(zone, table, "INPUT") transaction.add_chain(zone, table, "FORWARD_IN") rules = backend.build_zone_icmp_block_rules(enable, zone, ict, rule) transaction.add_rules(backend, rules) elif rule.element is None: if enable: transaction.add_chain(zone, "filter", "INPUT") if enable and type(rule.action) == Rich_Mark: transaction.add_chain(zone, "mangle", "PREROUTING") rules = backend.build_zone_rich_source_destination_rules( enable, zone, rule) transaction.add_rules(backend, rules) # EVERYTHING ELSE else: raise FirewallError(errors.INVALID_RULE, "Unknown element %s" % type(rule.element)) def _service(self, enable, zone, service, transaction, included_services=None): svc = self._fw.service.get_service(service) helpers = self.get_helpers_for_service_modules(svc.modules, enable) helpers += self.get_helpers_for_service_helpers(svc.helpers) helpers = sorted(set(helpers), key=lambda x: x.name) # First apply any services this service may include if included_services is None: included_services = [service] for include in svc.includes: if include in included_services: continue self.check_service(include) included_services.append(include) self._service(enable, zone, include, transaction, included_services=included_services) if enable: transaction.add_chain(zone, "raw", "PREROUTING") transaction.add_chain(zone, "filter", "INPUT") # build a list of (backend, destination). The destination may be ipv4, # ipv6 or None # backends_ipv = [] for ipv in ["ipv4", "ipv6"]: if not self._fw.is_ipv_enabled(ipv): continue backend = self._fw.get_backend_by_ipv(ipv) if len(svc.destination) > 0: if ipv in svc.destination: backends_ipv.append((backend, svc.destination[ipv])) else: if (backend, None) not in backends_ipv: backends_ipv.append((backend, None)) for (backend,destination) in backends_ipv: for helper in helpers: module = helper.module _module_short_name = get_nf_conntrack_short_name(module) nat_module = helper.module.replace("conntrack", "nat") transaction.add_module(nat_module) if helper.family != "" and not backend.is_ipv_supported(helper.family): # no support for family ipv, continue continue if len(helper.ports) < 1: transaction.add_module(module) else: for (port,proto) in helper.ports: rules = backend.build_zone_helper_ports_rules( enable, zone, proto, port, destination, helper.name, _module_short_name) transaction.add_rules(backend, rules) for (port,proto) in svc.ports: rules = backend.build_zone_ports_rules(enable, zone, proto, port, destination) transaction.add_rules(backend, rules) for protocol in svc.protocols: rules = backend.build_zone_protocol_rules( enable, zone, protocol, destination) transaction.add_rules(backend, rules) for (port,proto) in svc.source_ports: rules = backend.build_zone_source_ports_rules( enable, zone, proto, port, destination) transaction.add_rules(backend, rules) def _port(self, enable, zone, port, protocol, transaction): if enable: transaction.add_chain(zone, "filter", "INPUT") for backend in self._fw.enabled_backends(): if not backend.zones_supported: continue rules = backend.build_zone_ports_rules(enable, zone, protocol, port) transaction.add_rules(backend, rules) def _protocol(self, enable, zone, protocol, transaction): if enable: transaction.add_chain(zone, "filter", "INPUT") for backend in self._fw.enabled_backends(): if not backend.zones_supported: continue rules = backend.build_zone_protocol_rules(enable, zone, protocol) transaction.add_rules(backend, rules) def _source_port(self, enable, zone, port, protocol, transaction): if enable: transaction.add_chain(zone, "filter", "INPUT") for backend in self._fw.enabled_backends(): if not backend.zones_supported: continue rules = backend.build_zone_source_ports_rules(enable, zone, protocol, port) transaction.add_rules(backend, rules) def _masquerade(self, enable, zone, transaction): if enable: transaction.add_chain(zone, "nat", "POSTROUTING") transaction.add_chain(zone, "filter", "FORWARD_OUT") ipv = "ipv4" transaction.add_post(enable_ip_forwarding, ipv) backend = self._fw.get_backend_by_ipv(ipv) rules = backend.build_zone_masquerade_rules(enable, zone) transaction.add_rules(backend, rules) def _forward_port(self, enable, zone, transaction, port, protocol, toport=None, toaddr=None): if check_single_address("ipv6", toaddr): ipv = "ipv6" else: ipv = "ipv4" if enable: transaction.add_chain(zone, "nat", "PREROUTING") if toaddr and enable: transaction.add_post(enable_ip_forwarding, ipv) backend = self._fw.get_backend_by_ipv(ipv) rules = backend.build_zone_forward_port_rules( enable, zone, port, protocol, toport, toaddr) transaction.add_rules(backend, rules) def _icmp_block(self, enable, zone, icmp, transaction): ict = self._fw.icmptype.get_icmptype(icmp) if enable: transaction.add_chain(zone, "filter", "INPUT") transaction.add_chain(zone, "filter", "FORWARD_IN") for backend in self._fw.enabled_backends(): if not backend.zones_supported: continue skip_backend = False if ict.destination: for ipv in ["ipv4", "ipv6"]: if ipv in ict.destination: if not backend.is_ipv_supported(ipv): skip_backend = True break if skip_backend: continue rules = backend.build_zone_icmp_block_rules(enable, zone, ict) transaction.add_rules(backend, rules) def _icmp_block_inversion(self, enable, zone, transaction): target = self._zones[zone].target # Do not add general icmp accept rules into a trusted, block or drop # zone. if target in [ "DROP", "%%REJECT%%", "REJECT" ]: return if not self.query_icmp_block_inversion(zone) and target == "ACCEPT": # ibi target and zone target are ACCEPT, no need to add an extra # rule return transaction.add_chain(zone, "filter", "INPUT") transaction.add_chain(zone, "filter", "FORWARD_IN") for backend in self._fw.enabled_backends(): if not backend.zones_supported: continue rules = backend.build_zone_icmp_block_inversion_rules(enable, zone) transaction.add_rules(backend, rules) firewalld-0.8.2/src/firewall/core/icmp.py0000664007115300711530000000603513341016621021503 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2017 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "ICMP_TYPES", "ICMPV6_TYPES", "check_icmp_type", "check_icmpv6_type" ] ICMP_TYPES = { "echo-reply": "0/0", "pong": "0/0", "network-unreachable": "3/0", "host-unreachable": "3/1", "protocol-unreachable": "3/2", "port-unreachable": "3/3", "fragmentation-needed": "3/4", "source-route-failed": "3/5", "network-unknown": "3/6", "host-unknown": "3/7", "network-prohibited": "3/9", "host-prohibited": "3/10", "TOS-network-unreachable": "3/11", "TOS-host-unreachable": "3/12", "communication-prohibited": "3/13", "host-precedence-violation": "3/14", "precedence-cutoff": "3/15", "source-quench": "4/0", "network-redirect": "5/0", "host-redirect": "5/1", "TOS-network-redirect": "5/2", "TOS-host-redirect": "5/3", "echo-request": "8/0", "ping": "8/0", "router-advertisement": "9/0", "router-solicitation": "10/0", "ttl-zero-during-transit": "11/0", "ttl-zero-during-reassembly": "11/1", "ip-header-bad": "12/0", "required-option-missing": "12/1", "timestamp-request": "13/0", "timestamp-reply": "14/0", "address-mask-request": "17/0", "address-mask-reply": "18/0", } ICMPV6_TYPES = { "no-route": "1/0", "communication-prohibited": "1/1", "address-unreachable": "1/3", "port-unreachable": "1/4", "packet-too-big": "2/0", "ttl-zero-during-transit": "3/0", "ttl-zero-during-reassembly": "3/1", "bad-header": "4/0", "unknown-header-type": "4/1", "unknown-option": "4/2", "echo-request": "128/0", "ping": "128/0", "echo-reply": "129/0", "pong": "129/0", "router-solicitation": "133/0", "router-advertisement": "134/0", "neighbour-solicitation": "135/0", "neigbour-solicitation": "135/0", "neighbour-advertisement": "136/0", "neigbour-advertisement": "136/0", "redirect": "137/0", } def check_icmp_name(_name): if _name in ICMP_TYPES: return True return False def check_icmp_type(_type): if _type in ICMP_TYPES.values(): return True return False def check_icmpv6_name(_name): if _name in ICMP_TYPES: return True return False def check_icmpv6_type(_type): if _type in ICMPV6_TYPES.values(): return True return False firewalld-0.8.2/src/firewall/core/logger.py0000664007115300711530000007447613614563155022064 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2005-2007,2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "LogTarget", "FileLog", "Logger", "log" ] import sys import types import time import inspect import fnmatch import syslog import traceback import fcntl import os.path import os # --------------------------------------------------------------------------- # abstract class for logging targets class LogTarget(object): """ Abstract class for logging targets. """ def __init__(self): self.fd = None def write(self, data, level, logger, is_debug=0): raise NotImplementedError("LogTarget.write is an abstract method") def flush(self): raise NotImplementedError("LogTarget.flush is an abstract method") def close(self): raise NotImplementedError("LogTarget.close is an abstract method") # --------------------------------------------------------------------------- # private class for stdout class _StdoutLog(LogTarget): def __init__(self): LogTarget.__init__(self) self.fd = sys.stdout def write(self, data, level, logger, is_debug=0): # ignore level self.fd.write(data) self.flush() def close(self): self.flush() def flush(self): self.fd.flush() # --------------------------------------------------------------------------- # private class for stderr class _StderrLog(_StdoutLog): def __init__(self): _StdoutLog.__init__(self) self.fd = sys.stderr # --------------------------------------------------------------------------- # private class for syslog class _SyslogLog(LogTarget): def __init__(self): # Only initialize LogTarget here as fs should be None LogTarget.__init__(self) # # Derived from: https://github.com/canvon/firewalld/commit/af0edfee1cc1891b7b13f302ca5911b24e9b0f13 # # Work around Python issue 27875, "Syslogs /usr/sbin/foo as /foo # instead of as foo" # (but using openlog explicitly might be better anyway) # # Set ident to basename, log PID as well, and log to facility "daemon". syslog.openlog(os.path.basename(sys.argv[0]), syslog.LOG_PID, syslog.LOG_DAEMON) def write(self, data, level, logger, is_debug=0): priority = None if is_debug: priority = syslog.LOG_DEBUG else: if level >= logger.INFO1: priority = syslog.LOG_INFO elif level == logger.WARNING: priority = syslog.LOG_WARNING elif level == logger.ERROR: priority = syslog.LOG_ERR elif level == logger.FATAL: priority = syslog.LOG_CRIT if data.endswith("\n"): data = data[:len(data)-1] if len(data) > 0: if priority is None: syslog.syslog(data) else: syslog.syslog(priority, data) def close(self): syslog.closelog() def flush(self): pass # --------------------------------------------------------------------------- class FileLog(LogTarget): """ FileLog class. File will be opened on the first write. """ def __init__(self, filename, mode="w"): LogTarget.__init__(self) self.filename = filename self.mode = mode def open(self): if self.fd: return flags = os.O_CREAT | os.O_WRONLY if self.mode.startswith('a'): flags |= os.O_APPEND self.fd = os.open(self.filename, flags, 0o640) # Make sure that existing file has correct perms os.fchmod(self.fd, 0o640) # Make it an object self.fd = os.fdopen(self.fd, self.mode) fcntl.fcntl(self.fd, fcntl.F_SETFD, fcntl.FD_CLOEXEC) def write(self, data, level, logger, is_debug=0): if not self.fd: self.open() self.fd.write(data) self.fd.flush() def close(self): if not self.fd: return self.fd.close() self.fd = None def flush(self): if not self.fd: return self.fd.flush() # --------------------------------------------------------------------------- class Logger(object): r""" Format string: %(class)s Calling class the function belongs to, else empty %(date)s Date using Logger.date_format, see time module %(domain)s Full Domain: %(module)s.%(class)s.%(function)s %(file)s Filename of the module %(function)s Function name, empty in __main__ %(label)s Label according to log function call from Logger.label %(level)d Internal logging level %(line)d Line number in module %(module)s Module name %(message)s Log message Standard levels: FATAL Fatal error messages ERROR Error messages WARNING Warning messages INFOx, x in [1..5] Information DEBUGy, y in [1..10] Debug messages NO_INFO No info output NO_DEBUG No debug output INFO_MAX Maximum info level DEBUG_MAX Maximum debug level x and y depend on info_max and debug_max from Logger class initialization. See __init__ function. Default logging targets: stdout Logs to stdout stderr Logs to stderr syslog Logs to syslog Additional arguments for logging functions (fatal, error, warning, info and debug): nl Disable newline at the end with nl=0, default is nl=1. fmt Format string for this logging entry, overloads global format string. Example: fmt="%(file)s:%(line)d %(message)s" nofmt Only output message with nofmt=1. The nofmt argument wins over the fmt argument. Example: from logger import log log.setInfoLogLevel(log.INFO1) log.setDebugLogLevel(log.DEBUG1) for i in range(1, log.INFO_MAX+1): log.setInfoLogLabel(i, "INFO%d: " % i) log.setFormat("%(date)s %(module)s:%(line)d [%(domain)s] %(label)s: " "%(level)d %(message)s") log.setDateFormat("%Y-%m-%d %H:%M:%S") fl = FileLog("/tmp/log", "a") log.addInfoLogging("*", fl) log.addDebugLogging("*", fl) log.addInfoLogging("*", log.syslog, fmt="%(label)s%(message)s") log.debug3("debug3") log.debug2("debug2") log.debug1("debug1") log.info2("info2") log.info1("info1") log.warning("warning\n", nl=0) log.error("error\n", nl=0) log.fatal("fatal") log.info(log.INFO1, "nofmt info", nofmt=1) """ ALL = -5 NOTHING = -4 FATAL = -3 TRACEBACK = -2 ERROR = -1 WARNING = 0 # Additional levels are generated in class initilization stdout = _StdoutLog() stderr = _StderrLog() syslog = _SyslogLog() def __init__(self, info_max=5, debug_max=10): """ Logger class initialization """ self._level = { } self._debug_level = { } self._format = "" self._date_format = "" self._label = { } self._debug_label = { } self._logging = { } self._debug_logging = { } self._domains = { } self._debug_domains = { } # INFO1 is required for standard log level if info_max < 1: raise ValueError("Logger: info_max %d is too low" % info_max) if debug_max < 0: raise ValueError("Logger: debug_max %d is too low" % debug_max) self.NO_INFO = self.WARNING # = 0 self.INFO_MAX = info_max self.NO_DEBUG = 0 self.DEBUG_MAX = debug_max self.setInfoLogLabel(self.FATAL, "FATAL ERROR: ") self.setInfoLogLabel(self.TRACEBACK, "") self.setInfoLogLabel(self.ERROR, "ERROR: ") self.setInfoLogLabel(self.WARNING, "WARNING: ") # generate info levels and infox functions for _level in range(1, self.INFO_MAX+1): setattr(self, "INFO%d" % _level, _level) self.setInfoLogLabel(_level, "") setattr(self, "info%d" % (_level), (lambda self, x: lambda message, *args, **kwargs: self.info(x, message, *args, **kwargs))(self, _level)) # pylint: disable=E0602 # generate debug levels and debugx functions for _level in range(1, self.DEBUG_MAX+1): setattr(self, "DEBUG%d" % _level, _level) self.setDebugLogLabel(_level, "DEBUG%d: " % _level) setattr(self, "debug%d" % (_level), (lambda self, x: lambda message, *args, **kwargs: self.debug(x, message, *args, **kwargs))(self, _level)) # pylint: disable=E0602 # set initial log levels, formats and targets self.setInfoLogLevel(self.INFO1) self.setDebugLogLevel(self.NO_DEBUG) self.setFormat("%(label)s%(message)s") self.setDateFormat("%d %b %Y %H:%M:%S") self.setInfoLogging("*", self.stderr, [ self.FATAL, self.ERROR, self.WARNING ]) self.setInfoLogging("*", self.stdout, [ i for i in range(self.INFO1, self.INFO_MAX+1) ]) self.setDebugLogging("*", self.stdout, [ i for i in range(1, self.DEBUG_MAX+1) ]) def close(self): """ Close all logging targets """ for level in range(self.FATAL, self.DEBUG_MAX+1): if level not in self._logging: continue for (dummy, target, dummy) in self._logging[level]: target.close() def getInfoLogLevel(self, domain="*"): """ Get info log level. """ self._checkDomain(domain) if domain in self._level: return self._level[domain] return self.NOTHING def setInfoLogLevel(self, level, domain="*"): """ Set log level [NOTHING .. INFO_MAX] """ self._checkDomain(domain) if level < self.NOTHING: level = self.NOTHING if level > self.INFO_MAX: level = self.INFO_MAX self._level[domain] = level def getDebugLogLevel(self, domain="*"): """ Get debug log level. """ self._checkDomain(domain) if domain in self._debug_level: return self._debug_level[domain] + self.NO_DEBUG return self.NO_DEBUG def setDebugLogLevel(self, level, domain="*"): """ Set debug log level [NO_DEBUG .. DEBUG_MAX] """ self._checkDomain(domain) if level < 0: level = 0 if level > self.DEBUG_MAX: level = self.DEBUG_MAX self._debug_level[domain] = level - self.NO_DEBUG def getFormat(self): return self._format def setFormat(self, _format): self._format = _format def getDateFormat(self): return self._date_format def setDateFormat(self, _format): self._date_format = _format def setInfoLogLabel(self, level, label): """ Set log label for level. Level can be a single level or an array of levels. """ levels = self._getLevels(level) for level in levels: self._checkLogLevel(level, min_level=self.FATAL, max_level=self.INFO_MAX) self._label[level] = label def setDebugLogLabel(self, level, label): """ Set log label for level. Level can be a single level or an array of levels. """ levels = self._getLevels(level, is_debug=1) for level in levels: self._checkLogLevel(level, min_level=self.INFO1, max_level=self.DEBUG_MAX) self._debug_label[level] = label def setInfoLogging(self, domain, target, level=ALL, fmt=None): """ Set info log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._setLogging(domain, target, level, fmt, is_debug=0) def setDebugLogging(self, domain, target, level=ALL, fmt=None): """ Set debug log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._setLogging(domain, target, level, fmt, is_debug=1) def addInfoLogging(self, domain, target, level=ALL, fmt=None): """ Add info log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._addLogging(domain, target, level, fmt, is_debug=0) def addDebugLogging(self, domain, target, level=ALL, fmt=None): """ Add debg log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._addLogging(domain, target, level, fmt, is_debug=1) def delInfoLogging(self, domain, target, level=ALL, fmt=None): """ Delete info log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._delLogging(domain, target, level, fmt, is_debug=0) def delDebugLogging(self, domain, target, level=ALL, fmt=None): """ Delete debug log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._delLogging(domain, target, level, fmt, is_debug=1) def isInfoLoggingHere(self, level): """ Is there currently any info logging for this log level (and domain)? """ return self._isLoggingHere(level, is_debug=0) def isDebugLoggingHere(self, level): """ Is there currently any debug logging for this log level (and domain)? """ return self._isLoggingHere(level, is_debug=1) ### log functions def fatal(self, _format, *args, **kwargs): """ Fatal error log. """ self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(self.FATAL, _format, *args, **kwargs) def error(self, _format, *args, **kwargs): """ Error log. """ self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(self.ERROR, _format, *args, **kwargs) def warning(self, _format, *args, **kwargs): """ Warning log. """ self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(self.WARNING, _format, *args, **kwargs) def info(self, level, _format, *args, **kwargs): """ Information log using info level [1..info_max]. There are additional infox functions according to info_max from __init__""" self._checkLogLevel(level, min_level=1, max_level=self.INFO_MAX) self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(level+self.NO_INFO, _format, *args, **kwargs) def debug(self, level, _format, *args, **kwargs): """ Debug log using debug level [1..debug_max]. There are additional debugx functions according to debug_max from __init__""" self._checkLogLevel(level, min_level=1, max_level=self.DEBUG_MAX) self._checkKWargs(kwargs) kwargs["is_debug"] = 1 self._log(level, _format, *args, **kwargs) def exception(self): self._log(self.TRACEBACK, traceback.format_exc(), args=[], kwargs={}) ### internal functions def _checkLogLevel(self, level, min_level, max_level): if level < min_level or level > max_level: raise ValueError("Level %d out of range, should be [%d..%d]." % \ (level, min_level, max_level)) def _checkKWargs(self, kwargs): if not kwargs: return for key in kwargs.keys(): if key not in [ "nl", "fmt", "nofmt" ]: raise ValueError("Key '%s' is not allowed as argument for logging." % key) def _checkDomain(self, domain): if not domain or domain == "": raise ValueError("Domain '%s' is not valid." % domain) def _getLevels(self, level, is_debug=0): """ Generate log level array. """ if level != self.ALL: if isinstance(level, list) or isinstance(level, tuple): levels = level else: levels = [ level ] for level in levels: if is_debug: self._checkLogLevel(level, min_level=1, max_level=self.DEBUG_MAX) else: self._checkLogLevel(level, min_level=self.FATAL, max_level=self.INFO_MAX) else: if is_debug: levels = [ i for i in range(self.DEBUG1, self.DEBUG_MAX) ] else: levels = [ i for i in range(self.FATAL, self.INFO_MAX) ] return levels def _getTargets(self, target): """ Generate target array. """ if isinstance(target, list) or isinstance(target, tuple): targets = target else: targets = [ target ] for _target in targets: if not issubclass(_target.__class__, LogTarget): raise ValueError("'%s' is no valid logging target." % \ _target.__class__.__name__) return targets def _genDomains(self, is_debug=0): # private method for self._domains array creation, speeds up """ Generate dict with domain by level. """ if is_debug: _domains = self._debug_domains _logging = self._debug_logging _range = ( 1, self.DEBUG_MAX+1 ) else: _domains = self._domains _logging = self._logging _range = ( self.FATAL, self.INFO_MAX+1 ) if len(_domains) > 0: _domains.clear() for level in range(_range[0], _range[1]): if level not in _logging: continue for (domain, dummy, dummy) in _logging[level]: if domain not in _domains: _domains.setdefault(level, [ ]).append(domain) def _setLogging(self, domain, target, level=ALL, fmt=None, is_debug=0): self._checkDomain(domain) levels = self._getLevels(level, is_debug) targets = self._getTargets(target) if is_debug: _logging = self._debug_logging else: _logging = self._logging for level in levels: for target in targets: _logging[level] = [ (domain, target, fmt) ] self._genDomains(is_debug) def _addLogging(self, domain, target, level=ALL, fmt=None, is_debug=0): self._checkDomain(domain) levels = self._getLevels(level, is_debug) targets = self._getTargets(target) if is_debug: _logging = self._debug_logging else: _logging = self._logging for level in levels: for target in targets: _logging.setdefault(level, [ ]).append((domain, target, fmt)) self._genDomains(is_debug) def _delLogging(self, domain, target, level=ALL, fmt=None, is_debug=0): self._checkDomain(domain) levels = self._getLevels(level, is_debug) targets = self._getTargets(target) if is_debug: _logging = self._debug_logging else: _logging = self._logging for _level in levels: for target in targets: if _level not in _logging: continue if (domain, target, fmt) in _logging[_level]: _logging[_level].remove( (domain, target, fmt) ) if len(_logging[_level]) == 0: del _logging[_level] continue if level != self.ALL: raise ValueError("No mathing logging for " \ "level %d, domain %s, target %s and format %s." % \ (_level, domain, target.__class__.__name__, fmt)) self._genDomains(is_debug) def _isLoggingHere(self, level, is_debug=0): _dict = self._genDict(level, is_debug) if not _dict: return False point_domain = _dict["domain"] + "." if is_debug: _logging = self._debug_logging else: _logging = self._logging # do we need to log? for (domain, dummy, dummy) in _logging[level]: if domain == "*" or \ point_domain.startswith(domain) or \ fnmatch.fnmatchcase(_dict["domain"], domain): return True return False def _getClass(self, frame): """ Function to get calling class. Returns class or None. """ # get class by first function argument, if there are any if frame.f_code.co_argcount > 0: selfname = frame.f_code.co_varnames[0] if selfname in frame.f_locals: _self = frame.f_locals[selfname] obj = self._getClass2(_self.__class__, frame.f_code) if obj: return obj module = inspect.getmodule(frame.f_code) code = frame.f_code # function in module? if code.co_name in module.__dict__: if hasattr(module.__dict__[code.co_name], "func_code") and \ module.__dict__[code.co_name].__code__ == code: return None # class in module for (dummy, obj) in module.__dict__.items(): if isinstance(obj, types.ClassType): if hasattr(obj, code.co_name): value = getattr(obj, code.co_name) if isinstance(value, types.FunctionType): if value.__code__ == code: return obj # nothing found return None def _getClass2(self, obj, code): """ Internal function to get calling class. Returns class or None. """ for value in obj.__dict__.values(): if isinstance(value, types.FunctionType): if value.__code__ == code: return obj for base in obj.__bases__: _obj = self._getClass2(base, code) if _obj: return _obj return None # internal log class def _log(self, level, _format, *args, **kwargs): is_debug = 0 if "is_debug" in kwargs: is_debug = kwargs["is_debug"] nl = 1 if "nl" in kwargs: nl = kwargs["nl"] nofmt = 0 if "nofmt" in kwargs: nofmt = kwargs["nofmt"] _dict = self._genDict(level, is_debug) if not _dict: return if len(args) > 1: _dict['message'] = _format % args elif len(args) == 1: # needed for _format % _dict _dict['message'] = _format % args[0] else: _dict['message'] = _format point_domain = _dict["domain"] + "." if is_debug: _logging = self._debug_logging else: _logging = self._logging used_targets = [ ] # log to target(s) for (domain, target, _format) in _logging[level]: if target in used_targets: continue if domain == "*" \ or point_domain.startswith(domain+".") \ or fnmatch.fnmatchcase(_dict["domain"], domain): if not _format: _format = self._format if "fmt" in kwargs: _format = kwargs["fmt"] if nofmt: target.write(_dict["message"], level, self, is_debug) else: target.write(_format % _dict, level, self, is_debug) if nl: # newline target.write("\n", level, self, is_debug) used_targets.append(target) # internal function to generate the dict, needed for logging def _genDict(self, level, is_debug=0): """ Internal function. """ check_domains = [ ] simple_match = False if is_debug: _dict = self._debug_level _domains = self._debug_domains _label = self._debug_label else: _dict = self._level _domains = self._domains _label = self._label # no debug for domain in _dict: if domain == "*": # '*' matches everything: simple match if _dict[domain] >= level: simple_match = True if len(check_domains) > 0: check_domains = [ ] break else: if _dict[domain] >= level: check_domains.append(domain) if not simple_match and len(check_domains) < 1: return None if level not in _domains: return None f = inspect.currentframe() # go outside of logger module as long as there is a lower frame while f and f.f_back and f.f_globals["__name__"] == self.__module__: f = f.f_back if not f: raise ValueError("Frame information not available.") # get module name module_name = f.f_globals["__name__"] # simple module match test for all entries of check_domain point_module = module_name + "." for domain in check_domains: if point_module.startswith(domain): # found domain in module name check_domains = [ ] break # get code co = f.f_code # optimization: bail out early if domain can not match at all _len = len(module_name) for domain in _domains[level]: i = domain.find("*") if i == 0: continue elif i > 0: d = domain[:i] else: d = domain if _len >= len(d): if not module_name.startswith(d): return None else: if not d.startswith(module_name): return None # generate _dict for format output level_str = "" if level in _label: level_str = _label[level] _dict = { 'file': co.co_filename, 'line': f.f_lineno, 'module': module_name, 'class': '', 'function': co.co_name, 'domain': '', 'label' : level_str, 'level' : level, 'date' : time.strftime(self._date_format, time.localtime()) } if _dict["function"] == "?": _dict["function"] = "" # domain match needed? domain_needed = False for domain in _domains[level]: # standard domain, matches everything if domain == "*": continue # domain is needed domain_needed = True break # do we need to get the class object? if self._format.find("%(domain)") >= 0 or \ self._format.find("%(class)") >= 0 or \ domain_needed or \ len(check_domains) > 0: obj = self._getClass(f) if obj: _dict["class"] = obj.__name__ # build domain string _dict["domain"] = "" + _dict["module"] if _dict["class"] != "": _dict["domain"] += "." + _dict["class"] if _dict["function"] != "": _dict["domain"] += "." + _dict["function"] if len(check_domains) < 1: return _dict point_domain = _dict["domain"] + "." for domain in check_domains: if point_domain.startswith(domain) or \ fnmatch.fnmatchcase(_dict["domain"], domain): return _dict return None # --------------------------------------------------------------------------- # Global logging object. log = Logger() # --------------------------------------------------------------------------- """ # Example if __name__ == '__main__': log.setInfoLogLevel(log.INFO2) log.setDebugLogLevel(log.DEBUG5) for i in range(log.INFO1, log.INFO_MAX+1): log.setInfoLogLabel(i, "INFO%d: " % i) for i in range(log.DEBUG1, log.DEBUG_MAX+1): log.setDebugLogLabel(i, "DEBUG%d: " % i) log.setFormat("%(date)s %(module)s:%(line)d %(label)s" "%(message)s") log.setDateFormat("%Y-%m-%d %H:%M:%S") fl = FileLog("/tmp/log", "a") log.addInfoLogging("*", fl) log.delDebugLogging("*", log.stdout) log.setDebugLogging("*", log.stdout, [ log.DEBUG1, log.DEBUG2 ] ) log.addDebugLogging("*", fl) # log.addInfoLogging("*", log.syslog, fmt="%(label)s%(message)s") # log.addDebugLogging("*", log.syslog, fmt="%(label)s%(message)s") log.debug10("debug10") log.debug9("debug9") log.debug8("debug8") log.debug7("debug7") log.debug6("debug6") log.debug5("debug5") log.debug4("debug4") log.debug3("debug3") log.debug2("debug2", fmt="%(file)s:%(line)d %(message)s") log.debug1("debug1", nofmt=1) log.info5("info5") log.info4("info4") log.info3("info3") log.info2("info2") log.info1("info1") log.warning("warning\n", nl=0) log.error("error ", nl=0) log.error("error", nofmt=1) log.fatal("fatal") log.info(log.INFO1, "nofmt info", nofmt=1) log.info(log.INFO2, "info2 fmt", fmt="%(file)s:%(line)d %(message)s") try: a = b except Exception as e: log.exception() """ # vim:ts=4:sw=4:showmatch:expandtab firewalld-0.8.2/src/firewall/core/base.py0000664007115300711530000000367613641105304021475 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Base firewall settings""" DEFAULT_ZONE_TARGET = "{chain}_{zone}" ZONE_TARGETS = [ "ACCEPT", "%%REJECT%%", "DROP", DEFAULT_ZONE_TARGET, "default" ] SHORTCUTS = { "PREROUTING": "PRE", "POSTROUTING": "POST", "INPUT": "IN", "FORWARD_IN": "FWDI", "FORWARD_OUT": "FWDO", "OUTPUT": "OUT", } REJECT_TYPES = { "ipv4": [ "icmp-host-prohibited", "host-prohib", "icmp-net-unreachable", "net-unreach", "icmp-host-unreachable", "host-unreach", "icmp-port-unreachable", "port-unreach", "icmp-proto-unreachable", "proto-unreach", "icmp-net-prohibited", "net-prohib", "tcp-reset", "tcp-rst", "icmp-admin-prohibited", "admin-prohib" ], "ipv6": [ "icmp6-adm-prohibited", "adm-prohibited", "icmp6-no-route", "no-route", "icmp6-addr-unreachable", "addr-unreach", "icmp6-port-unreachable", "port-unreach", "tcp-reset" ] } # ipset types that can be used as a source in zones # The match-set option will be src or src,src according to the # dimension of the ipset. ZONE_SOURCE_IPSET_TYPES = [ "hash:ip", "hash:ip,port", "hash:ip,mark", "hash:net", "hash:net,port", "hash:net,iface", "hash:mac" ] firewalld-0.8.2/src/firewall/core/io/0000775007115300711530000000000013641123257020613 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/core/io/functions.py0000664007115300711530000000723413614563155023210 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2018 Red Hat, Inc. # # Authors: # Eric Garver # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os from firewall import config from firewall.errors import FirewallError from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.core.io.direct import Direct from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall.core.io.firewalld_conf import firewalld_conf def check_config(fw=None): readers = { "ipset" : (ipset_reader, [config.FIREWALLD_IPSETS, config.ETC_FIREWALLD_IPSETS]), "helper" : (helper_reader, [config.FIREWALLD_HELPERS, config.ETC_FIREWALLD_HELPERS]), "icmptype" : (icmptype_reader, [config.FIREWALLD_ICMPTYPES, config.ETC_FIREWALLD_ICMPTYPES]), "service" : (service_reader, [config.FIREWALLD_SERVICES, config.ETC_FIREWALLD_SERVICES]), "zone" : (zone_reader, [config.FIREWALLD_ZONES, config.ETC_FIREWALLD_ZONES]), } for reader in readers.keys(): for dir in readers[reader][1]: if not os.path.isdir(dir): continue for file in sorted(os.listdir(dir)): if file.endswith(".xml"): try: obj = readers[reader][0](file, dir) if fw and reader == "zone": obj.fw_config = fw.config obj.check_config(obj.export_config()) except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (file, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (file, msg)) if os.path.isfile(config.FIREWALLD_DIRECT): try: obj = Direct(config.FIREWALLD_DIRECT) obj.read() obj.check_config(obj.export_config()) except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_DIRECT, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (config.FIREWALLD_DIRECT, msg)) if os.path.isfile(config.LOCKDOWN_WHITELIST): try: obj = LockdownWhitelist(config.LOCKDOWN_WHITELIST) obj.read() obj.check_config(obj.export_config()) except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (config.LOCKDOWN_WHITELIST, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (config.LOCKDOWN_WHITELIST, msg)) if os.path.isfile(config.FIREWALLD_CONF): try: obj = firewalld_conf(config.FIREWALLD_CONF) obj.read() except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_CONF, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (config.FIREWALLD_CONF, msg)) firewalld-0.8.2/src/firewall/core/io/service.py0000664007115300711530000003373113620317435022634 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Service", "service_reader", "service_writer" ] import xml.sax as sax import os import io import shutil import copy from collections import OrderedDict from firewall import config from firewall.functions import u2b_if_py2 from firewall.core.io.io_object import PY2, IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator, check_port, \ check_tcpudp, check_protocol, check_address from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class Service(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), ( "short", "" ), ( "description", "" ), ( "ports", [ ( "", "" ), ], ), ( "modules", [ "", ], ), ( "destination", { "": "", }, ), ( "protocols", [ "", ], ), ( "source_ports", [ ( "", "" ), ], ), ( "includes", [ "" ], ), ( "helpers", [ "", ], ), ) ADDITIONAL_ALNUM_CHARS = [ "_", "-" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "service": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "service": [ "name", "version" ], "port": [ "port", "protocol" ], "protocol": [ "value" ], "module": [ "name" ], "destination": [ "ipv4", "ipv6" ], "source-port": [ "port", "protocol" ], "include": [ "service" ], "helper": [ "name" ], } def __init__(self): super(Service, self).__init__() self.version = "" self.short = "" self.description = "" self.ports = [ ] self.protocols = [ ] self.modules = [ ] self.destination = { } self.source_ports = [ ] self.includes = [ ] self.helpers = [ ] def import_config(self, conf): self.check_config(conf) for key in conf: if not hasattr(self, key): raise FirewallError(errors.UNKNOWN_ERROR, "Internal error. '{}' is not a valid attribute".format(key)) if isinstance(conf[key], list): # maintain list order while removing duplicates setattr(self, key, list(OrderedDict.fromkeys(copy.deepcopy(conf[key])))) else: setattr(self, key, copy.deepcopy(conf[key])) def export_config(self): conf = {} type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE]) for key in type_formats: if getattr(self, key): conf[key] = copy.deepcopy(getattr(self, key)) return conf def check_config(self, conf): type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE]) for key in conf: if key not in [x for (x,y) in self.IMPORT_EXPORT_STRUCTURE]: raise FirewallError(errors.INVALID_OPTION, "service option '{}' is not valid".format(key)) self._check_config_structure(conf[key], type_formats[key]) self._check_config(conf[key], key) def cleanup(self): self.version = "" self.short = "" self.description = "" del self.ports[:] del self.protocols[:] del self.modules[:] self.destination.clear() del self.source_ports[:] del self.includes[:] del self.helpers[:] def encode_strings(self): """ HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.""" self.version = u2b_if_py2(self.version) self.short = u2b_if_py2(self.short) self.description = u2b_if_py2(self.description) self.ports = [(u2b_if_py2(po),u2b_if_py2(pr)) for (po,pr) in self.ports] self.modules = [u2b_if_py2(m) for m in self.modules] self.destination = {u2b_if_py2(k):u2b_if_py2(v) for k,v in self.destination.items()} self.protocols = [u2b_if_py2(pr) for pr in self.protocols] self.source_ports = [(u2b_if_py2(po),u2b_if_py2(pr)) for (po,pr) in self.source_ports] self.includes = [u2b_if_py2(s) for s in self.includes] self.helpers = [u2b_if_py2(s) for s in self.helpers] def _check_config(self, config, item): if item == "ports": for port in config: if port[0] != "": check_port(port[0]) check_tcpudp(port[1]) else: # only protocol check_protocol(port[1]) elif item == "protocols": for proto in config: check_protocol(proto) elif item == "source_ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "destination": for destination in config: if destination not in [ "ipv4", "ipv6" ]: raise FirewallError(errors.INVALID_DESTINATION, "'%s' not in {'ipv4'|'ipv6'}" % \ destination) check_address(destination, config[destination]) elif item == "modules": for module in config: if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") if len(module) < 2: raise FirewallError(errors.INVALID_MODULE, module) # PARSER class service_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "service": if "name" in attrs: log.warning("Ignoring deprecated attribute name='%s'", attrs["name"]) if "version" in attrs: self.item.version = attrs["version"] elif name == "short": pass elif name == "description": pass elif name == "port": if attrs["port"] != "": check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (attrs["port"], attrs["protocol"]) if entry not in self.item.ports: self.item.ports.append(entry) else: log.warning("Port '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) else: check_protocol(attrs["protocol"]) if attrs["protocol"] not in self.item.protocols: self.item.protocols.append(attrs["protocol"]) else: log.warning("Protocol '%s' already set, ignoring.", attrs["protocol"]) elif name == "protocol": check_protocol(attrs["value"]) if attrs["value"] not in self.item.protocols: self.item.protocols.append(attrs["value"]) else: log.warning("Protocol '%s' already set, ignoring.", attrs["value"]) elif name == "source-port": check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (attrs["port"], attrs["protocol"]) if entry not in self.item.source_ports: self.item.source_ports.append(entry) else: log.warning("SourcePort '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) elif name == "destination": for x in [ "ipv4", "ipv6" ]: if x in attrs: check_address(x, attrs[x]) if x in self.item.destination: log.warning("Destination address for '%s' already set, ignoring", x) else: self.item.destination[x] = attrs[x] elif name == "module": module = attrs["name"] if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") if module not in self.item.modules: self.item.modules.append(module) else: log.warning("Module '%s' already set, ignoring.", module) elif name == "include": if attrs["service"] not in self.item.includes: self.item.includes.append(attrs["service"]) else: log.warning("Include '%s' already set, ignoring.", attrs["service"]) elif name == "helper": if attrs["name"] not in self.item.helpers: self.item.helpers.append(attrs["name"]) else: log.warning("Helper '%s' already set, ignoring.", attrs["name"]) def service_reader(filename, path): service = Service() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) service.name = filename[:-4] service.check_name(service.name) service.filename = filename service.path = path service.builtin = False if path.startswith(config.ETC_FIREWALLD) else True service.default = service.builtin handler = service_ContentHandler(service) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_SERVICE, "not a valid service file: %s" % \ msg.getException()) del handler del parser if PY2: service.encode_strings() return service def service_writer(service, path=None): _path = path if path else service.path if service.filename: name = "%s/%s" % (_path, service.filename) else: name = "%s/%s.xml" % (_path, service.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start service element attrs = {} if service.version and service.version != "": attrs["version"] = service.version handler.startElement("service", attrs) handler.ignorableWhitespace("\n") # short if service.short and service.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(service.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if service.description and service.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(service.description) handler.endElement("description") handler.ignorableWhitespace("\n") # ports for port in service.ports: handler.ignorableWhitespace(" ") handler.simpleElement("port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # protocols for protocol in service.protocols: handler.ignorableWhitespace(" ") handler.simpleElement("protocol", { "value": protocol }) handler.ignorableWhitespace("\n") # source ports for port in service.source_ports: handler.ignorableWhitespace(" ") handler.simpleElement("source-port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # modules for module in service.modules: handler.ignorableWhitespace(" ") handler.simpleElement("module", { "name": module }) handler.ignorableWhitespace("\n") # destination if len(service.destination) > 0: handler.ignorableWhitespace(" ") handler.simpleElement("destination", service.destination) handler.ignorableWhitespace("\n") # includes for include in service.includes: handler.ignorableWhitespace(" ") handler.simpleElement("include", { "service": include }) handler.ignorableWhitespace("\n") # helpers for helper in service.helpers: handler.ignorableWhitespace(" ") handler.simpleElement("helper", { "name": helper }) handler.ignorableWhitespace("\n") # end service element handler.endElement('service') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/zone.py0000664007115300711530000011561413620317435022150 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Zone", "zone_reader", "zone_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import checkIP, checkIP6, checkIPnMask, checkIP6nMask, checkInterface, uniqify, max_zone_name_len, u2b_if_py2, check_mac, portStr from firewall.core.base import DEFAULT_ZONE_TARGET, ZONE_TARGETS from firewall.core.io.io_object import PY2, IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator, check_port, \ check_tcpudp, check_protocol from firewall.core import rich from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class Zone(IO_Object): """ Zone class """ IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "UNUSED", False ), # b ( "target", "" ), # s ( "services", [ "", ], ), # as ( "ports", [ ( "", "" ), ], ), # a(ss) ( "icmp_blocks", [ "", ], ), # as ( "masquerade", False ), # b ( "forward_ports", [ ( "", "", "", "" ), ], ), # a(ssss) ( "interfaces", [ "" ] ), # as ( "sources", [ "" ] ), # as ( "rules_str", [ "" ] ), # as ( "protocols", [ "", ], ), # as ( "source_ports", [ ( "", "" ), ], ), # a(ss) ( "icmp_block_inversion", False ), # b ) DBUS_SIGNATURE = '(sssbsasa(ss)asba(ssss)asasasasa(ss)b)' ADDITIONAL_ALNUM_CHARS = [ "_", "-", "/" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "zone": None, "service": [ "name" ], "port": [ "port", "protocol" ], "icmp-block": [ "name" ], "icmp-type": [ "name" ], "forward-port": [ "port", "protocol" ], "interface": [ "name" ], "rule": None, "source": None, "destination": [ "address" ], "protocol": [ "value" ], "source-port": [ "port", "protocol" ], "log": None, "audit": None, "accept": None, "reject": None, "drop": None, "mark": [ "set" ], "limit": [ "value" ], "icmp-block-inversion": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "zone": [ "name", "immutable", "target", "version" ], "masquerade": [ "enabled" ], "forward-port": [ "to-port", "to-addr" ], "rule": [ "family", "priority" ], "source": [ "address", "mac", "invert", "family", "ipset" ], "destination": [ "invert" ], "log": [ "prefix", "level" ], "reject": [ "type" ], } @staticmethod def index_of(element): for i, (el, dummy) in enumerate(Zone.IMPORT_EXPORT_STRUCTURE): if el == element: return i raise FirewallError(errors.UNKNOWN_ERROR, "index_of()") def __init__(self): super(Zone, self).__init__() self.version = "" self.short = "" self.description = "" self.UNUSED = False self.target = DEFAULT_ZONE_TARGET self.services = [ ] self.ports = [ ] self.protocols = [ ] self.icmp_blocks = [ ] self.masquerade = False self.forward_ports = [ ] self.source_ports = [ ] self.interfaces = [ ] self.sources = [ ] self.fw_config = None # to be able to check services and a icmp_blocks self.rules = [ ] self.icmp_block_inversion = False self.combined = False self.applied = False def cleanup(self): self.version = "" self.short = "" self.description = "" self.UNUSED = False self.target = DEFAULT_ZONE_TARGET del self.services[:] del self.ports[:] del self.protocols[:] del self.icmp_blocks[:] self.masquerade = False del self.forward_ports[:] del self.source_ports[:] del self.interfaces[:] del self.sources[:] self.fw_config = None # to be able to check services and a icmp_blocks del self.rules[:] self.icmp_block_inversion = False self.combined = False self.applied = False def encode_strings(self): """ HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.""" self.version = u2b_if_py2(self.version) self.short = u2b_if_py2(self.short) self.description = u2b_if_py2(self.description) self.target = u2b_if_py2(self.target) self.services = [u2b_if_py2(s) for s in self.services] self.ports = [(u2b_if_py2(po),u2b_if_py2(pr)) for (po,pr) in self.ports] self.protocols = [u2b_if_py2(pr) for pr in self.protocols] self.icmp_blocks = [u2b_if_py2(i) for i in self.icmp_blocks] self.forward_ports = [(u2b_if_py2(p1),u2b_if_py2(p2),u2b_if_py2(p3),u2b_if_py2(p4)) for (p1,p2,p3,p4) in self.forward_ports] self.source_ports = [(u2b_if_py2(po),u2b_if_py2(pr)) for (po,pr) in self.source_ports] self.interfaces = [u2b_if_py2(i) for i in self.interfaces] self.sources = [u2b_if_py2(s) for s in self.sources] self.rules = [u2b_if_py2(s) for s in self.rules] def __getattr__(self, name): if name == "rules_str": rules_str = [str(rule) for rule in self.rules] return rules_str else: return getattr(super(Zone, self), name) def __setattr__(self, name, value): if name == "rules_str": self.rules = [rich.Rich_Rule(rule_str=s) for s in value] else: super(Zone, self).__setattr__(name, value) def _check_config(self, config, item): if item == "services" and self.fw_config: existing_services = self.fw_config.get_services() for service in config: if service not in existing_services: raise FirewallError(errors.INVALID_SERVICE, "'%s' not among existing services" % \ service) elif item == "ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "protocols": for proto in config: check_protocol(proto) elif item == "icmp_blocks" and self.fw_config: existing_icmptypes = self.fw_config.get_icmptypes() for icmptype in config: if icmptype not in existing_icmptypes: raise FirewallError(errors.INVALID_ICMPTYPE, "'%s' not among existing icmp types" % \ icmptype) elif item == "forward_ports": for fwd_port in config: check_port(fwd_port[0]) check_tcpudp(fwd_port[1]) if not fwd_port[2] and not fwd_port[3]: raise FirewallError( errors.INVALID_FORWARD, "'%s' is missing to-port AND to-addr " % fwd_port) if fwd_port[2]: check_port(fwd_port[2]) if fwd_port[3]: if not checkIP(fwd_port[3]) and not checkIP6(fwd_port[3]): raise FirewallError( errors.INVALID_ADDR, "to-addr '%s' is not a valid address" % fwd_port[3]) elif item == "source_ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "target": if config not in ZONE_TARGETS: raise FirewallError(errors.INVALID_TARGET, config) elif item == "interfaces": for interface in config: if not checkInterface(interface): raise FirewallError(errors.INVALID_INTERFACE, interface) elif item == "sources": for source in config: if not checkIPnMask(source) and not checkIP6nMask(source) and \ not check_mac(source) and not source.startswith("ipset:"): raise FirewallError(errors.INVALID_ADDR, source) elif item == "rules_str": for rule in config: rich.Rich_Rule(rule_str=rule) def check_name(self, name): super(Zone, self).check_name(name) if name.startswith('/'): raise FirewallError(errors.INVALID_NAME, "'%s' can't start with '/'" % name) elif name.endswith('/'): raise FirewallError(errors.INVALID_NAME, "'%s' can't end with '/'" % name) elif name.count('/') > 1: raise FirewallError(errors.INVALID_NAME, "more than one '/' in '%s'" % name) else: if "/" in name: checked_name = name[:name.find('/')] else: checked_name = name if len(checked_name) > max_zone_name_len(): raise FirewallError(errors.INVALID_NAME, "Zone of '%s' has %d chars, max is %d %s" % ( name, len(checked_name), max_zone_name_len(), self.combined)) def combine(self, zone): self.combined = True self.filename = None self.version = "" self.short = "" self.description = "" for interface in zone.interfaces: if interface not in self.interfaces: self.interfaces.append(interface) for source in zone.sources: if source not in self.sources: self.sources.append(source) for service in zone.services: if service not in self.services: self.services.append(service) for port in zone.ports: if port not in self.ports: self.ports.append(port) for proto in zone.protocols: if proto not in self.protocols: self.protocols.append(proto) for icmp in zone.icmp_blocks: if icmp not in self.icmp_blocks: self.icmp_blocks.append(icmp) if zone.masquerade: self.masquerade = True for forward in zone.forward_ports: if forward not in self.forward_ports: self.forward_ports.append(forward) for port in zone.source_ports: if port not in self.source_ports: self.source_ports.append(port) for rule in zone.rules: self.rules.append(rule) if zone.icmp_block_inversion: self.icmp_block_inversion = True # PARSER class zone_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self._rule = None self._rule_error = False self._limit_ok = None def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) if self._rule_error: return self.item.parser_check_element_attrs(name, attrs) if name == "zone": if "name" in attrs: log.warning("Ignoring deprecated attribute name='%s'", attrs["name"]) if "version" in attrs: self.item.version = attrs["version"] if "immutable" in attrs: log.warning("Ignoring deprecated attribute immutable='%s'", attrs["immutable"]) if "target" in attrs: target = attrs["target"] if target not in ZONE_TARGETS: raise FirewallError(errors.INVALID_TARGET, target) if target != "" and target != DEFAULT_ZONE_TARGET: self.item.target = target elif name == "short": pass elif name == "description": pass elif name == "service": if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_Service(attrs["name"]) return if attrs["name"] not in self.item.services: self.item.services.append(attrs["name"]) else: log.warning("Service '%s' already set, ignoring.", attrs["name"]) elif name == "port": if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_Port(attrs["port"], attrs["protocol"]) return check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (portStr(attrs["port"], "-"), attrs["protocol"]) if entry not in self.item.ports: self.item.ports.append(entry) else: log.warning("Port '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) elif name == "protocol": if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_Protocol(attrs["value"]) else: check_protocol(attrs["value"]) if attrs["value"] not in self.item.protocols: self.item.protocols.append(attrs["value"]) else: log.warning("Protocol '%s' already set, ignoring.", attrs["value"]) elif name == "icmp-block": if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_IcmpBlock(attrs["name"]) return if attrs["name"] not in self.item.icmp_blocks: self.item.icmp_blocks.append(attrs["name"]) else: log.warning("icmp-block '%s' already set, ignoring.", attrs["name"]) elif name == "icmp-type": if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_IcmpType(attrs["name"]) return else: log.warning("Invalid rule: icmp-block '%s' outside of rule", attrs["name"]) elif name == "masquerade": if "enabled" in attrs and \ attrs["enabled"].lower() in [ "no", "false" ] : log.warning("Ignoring deprecated attribute enabled='%s'", attrs["enabled"]) return if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_Masquerade() else: if self.item.masquerade: log.warning("Masquerade already set, ignoring.") else: self.item.masquerade = True elif name == "forward-port": to_port = "" if "to-port" in attrs: to_port = attrs["to-port"] to_addr = "" if "to-addr" in attrs: to_addr = attrs["to-addr"] if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_ForwardPort(attrs["port"], attrs["protocol"], to_port, to_addr) return check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) if to_port: check_port(to_port) if to_addr: if not checkIP(to_addr) and not checkIP6(to_addr): raise FirewallError(errors.INVALID_ADDR, "to-addr '%s' is not a valid address" \ % to_addr) entry = (portStr(attrs["port"], "-"), attrs["protocol"], portStr(to_port, "-"), str(to_addr)) if entry not in self.item.forward_ports: self.item.forward_ports.append(entry) else: log.warning("Forward port %s/%s%s%s already set, ignoring.", attrs["port"], attrs["protocol"], " >%s" % to_port if to_port else "", " @%s" % to_addr if to_addr else "") elif name == "source-port": if self._rule: if self._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.element = rich.Rich_SourcePort(attrs["port"], attrs["protocol"]) return check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (portStr(attrs["port"], "-"), attrs["protocol"]) if entry not in self.item.source_ports: self.item.source_ports.append(entry) else: log.warning("Source port '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) elif name == "interface": if self._rule: log.warning('Invalid rule: interface use in rule.') self._rule_error = True return # zone bound to interface if "name" not in attrs: log.warning('Invalid interface: Name missing.') self._rule_error = True return if attrs["name"] not in self.item.interfaces: self.item.interfaces.append(attrs["name"]) else: log.warning("Interface '%s' already set, ignoring.", attrs["name"]) elif name == "source": if self._rule: if self._rule.source: log.warning("Invalid rule: More than one source in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return invert = False if "invert" in attrs and \ attrs["invert"].lower() in [ "yes", "true" ]: invert = True addr = mac = ipset = None if "address" in attrs: addr = attrs["address"] if "mac" in attrs: mac = attrs["mac"] if "ipset" in attrs: ipset = attrs["ipset"] self._rule.source = rich.Rich_Source(addr, mac, ipset, invert=invert) return # zone bound to source if "address" not in attrs and "ipset" not in attrs: log.warning('Invalid source: No address no ipset.') return if "address" in attrs and "ipset" in attrs: log.warning('Invalid source: Address and ipset.') return if "family" in attrs: log.warning("Ignoring deprecated attribute family='%s'", attrs["family"]) if "invert" in attrs: log.warning('Invalid source: Invertion not allowed here.') return if "address" in attrs: if not checkIPnMask(attrs["address"]) and \ not checkIP6nMask(attrs["address"]) and \ not check_mac(attrs["address"]): raise FirewallError(errors.INVALID_ADDR, attrs["address"]) if "ipset" in attrs: entry = "ipset:%s" % attrs["ipset"] if entry not in self.item.sources: self.item.sources.append(entry) else: log.warning("Source '%s' already set, ignoring.", attrs["address"]) if "address" in attrs: entry = attrs["address"] if entry not in self.item.sources: self.item.sources.append(entry) else: log.warning("Source '%s' already set, ignoring.", attrs["address"]) elif name == "destination": if not self._rule: log.warning('Invalid rule: Destination outside of rule') self._rule_error = True return if self._rule.destination: log.warning("Invalid rule: More than one destination in rule '%s', ignoring.", str(self._rule)) return invert = False if "invert" in attrs and \ attrs["invert"].lower() in [ "yes", "true" ]: invert = True self._rule.destination = rich.Rich_Destination(attrs["address"], invert) elif name in [ "accept", "reject", "drop", "mark" ]: if not self._rule: log.warning('Invalid rule: Action outside of rule') self._rule_error = True return if self._rule.action: log.warning('Invalid rule: More than one action') self._rule_error = True return if name == "accept": self._rule.action = rich.Rich_Accept() elif name == "reject": _type = None if "type" in attrs: _type = attrs["type"] self._rule.action = rich.Rich_Reject(_type) elif name == "drop": self._rule.action = rich.Rich_Drop() elif name == "mark": _set = attrs["set"] self._rule.action = rich.Rich_Mark(_set) self._limit_ok = self._rule.action elif name == "log": if not self._rule: log.warning('Invalid rule: Log outside of rule') return if self._rule.log: log.warning('Invalid rule: More than one log') return level = None if "level" in attrs: level = attrs["level"] if level not in [ "emerg", "alert", "crit", "error", "warning", "notice", "info", "debug" ]: log.warning('Invalid rule: Invalid log level') self._rule_error = True return prefix = attrs["prefix"] if "prefix" in attrs else None self._rule.log = rich.Rich_Log(prefix, level) self._limit_ok = self._rule.log elif name == "audit": if not self._rule: log.warning('Invalid rule: Audit outside of rule') return if self._rule.audit: log.warning("Invalid rule: More than one audit in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return self._rule.audit = rich.Rich_Audit() self._limit_ok = self._rule.audit elif name == "rule": family = None priority = 0 if "family" in attrs: family = attrs["family"] if family not in [ "ipv4", "ipv6" ]: log.warning('Invalid rule: Rule family "%s" invalid', attrs["family"]) self._rule_error = True return if "priority" in attrs: priority = int(attrs["priority"]) self._rule = rich.Rich_Rule(family=family, priority=priority) elif name == "limit": if not self._limit_ok: log.warning('Invalid rule: Limit outside of action, log and audit') self._rule_error = True return if self._limit_ok.limit: log.warning("Invalid rule: More than one limit in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return value = attrs["value"] self._limit_ok.limit = rich.Rich_Limit(value) elif name == "icmp-block-inversion": if self.item.icmp_block_inversion: log.warning("Icmp-Block-Inversion already set, ignoring.") else: self.item.icmp_block_inversion = True else: log.warning("Unknown XML element '%s'", name) return def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "rule": if not self._rule_error: try: self._rule.check() except Exception as e: log.warning("%s: %s", e, str(self._rule)) else: if str(self._rule) not in \ [ str(x) for x in self.item.rules ]: self.item.rules.append(self._rule) else: log.warning("Rule '%s' already set, ignoring.", str(self._rule)) self._rule = None self._rule_error = False elif name in [ "accept", "reject", "drop", "mark", "log", "audit" ]: self._limit_ok = None def zone_reader(filename, path, no_check_name=False): zone = Zone() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) zone.name = filename[:-4] if not no_check_name: zone.check_name(zone.name) zone.filename = filename zone.path = path zone.builtin = False if path.startswith(config.ETC_FIREWALLD) else True zone.default = zone.builtin handler = zone_ContentHandler(zone) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_ZONE, "not a valid zone file: %s" % \ msg.getException()) del handler del parser if PY2: zone.encode_strings() return zone def zone_writer(zone, path=None): _path = path if path else zone.path if zone.filename: name = "%s/%s" % (_path, zone.filename) else: name = "%s/%s.xml" % (_path, zone.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start zone element attrs = {} if zone.version and zone.version != "": attrs["version"] = zone.version if zone.target != DEFAULT_ZONE_TARGET: attrs["target"] = zone.target handler.startElement("zone", attrs) handler.ignorableWhitespace("\n") # short if zone.short and zone.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(zone.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if zone.description and zone.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(zone.description) handler.endElement("description") handler.ignorableWhitespace("\n") # interfaces for interface in uniqify(zone.interfaces): handler.ignorableWhitespace(" ") handler.simpleElement("interface", { "name": interface }) handler.ignorableWhitespace("\n") # source for source in uniqify(zone.sources): handler.ignorableWhitespace(" ") if "ipset:" in source: handler.simpleElement("source", { "ipset": source[6:] }) else: handler.simpleElement("source", { "address": source }) handler.ignorableWhitespace("\n") # services for service in uniqify(zone.services): handler.ignorableWhitespace(" ") handler.simpleElement("service", { "name": service }) handler.ignorableWhitespace("\n") # ports for port in uniqify(zone.ports): handler.ignorableWhitespace(" ") handler.simpleElement("port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # protocols for protocol in uniqify(zone.protocols): handler.ignorableWhitespace(" ") handler.simpleElement("protocol", { "value": protocol }) handler.ignorableWhitespace("\n") # icmp-block-inversion if zone.icmp_block_inversion: handler.ignorableWhitespace(" ") handler.simpleElement("icmp-block-inversion", { }) handler.ignorableWhitespace("\n") # icmp-blocks for icmp in uniqify(zone.icmp_blocks): handler.ignorableWhitespace(" ") handler.simpleElement("icmp-block", { "name": icmp }) handler.ignorableWhitespace("\n") # masquerade if zone.masquerade: handler.ignorableWhitespace(" ") handler.simpleElement("masquerade", { }) handler.ignorableWhitespace("\n") # forward-ports for forward in uniqify(zone.forward_ports): handler.ignorableWhitespace(" ") attrs = { "port": forward[0], "protocol": forward[1] } if forward[2] and forward[2] != "" : attrs["to-port"] = forward[2] if forward[3] and forward[3] != "" : attrs["to-addr"] = forward[3] handler.simpleElement("forward-port", attrs) handler.ignorableWhitespace("\n") # source-ports for port in uniqify(zone.source_ports): handler.ignorableWhitespace(" ") handler.simpleElement("source-port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # rules for rule in zone.rules: attrs = { } if rule.family: attrs["family"] = rule.family if rule.priority != 0: attrs["priority"] = str(rule.priority) handler.ignorableWhitespace(" ") handler.startElement("rule", attrs) handler.ignorableWhitespace("\n") # source if rule.source: attrs = { } if rule.source.addr: attrs["address"] = rule.source.addr if rule.source.mac: attrs["mac"] = rule.source.mac if rule.source.ipset: attrs["ipset"] = rule.source.ipset if rule.source.invert: attrs["invert"] = "True" handler.ignorableWhitespace(" ") handler.simpleElement("source", attrs) handler.ignorableWhitespace("\n") # destination if rule.destination: attrs = { "address": rule.destination.addr } if rule.destination.invert: attrs["invert"] = "True" handler.ignorableWhitespace(" ") handler.simpleElement("destination", attrs) handler.ignorableWhitespace("\n") # element if rule.element: element = "" attrs = { } if type(rule.element) == rich.Rich_Service: element = "service" attrs["name"] = rule.element.name elif type(rule.element) == rich.Rich_Port: element = "port" attrs["port"] = rule.element.port attrs["protocol"] = rule.element.protocol elif type(rule.element) == rich.Rich_Protocol: element = "protocol" attrs["value"] = rule.element.value elif type(rule.element) == rich.Rich_Masquerade: element = "masquerade" elif type(rule.element) == rich.Rich_IcmpBlock: element = "icmp-block" attrs["name"] = rule.element.name elif type(rule.element) == rich.Rich_IcmpType: element = "icmp-type" attrs["name"] = rule.element.name elif type(rule.element) == rich.Rich_ForwardPort: element = "forward-port" attrs["port"] = rule.element.port attrs["protocol"] = rule.element.protocol if rule.element.to_port != "": attrs["to-port"] = rule.element.to_port if rule.element.to_address != "": attrs["to-addr"] = rule.element.to_address elif type(rule.element) == rich.Rich_SourcePort: element = "source-port" attrs["port"] = rule.element.port attrs["protocol"] = rule.element.protocol else: raise FirewallError( errors.INVALID_OBJECT, "Unknown element '%s' in zone_writer" % type(rule.element)) handler.ignorableWhitespace(" ") handler.simpleElement(element, attrs) handler.ignorableWhitespace("\n") # rule.element # log if rule.log: attrs = { } if rule.log.prefix: attrs["prefix"] = rule.log.prefix if rule.log.level: attrs["level"] = rule.log.level if rule.log.limit: handler.ignorableWhitespace(" ") handler.startElement("log", attrs) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.log.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement("log") else: handler.ignorableWhitespace(" ") handler.simpleElement("log", attrs) handler.ignorableWhitespace("\n") # audit if rule.audit: attrs = {} if rule.audit.limit: handler.ignorableWhitespace(" ") handler.startElement("audit", { }) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.audit.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement("audit") else: handler.ignorableWhitespace(" ") handler.simpleElement("audit", attrs) handler.ignorableWhitespace("\n") # action if rule.action: action = "" attrs = { } if type(rule.action) == rich.Rich_Accept: action = "accept" elif type(rule.action) == rich.Rich_Reject: action = "reject" if rule.action.type: attrs["type"] = rule.action.type elif type(rule.action) == rich.Rich_Drop: action = "drop" elif type(rule.action) == rich.Rich_Mark: action = "mark" attrs["set"] = rule.action.set else: log.warning("Unknown action '%s'", type(rule.action)) if rule.action.limit: handler.ignorableWhitespace(" ") handler.startElement(action, attrs) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.action.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement(action) else: handler.ignorableWhitespace(" ") handler.simpleElement(action, attrs) handler.ignorableWhitespace("\n") handler.ignorableWhitespace(" ") handler.endElement("rule") handler.ignorableWhitespace("\n") # end zone element handler.endElement("zone") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/ifcfg.py0000664007115300711530000001434513371036334022251 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ifcfg file parser""" __all__ = [ "ifcfg" ] import os.path import io import tempfile import shutil from firewall.core.logger import log from firewall.functions import b2u, u2b, PY2 class ifcfg(object): def __init__(self, filename): self._config = { } self._deleted = [ ] self.filename = filename self.clear() def clear(self): self._config = { } self._deleted = [ ] def cleanup(self): self._config.clear() def get(self, key): return self._config.get(key.strip()) def set(self, key, value): _key = b2u(key.strip()) self._config[_key] = b2u(value.strip()) if _key in self._deleted: self._deleted.remove(_key) def __str__(self): s = "" for (key, value) in self._config.items(): if s: s += '\n' s += '%s=%s' % (key, value) return u2b(s) if PY2 else s # load self.filename def read(self): self.clear() try: f = open(self.filename, "r") except Exception as msg: log.error("Failed to load '%s': %s", self.filename, msg) raise for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue # get key/value pair pair = [ x.strip() for x in line.split("=", 1) ] if len(pair) != 2: continue if len(pair[1]) >= 2 and \ pair[1].startswith('"') and pair[1].endswith('"'): pair[1] = pair[1][1:-1] if pair[1] == '': continue elif self._config.get(pair[0]) is not None: log.warning("%s: Duplicate option definition: '%s'", self.filename, line.strip()) continue self._config[pair[0]] = pair[1] f.close() def write(self): if len(self._config) < 1: # no changes: nothing to do return # handled keys done = [ ] try: temp_file = tempfile.NamedTemporaryFile( mode='wt', prefix="%s." % os.path.basename(self.filename), dir=os.path.dirname(self.filename), delete=False) except Exception as msg: log.error("Failed to open temporary file: %s" % msg) raise modified = False empty = False try: f = io.open(self.filename, mode='rt', encoding='UTF-8') except Exception as msg: if os.path.exists(self.filename): log.error("Failed to open '%s': %s" % (self.filename, msg)) raise else: f = None else: for line in f: if not line: break # remove newline line = line.strip("\n") if len(line) < 1: if not empty: temp_file.write(u"\n") empty = True elif line[0] == '#': empty = False temp_file.write(line) temp_file.write(u"\n") else: p = line.split("=", 1) if len(p) != 2: empty = False temp_file.write(line+u"\n") continue key = p[0].strip() value = p[1].strip() if len(value) >= 2 and \ value.startswith('"') and value.endswith('"'): value = value[1:-1] # check for modified key/value pairs if key not in done: if key in self._config and self._config[key] != value: empty = False temp_file.write(u'%s=%s\n' % (key, self._config[key])) modified = True elif key in self._deleted: modified = True else: empty = False temp_file.write(line+u"\n") done.append(key) else: modified = True # write remaining key/value pairs if len(self._config) > 0: for (key, value) in self._config.items(): if key in done: continue if not empty: empty = True temp_file.write(u'%s=%s\n' % (key, value)) modified = True if f: f.close() temp_file.close() if not modified: # not modified: remove tempfile os.remove(temp_file.name) return # make backup if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.bak" % self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) # copy tempfile try: shutil.move(temp_file.name, self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Failed to create '%s': %s" % (self.filename, msg)) else: os.chmod(self.filename, 0o600) firewalld-0.8.2/src/firewall/core/io/icmptype.py0000664007115300711530000001523013614563155023025 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "IcmpType", "icmptype_reader", "icmptype_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import u2b_if_py2 from firewall.core.io.io_object import PY2, IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class IcmpType(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "destination", [ "", ], ), # as ) DBUS_SIGNATURE = '(sssas)' ADDITIONAL_ALNUM_CHARS = [ "_", "-" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "icmptype": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "icmptype": [ "name", "version" ], "destination": [ "ipv4", "ipv6" ], } def __init__(self): super(IcmpType, self).__init__() self.version = "" self.short = "" self.description = "" self.destination = [ ] def cleanup(self): self.version = "" self.short = "" self.description = "" del self.destination[:] def encode_strings(self): """ HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.""" self.version = u2b_if_py2(self.version) self.short = u2b_if_py2(self.short) self.description = u2b_if_py2(self.description) self.destination = [u2b_if_py2(m) for m in self.destination] def _check_config(self, config, item): if item == "destination": for destination in config: if destination not in [ "ipv4", "ipv6" ]: raise FirewallError(errors.INVALID_DESTINATION, "'%s' not from {'ipv4'|'ipv6'}" % \ destination) # PARSER class icmptype_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "icmptype": if "name" in attrs: log.warning("Ignoring deprecated attribute name='%s'" % attrs["name"]) if "version" in attrs: self.item.version = attrs["version"] elif name == "short": pass elif name == "description": pass elif name == "destination": for x in [ "ipv4", "ipv6" ]: if x in attrs and \ attrs[x].lower() in [ "yes", "true" ]: self.item.destination.append(str(x)) def icmptype_reader(filename, path): icmptype = IcmpType() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "%s is missing .xml suffix" % filename) icmptype.name = filename[:-4] icmptype.check_name(icmptype.name) icmptype.filename = filename icmptype.path = path icmptype.builtin = False if path.startswith(config.ETC_FIREWALLD) else True icmptype.default = icmptype.builtin handler = icmptype_ContentHandler(icmptype) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_ICMPTYPE, "not a valid icmptype file: %s" % \ msg.getException()) del handler del parser if PY2: icmptype.encode_strings() return icmptype def icmptype_writer(icmptype, path=None): _path = path if path else icmptype.path if icmptype.filename: name = "%s/%s" % (_path, icmptype.filename) else: name = "%s/%s.xml" % (_path, icmptype.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start icmptype element attrs = {} if icmptype.version and icmptype.version != "": attrs["version"] = icmptype.version handler.startElement("icmptype", attrs) handler.ignorableWhitespace("\n") # short if icmptype.short and icmptype.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(icmptype.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if icmptype.description and icmptype.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(icmptype.description) handler.endElement("description") handler.ignorableWhitespace("\n") # destination if icmptype.destination: handler.ignorableWhitespace(" ") attrs = { } for x in icmptype.destination: attrs[x] = "yes" handler.simpleElement("destination", attrs) handler.ignorableWhitespace("\n") # end icmptype element handler.endElement('icmptype') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/direct.py0000664007115300711530000003672613614563155022462 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import xml.sax as sax import os import io import shutil from firewall import config from firewall.fw_types import LastUpdatedOrderedDict from firewall.functions import splitArgs, joinArgs, u2b_if_py2 from firewall.core.io.io_object import IO_Object, IO_Object_ContentHandler, \ IO_Object_XMLGenerator from firewall.core.logger import log from firewall.core import ipXtables from firewall.core import ebtables from firewall import errors from firewall.errors import FirewallError class direct_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self.direct = False def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "direct": if self.direct: raise FirewallError(errors.PARSE_ERROR, "More than one direct tag.") self.direct = True elif name == "chain": if not self.direct: log.error("Parse Error: chain outside of direct") return ipv = attrs["ipv"] table = attrs["table"] chain = attrs["chain"] self.item.add_chain(u2b_if_py2(ipv), u2b_if_py2(table), u2b_if_py2(chain)) elif name == "rule": if not self.direct: log.error("Parse Error: rule outside of direct") return ipv = attrs["ipv"] if ipv not in [ "ipv4", "ipv6", "eb" ]: raise FirewallError(errors.INVALID_IPV, "'%s' not from {'ipv4'|'ipv6'|'eb'}" % ipv) table = attrs["table"] chain = attrs["chain"] try: priority = int(attrs["priority"]) except ValueError: log.error("Parse Error: %s is not a valid priority" % attrs["priority"]) return self._rule = [ u2b_if_py2(ipv), u2b_if_py2(table), u2b_if_py2(chain), priority ] elif name == "passthrough": if not self.direct: log.error("Parse Error: command outside of direct") return ipv = attrs["ipv"] self._passthrough = [ u2b_if_py2(ipv) ] else: log.error('Unknown XML element %s' % name) return def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "rule": if self._element: # add arguments self._rule.append([ u2b_if_py2(x) for x in splitArgs(self._element) ]) self.item.add_rule(*self._rule) else: log.error("Error: rule does not have any arguments, ignoring.") self._rule = None elif name == "passthrough": if self._element: # add arguments self._passthrough.append([ u2b_if_py2(x) for x in splitArgs(self._element) ]) self.item.add_passthrough(*self._passthrough) else: log.error("Error: passthrough does not have any arguments, " + "ignoring.") self._passthrough = None class Direct(IO_Object): """ Direct class """ IMPORT_EXPORT_STRUCTURE = ( # chain: [ ipv, table, [ chain ] ] ( "chains", [ ( "", "", "" ), ], ), # a(sss) # rule: [ ipv, table, chain, [ priority, [ arg ] ] ] ( "rules", [ ( "", "", "", 0, [ "" ] ), ], ), # a(sssias) # passthrough: [ ipv, [ [ arg ] ] ] ( "passthroughs", [ ( "", [ "" ]), ], ), # a(sas) ) DBUS_SIGNATURE = '(a(sss)a(sssias)a(sas))' PARSER_REQUIRED_ELEMENT_ATTRS = { "direct": None, "chain": [ "ipv", "table", "chain" ], "rule": [ "ipv", "table", "chain", "priority" ], "passthrough": [ "ipv" ] } PARSER_OPTIONAL_ELEMENT_ATTRS = { } def __init__(self, filename): super(Direct, self).__init__() self.filename = filename self.chains = LastUpdatedOrderedDict() self.rules = LastUpdatedOrderedDict() self.passthroughs = LastUpdatedOrderedDict() def _check_config(self, conf, item): pass # check arg lists def export_config(self): ret = [ ] x = [ ] for key in self.chains: for chain in self.chains[key]: x.append(tuple(list(key) + list([chain]))) ret.append(x) x = [ ] for key in self.rules: for rule in self.rules[key]: x.append(tuple((key[0], key[1], key[2], rule[0], list(rule[1])))) ret.append(x) x = [ ] for key in self.passthroughs: for rule in self.passthroughs[key]: x.append(tuple((key, list(rule)))) ret.append(x) return tuple(ret) def import_config(self, conf): self.cleanup() self.check_config(conf) for i,(element,dummy) in enumerate(self.IMPORT_EXPORT_STRUCTURE): if element == "chains": for x in conf[i]: self.add_chain(*x) if element == "rules": for x in conf[i]: self.add_rule(*x) if element == "passthroughs": for x in conf[i]: self.add_passthrough(*x) def cleanup(self): self.chains.clear() self.rules.clear() self.passthroughs.clear() def output(self): print("chains") for key in self.chains: print(" (%s, %s): %s" % (key[0], key[1], ",".join(self.chains[key]))) print("rules") for key in self.rules: print(" (%s, %s, %s):" % (key[0], key[1], key[2])) for (priority,args) in self.rules[key]: print(" (%d, ('%s'))" % (priority, "','".join(args))) print("passthroughs") for key in self.passthroughs: print(" %s:" % (key)) for args in self.passthroughs[key]: print(" ('%s')" % ("','".join(args))) def _check_ipv(self, ipv): ipvs = ['ipv4', 'ipv6', 'eb'] if ipv not in ipvs: raise FirewallError(errors.INVALID_IPV, "'%s' not in '%s'" % (ipv, ipvs)) def _check_ipv_table(self, ipv, table): self._check_ipv(ipv) tables = ipXtables.BUILT_IN_CHAINS.keys() if ipv in ['ipv4', 'ipv6'] \ else ebtables.BUILT_IN_CHAINS.keys() if table not in tables: raise FirewallError(errors.INVALID_TABLE, "'%s' not in '%s'" % (table, tables)) # chains def add_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table) if key not in self.chains: self.chains[key] = [ ] if chain not in self.chains[key]: self.chains[key].append(chain) else: log.warning("Chain '%s' for table '%s' with ipv '%s' " % \ (chain, table, ipv) + "already in list, ignoring") def remove_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table) if key in self.chains and chain in self.chains[key]: self.chains[key].remove(chain) if len(self.chains[key]) == 0: del self.chains[key] else: raise ValueError( \ "Chain '%s' with table '%s' with ipv '%s' not in list" % \ (chain, table, ipv)) def query_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table) return (key in self.chains and chain in self.chains[key]) def get_chains(self, ipv, table): self._check_ipv_table(ipv, table) key = (ipv, table) if key in self.chains: return self.chains[key] else: raise ValueError("No chains for table '%s' with ipv '%s'" % \ (table, ipv)) def get_all_chains(self): return self.chains # rules def add_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) key = (ipv, table, chain) if key not in self.rules: self.rules[key] = LastUpdatedOrderedDict() value = (priority, tuple(args)) if value not in self.rules[key]: self.rules[key][value] = priority else: log.warning("Rule '%s' for table '%s' and chain '%s' " % \ ("',".join(args), table, chain) + "with ipv '%s' and priority %d " % (ipv, priority) + "already in list, ignoring") def remove_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) key = (ipv, table, chain) value = (priority, tuple(args)) if key in self.rules and value in self.rules[key]: del self.rules[key][value] if len(self.rules[key]) == 0: del self.rules[key] else: raise ValueError("Rule '%s' for table '%s' and chain '%s' " % \ ("',".join(args), table, chain) + \ "with ipv '%s' and priority %d not in list" % (ipv, priority)) def remove_rules(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table, chain) if key in self.rules: for value in self.rules[key].keys(): del self.rules[key][value] if len(self.rules[key]) == 0: del self.rules[key] def query_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) key = (ipv, table, chain) value = (priority, tuple(args)) return (key in self.rules and value in self.rules[key]) def get_rules(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table, chain) if key in self.rules: return self.rules[key] else: raise ValueError("No rules for table '%s' and chain '%s' " %\ (table, chain) + "with ipv '%s'" % (ipv)) def get_all_rules(self): return self.rules # # passthrough # def add_passthrough(self, ipv, args): self._check_ipv(ipv) if ipv not in self.passthroughs: self.passthroughs[ipv] = [ ] if args not in self.passthroughs[ipv]: self.passthroughs[ipv].append(args) else: log.warning("Passthrough '%s' for ipv '%s'" % \ ("',".join(args), ipv) + "already in list, ignoring") def remove_passthrough(self, ipv, args): self._check_ipv(ipv) if ipv in self.passthroughs and args in self.passthroughs[ipv]: self.passthroughs[ipv].remove(args) if len(self.passthroughs[ipv]) == 0: del self.passthroughs[ipv] else: raise ValueError("Passthrough '%s' for ipv '%s'" % \ ("',".join(args), ipv) + "not in list") def query_passthrough(self, ipv, args): self._check_ipv(ipv) return ipv in self.passthroughs and args in self.passthroughs[ipv] def get_passthroughs(self, ipv): self._check_ipv(ipv) if ipv in self.passthroughs: return self.passthroughs[ipv] else: raise ValueError("No passthroughs for ipv '%s'" % (ipv)) def get_all_passthroughs(self): return self.passthroughs # read def read(self): self.cleanup() if not self.filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % self.filename) handler = direct_ContentHandler(self) parser = sax.make_parser() parser.setContentHandler(handler) with open(self.filename, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_TYPE, "Not a valid file: %s" % \ msg.getException()) def write(self): if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.old" % self.filename) except Exception as msg: raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) f = io.open(self.filename, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start whitelist element handler.startElement("direct", { }) handler.ignorableWhitespace("\n") # chains for key in self.chains: (ipv, table) = key for chain in self.chains[key]: handler.ignorableWhitespace(" ") handler.simpleElement("chain", { "ipv": ipv, "table": table, "chain": chain }) handler.ignorableWhitespace("\n") # rules for key in self.rules: (ipv, table, chain) = key for (priority, args) in self.rules[key]: if len(args) < 1: continue handler.ignorableWhitespace(" ") handler.startElement("rule", { "ipv": ipv, "table": table, "chain": chain, "priority": "%d" % priority }) handler.ignorableWhitespace(sax.saxutils.escape(joinArgs(args))) handler.endElement("rule") handler.ignorableWhitespace("\n") # passthroughs for ipv in self.passthroughs: for args in self.passthroughs[ipv]: if len(args) < 1: continue handler.ignorableWhitespace(" ") handler.startElement("passthrough", { "ipv": ipv }) handler.ignorableWhitespace(sax.saxutils.escape(joinArgs(args))) handler.endElement("passthrough") handler.ignorableWhitespace("\n") # end zone element handler.endElement("direct") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/lockdown_whitelist.py0000664007115300711530000003061713614563155025115 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import xml.sax as sax import os import io import shutil from firewall import config from firewall.core.io.io_object import PY2, IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.logger import log from firewall.functions import uniqify, checkUser, checkUid, checkCommand, \ checkContext, u2b_if_py2 from firewall import errors from firewall.errors import FirewallError class lockdown_whitelist_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self.whitelist = False def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "whitelist": if self.whitelist: raise FirewallError(errors.PARSE_ERROR, "More than one whitelist.") self.whitelist = True elif name == "command": if not self.whitelist: log.error("Parse Error: command outside of whitelist") return command = attrs["name"] self.item.add_command(command) elif name == "user": if not self.whitelist: log.error("Parse Error: user outside of whitelist") return if "id" in attrs: try: uid = int(attrs["id"]) except ValueError: log.error("Parse Error: %s is not a valid uid" % attrs["id"]) return self.item.add_uid(uid) elif "name" in attrs: self.item.add_user(attrs["name"]) elif name == "selinux": if not self.whitelist: log.error("Parse Error: selinux outside of whitelist") return if "context" not in attrs: log.error("Parse Error: no context") return self.item.add_context(attrs["context"]) else: log.error('Unknown XML element %s' % name) return class LockdownWhitelist(IO_Object): """ LockdownWhitelist class """ IMPORT_EXPORT_STRUCTURE = ( ( "commands", [ "" ] ), # as ( "contexts", [ "" ] ), # as ( "users", [ "" ] ), # as ( "uids", [ 0 ] ) # ai ) DBUS_SIGNATURE = '(asasasai)' ADDITIONAL_ALNUM_CHARS = [ "_" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "whitelist": None, "command": [ "name" ], "user": None, # "group": None, "selinux": [ "context" ], } PARSER_OPTIONAL_ELEMENT_ATTRS = { "user": [ "id", "name" ], # "group": [ "id", "name" ], } def __init__(self, filename): super(LockdownWhitelist, self).__init__() self.filename = filename self.parser = None self.commands = [ ] self.contexts = [ ] self.users = [ ] self.uids = [ ] # self.gids = [ ] # self.groups = [ ] def _check_config(self, config, item): if item in [ "commands", "contexts", "users", "uids" ]: for x in config: self._check_config(x, item[:-1]) elif item == "command": if not checkCommand(config): raise FirewallError(errors.INVALID_COMMAND, config) elif item == "context": if not checkContext(config): raise FirewallError(errors.INVALID_CONTEXT, config) elif item == "user": if not checkUser(config): raise FirewallError(errors.INVALID_USER, config) elif item == "uid": if not checkUid(config): raise FirewallError(errors.INVALID_UID, config) def cleanup(self): del self.commands[:] del self.contexts[:] del self.users[:] del self.uids[:] # del self.gids[:] # del self.groups[:] def encode_strings(self): """ HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.""" self.commands = [ u2b_if_py2(x) for x in self.commands ] self.contexts = [ u2b_if_py2(x) for x in self.contexts ] self.users = [ u2b_if_py2(x) for x in self.users ] # commands def add_command(self, command): if not checkCommand(command): raise FirewallError(errors.INVALID_COMMAND, command) if command not in self.commands: self.commands.append(command) else: raise FirewallError(errors.ALREADY_ENABLED, 'Command "%s" already in whitelist' % command) def remove_command(self, command): if command in self.commands: self.commands.remove(command) else: raise FirewallError(errors.NOT_ENABLED, 'Command "%s" not in whitelist.' % command) def has_command(self, command): return (command in self.commands) def match_command(self, command): for _command in self.commands: if _command.endswith("*"): if command.startswith(_command[:-1]): return True else: if _command == command: return True return False def get_commands(self): return self.commands # user ids def add_uid(self, uid): if not checkUid(uid): raise FirewallError(errors.INVALID_UID, str(uid)) if uid not in self.uids: self.uids.append(uid) else: raise FirewallError(errors.ALREADY_ENABLED, 'Uid "%s" already in whitelist' % uid) def remove_uid(self, uid): if uid in self.uids: self.uids.remove(uid) else: raise FirewallError(errors.NOT_ENABLED, 'Uid "%s" not in whitelist.' % uid) def has_uid(self, uid): return (uid in self.uids) def match_uid(self, uid): return (uid in self.uids) def get_uids(self): return self.uids # users def add_user(self, user): if not checkUser(user): raise FirewallError(errors.INVALID_USER, user) if user not in self.users: self.users.append(user) else: raise FirewallError(errors.ALREADY_ENABLED, 'User "%s" already in whitelist' % user) def remove_user(self, user): if user in self.users: self.users.remove(user) else: raise FirewallError(errors.NOT_ENABLED, 'User "%s" not in whitelist.' % user) def has_user(self, user): return (user in self.users) def match_user(self, user): return (user in self.users) def get_users(self): return self.users # # group ids # # def add_gid(self, gid): # if gid not in self.gids: # self.gids.append(gid) # # def remove_gid(self, gid): # if gid in self.gids: # self.gids.remove(gid) # else: # raise FirewallError(errors.NOT_ENABLED, # 'Gid "%s" not in whitelist.' % gid) # # def has_gid(self, gid): # return (gid in self.gids) # # def match_gid(self, gid): # return (gid in self.gids) # # def get_gids(self): # return self.gids # # groups # # def add_group(self, group): # if group not in self.groups: # self.groups.append(group) # # def remove_group(self, group): # if group in self.groups: # self.groups.remove(group) # else: # raise FirewallError(errors.NOT_ENABLED, # 'Group "%s" not in whitelist.' % group) # # def has_group(self, group): # return (group in self.groups) # # def match_group(self, group): # return (group in self.groups) # # def get_groups(self): # return self.groups # selinux contexts def add_context(self, context): if not checkContext(context): raise FirewallError(errors.INVALID_CONTEXT, context) if context not in self.contexts: self.contexts.append(context) else: raise FirewallError(errors.ALREADY_ENABLED, 'Context "%s" already in whitelist' % context) def remove_context(self, context): if context in self.contexts: self.contexts.remove(context) else: raise FirewallError(errors.NOT_ENABLED, 'Context "%s" not in whitelist.' % context) def has_context(self, context): return (context in self.contexts) def match_context(self, context): return (context in self.contexts) def get_contexts(self): return self.contexts # read and write def read(self): self.cleanup() if not self.filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % self.filename) handler = lockdown_whitelist_ContentHandler(self) parser = sax.make_parser() parser.setContentHandler(handler) try: parser.parse(self.filename) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_TYPE, "Not a valid file: %s" % \ msg.getException()) del handler del parser if PY2: self.encode_strings() def write(self): if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.old" % self.filename) except Exception as msg: raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) f = io.open(self.filename, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start whitelist element handler.startElement("whitelist", { }) handler.ignorableWhitespace("\n") # commands for command in uniqify(self.commands): handler.ignorableWhitespace(" ") handler.simpleElement("command", { "name": command }) handler.ignorableWhitespace("\n") for uid in uniqify(self.uids): handler.ignorableWhitespace(" ") handler.simpleElement("user", { "id": str(uid) }) handler.ignorableWhitespace("\n") for user in uniqify(self.users): handler.ignorableWhitespace(" ") handler.simpleElement("user", { "name": user }) handler.ignorableWhitespace("\n") # for gid in uniqify(self.gids): # handler.ignorableWhitespace(" ") # handler.simpleElement("user", { "id": str(gid) }) # handler.ignorableWhitespace("\n") # for group in uniqify(self.groups): # handler.ignorableWhitespace(" ") # handler.simpleElement("group", { "name": group }) # handler.ignorableWhitespace("\n") for context in uniqify(self.contexts): handler.ignorableWhitespace(" ") handler.simpleElement("selinux", { "context": context }) handler.ignorableWhitespace("\n") # end whitelist element handler.endElement("whitelist") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/__init__.py0000664007115300711530000000307413341016621022721 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # fix xmlplus to be compatible with the python xml sax parser and python 3 # by adding __contains__ to xml.sax.xmlreader.AttributesImpl import xml if "_xmlplus" in xml.__file__: from xml.sax.xmlreader import AttributesImpl if not hasattr(AttributesImpl, "__contains__"): # this is missing: def __AttributesImpl__contains__(self, name): return name in getattr(self, "_attrs") # add it using the name __contains__ setattr(AttributesImpl, "__contains__", __AttributesImpl__contains__) from xml.sax.saxutils import XMLGenerator if not hasattr(XMLGenerator, "_write"): # this is missing: def __XMLGenerator_write(self, text): getattr(self, "_out").write(text) # add it using the name _write setattr(XMLGenerator, "_write", __XMLGenerator_write) firewalld-0.8.2/src/firewall/core/io/helper.py0000664007115300711530000002024713614563155022456 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Helper", "helper_reader", "helper_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import u2b_if_py2 from firewall.core.io.io_object import PY2, IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator, check_port, \ check_tcpudp from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class Helper(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "family", "", ), # s ( "module", "", ), # s ( "ports", [ ( "", "" ), ], ), # a(ss) ) DBUS_SIGNATURE = '(sssssa(ss))' ADDITIONAL_ALNUM_CHARS = [ "-", "." ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "helper": [ "module" ], } PARSER_OPTIONAL_ELEMENT_ATTRS = { "helper": [ "name", "version", "family" ], "port": [ "port", "protocol" ], } def __init__(self): super(Helper, self).__init__() self.version = "" self.short = "" self.description = "" self.module = "" self.family = "" self.ports = [ ] def cleanup(self): self.version = "" self.short = "" self.description = "" self.module = "" self.family = "" del self.ports[:] def encode_strings(self): """ HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.""" self.version = u2b_if_py2(self.version) self.short = u2b_if_py2(self.short) self.description = u2b_if_py2(self.description) self.module = u2b_if_py2(self.module) self.family = u2b_if_py2(self.family) self.ports = [(u2b_if_py2(po),u2b_if_py2(pr)) for (po,pr) in self.ports] def check_ipv(self, ipv): ipvs = [ 'ipv4', 'ipv6' ] if ipv not in ipvs: raise FirewallError(errors.INVALID_IPV, "'%s' not in '%s'" % (ipv, ipvs)) def _check_config(self, config, item): if item == "ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "module": if not config.startswith("nf_conntrack_"): raise FirewallError( errors.INVALID_MODULE, "'%s' does not start with 'nf_conntrack_'" % config) if len(config.replace("nf_conntrack_", "")) < 1: raise FirewallError(errors.INVALID_MODULE, "Module name '%s' too short" % config) # PARSER class helper_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "helper": if "version" in attrs: self.item.version = attrs["version"] if "family" in attrs: self.item.check_ipv(attrs["family"]) self.item.family = attrs["family"] if "module" in attrs: if not attrs["module"].startswith("nf_conntrack_"): raise FirewallError( errors.INVALID_MODULE, "'%s' does not start with 'nf_conntrack_'" % \ attrs["module"]) if len(attrs["module"].replace("nf_conntrack_", "")) < 1: raise FirewallError( errors.INVALID_MODULE, "Module name '%s' too short" % attrs["module"]) self.item.module = attrs["module"] elif name == "short": pass elif name == "description": pass elif name == "port": check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (attrs["port"], attrs["protocol"]) if entry not in self.item.ports: self.item.ports.append(entry) else: log.warning("Port '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) def helper_reader(filename, path): helper = Helper() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) helper.name = filename[:-4] helper.check_name(helper.name) helper.filename = filename helper.path = path helper.builtin = False if path.startswith(config.ETC_FIREWALLD) else True helper.default = helper.builtin handler = helper_ContentHandler(helper) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_HELPER, "not a valid helper file: %s" % \ msg.getException()) del handler del parser if PY2: helper.encode_strings() return helper def helper_writer(helper, path=None): _path = path if path else helper.path if helper.filename: name = "%s/%s" % (_path, helper.filename) else: name = "%s/%s.xml" % (_path, helper.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start helper element attrs = {} attrs["module"] = helper.module if helper.version and helper.version != "": attrs["version"] = helper.version if helper.family and helper.family != "": attrs["family"] = helper.family handler.startElement("helper", attrs) handler.ignorableWhitespace("\n") # short if helper.short and helper.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(helper.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if helper.description and helper.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(helper.description) handler.endElement("description") handler.ignorableWhitespace("\n") # ports for port in helper.ports: handler.ignorableWhitespace(" ") handler.simpleElement("port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # end helper element handler.endElement('helper') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/io_object.py0000664007115300711530000002773413620317435023137 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Generic io_object handler, io specific check methods.""" __all__ = [ "PY2", "IO_Object", "IO_Object_ContentHandler", "IO_Object_XMLGenerator", "check_port", "check_tcpudp", "check_protocol", "check_address" ] import xml.sax as sax import xml.sax.saxutils as saxutils import copy import sys from firewall import functions from firewall.functions import b2u from firewall import errors from firewall.errors import FirewallError PY2 = sys.version < '3' class IO_Object(object): """ Abstract IO_Object as base for icmptype, service and zone """ IMPORT_EXPORT_STRUCTURE = ( ) DBUS_SIGNATURE = '()' ADDITIONAL_ALNUM_CHARS = [ ] # additional to alnum PARSER_REQUIRED_ELEMENT_ATTRS = { } PARSER_OPTIONAL_ELEMENT_ATTRS = { } def __init__(self): self.filename = "" self.path = "" self.name = "" self.default = False self.builtin = False def export_config(self): ret = [ ] for x in self.IMPORT_EXPORT_STRUCTURE: ret.append(copy.deepcopy(getattr(self, x[0]))) return tuple(ret) def import_config(self, conf): self.check_config(conf) for i,(element,dummy) in enumerate(self.IMPORT_EXPORT_STRUCTURE): if isinstance(conf[i], list): # remove duplicates without changing the order _conf = [ ] _set = set() for x in conf[i]: if x not in _set: _conf.append(x) _set.add(x) del _set setattr(self, element, copy.deepcopy(_conf)) else: setattr(self, element, copy.deepcopy(conf[i])) def check_name(self, name): if not isinstance(name, str): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % (name, type(""), type(name))) if len(name) < 1: raise FirewallError(errors.INVALID_NAME, "name can't be empty") for char in name: if not char.isalnum() and char not in self.ADDITIONAL_ALNUM_CHARS: raise FirewallError( errors.INVALID_NAME, "'%s' is not allowed in '%s'" % ((char, name))) def check_config(self, conf): if len(conf) != len(self.IMPORT_EXPORT_STRUCTURE): raise FirewallError( errors.INVALID_TYPE, "structure size mismatch %d != %d" % \ (len(conf), len(self.IMPORT_EXPORT_STRUCTURE))) for i,(element,value) in enumerate(self.IMPORT_EXPORT_STRUCTURE): self._check_config_structure(conf[i], value) self._check_config(conf[i], element) def _check_config(self, dummy1, dummy2): # to be overloaded by sub classes return def _check_config_structure(self, conf, structure): if not isinstance(conf, type(structure)): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % \ (conf, type(structure), type(conf))) if isinstance(structure, list): # same type elements, else struct if len(structure) != 1: raise FirewallError(errors.INVALID_TYPE, "len('%s') != 1" % structure) for x in conf: self._check_config_structure(x, structure[0]) elif isinstance(structure, tuple): if len(structure) != len(conf): raise FirewallError(errors.INVALID_TYPE, "len('%s') != %d" % (conf, len(structure))) for i,value in enumerate(structure): self._check_config_structure(conf[i], value) elif isinstance(structure, dict): # only one key value pair in structure (skey, svalue) = list(structure.items())[0] for (key, value) in conf.items(): if not isinstance(key, type(skey)): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % (\ key, type(skey), type(key))) if not isinstance(value, type(svalue)): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % (\ value, type(svalue), type(value))) # check required elements and attributes and also optional attributes def parser_check_element_attrs(self, name, attrs): _attrs = attrs.getNames() found = False if name in self.PARSER_REQUIRED_ELEMENT_ATTRS: found = True if self.PARSER_REQUIRED_ELEMENT_ATTRS[name] is not None: for x in self.PARSER_REQUIRED_ELEMENT_ATTRS[name]: if x in _attrs: _attrs.remove(x) else: raise FirewallError( errors.PARSE_ERROR, "Missing attribute %s for %s" % (x, name)) if name in self.PARSER_OPTIONAL_ELEMENT_ATTRS: found = True for x in self.PARSER_OPTIONAL_ELEMENT_ATTRS[name]: if x in _attrs: _attrs.remove(x) if not found: raise FirewallError(errors.PARSE_ERROR, "Unexpected element %s" % name) # raise attributes[0] for x in _attrs: raise FirewallError(errors.PARSE_ERROR, "%s: Unexpected attribute %s" % (name, x)) # PARSER class UnexpectedElementError(Exception): def __init__(self, name): super(UnexpectedElementError, self).__init__() self.name = name def __str__(self): return "Unexpected element '%s'" % (self.name) class MissingAttributeError(Exception): def __init__(self, name, attribute): super(MissingAttributeError, self).__init__() self.name = name self.attribute = attribute def __str__(self): return "Element '%s': missing '%s' attribute" % \ (self.name, self.attribute) class UnexpectedAttributeError(Exception): def __init__(self, name, attribute): super(UnexpectedAttributeError, self).__init__() self.name = name self.attribute = attribute def __str__(self): return "Element '%s': unexpected attribute '%s'" % \ (self.name, self.attribute) class IO_Object_ContentHandler(sax.handler.ContentHandler): def __init__(self, item): self.item = item self._element = "" def startDocument(self): self._element = "" def startElement(self, name, attrs): self._element = "" def endElement(self, name): if name == "short": self.item.short = self._element elif name == "description": self.item.description = self._element def characters(self, content): self._element += content.replace('\n', ' ') class IO_Object_XMLGenerator(saxutils.XMLGenerator): def __init__(self, out): # fix memory leak in saxutils.XMLGenerator.__init__: # out = _gettextwriter(out, encoding) # creates unbound object results in garbage in gc # # saxutils.XMLGenerator.__init__(self, out, "utf-8") # replaced by modified saxutils.XMLGenerator.__init__ code: sax.handler.ContentHandler.__init__(self) self._write = out.write self._flush = out.flush self._ns_contexts = [{}] # contains uri -> prefix dicts self._current_context = self._ns_contexts[-1] self._undeclared_ns_maps = [] self._encoding = "utf-8" self._pending_start_element = False self._short_empty_elements = False def startElement(self, name, attrs): """ saxutils.XMLGenerator.startElement() expects name and attrs to be unicode and bad things happen if any of them is (utf-8) encoded. We override the method here to sanitize this case. Can be removed once we drop Python2 support. """ if PY2: attrs = { b2u(name):b2u(value) for name, value in attrs.items() } saxutils.XMLGenerator.startElement(self, name, attrs) def simpleElement(self, name, attrs): """ slightly modified startElement() """ if PY2: self._write(u'<' + b2u(name)) for (name, value) in attrs.items(): self._write(u' %s=%s' % (b2u(name), saxutils.quoteattr(b2u(value)))) self._write(u'/>') else: self._write('<' + name) for (name, value) in attrs.items(): self._write(' %s=%s' % (name, saxutils.quoteattr(value))) self._write('/>') def endElement(self, name): """ saxutils.XMLGenerator.endElement() expects name to be unicode and bad things happen if it's (utf-8) encoded. We override the method here to sanitize this case. Can be removed once we drop Python2 support. """ saxutils.XMLGenerator.endElement(self, b2u(name)) def characters(self, content): """ saxutils.XMLGenerator.characters() expects content to be unicode and bad things happen if it's (utf-8) encoded. We override the method here to sanitize this case. Can be removed once we drop Python2 support. """ saxutils.XMLGenerator.characters(self, b2u(content)) def ignorableWhitespace(self, content): """ saxutils.XMLGenerator.ignorableWhitespace() expects content to be unicode and bad things happen if it's (utf-8) encoded. We override the method here to sanitize this case. Can be removed once we drop Python2 support. """ saxutils.XMLGenerator.ignorableWhitespace(self, b2u(content)) def check_port(port): port_range = functions.getPortRange(port) if port_range == -2: raise FirewallError(errors.INVALID_PORT, "port number in '%s' is too big" % port) elif port_range == -1: raise FirewallError(errors.INVALID_PORT, "'%s' is invalid port range" % port) elif port_range is None: raise FirewallError(errors.INVALID_PORT, "port range '%s' is ambiguous" % port) elif len(port_range) == 2 and port_range[0] >= port_range[1]: raise FirewallError(errors.INVALID_PORT, "'%s' is invalid port range" % port) def check_tcpudp(protocol): if protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not from {'tcp'|'udp'|'sctp'|'dccp'}" % \ protocol) def check_protocol(protocol): if not functions.checkProtocol(protocol): raise FirewallError(errors.INVALID_PROTOCOL, protocol) def check_address(ipv, addr): if not functions.check_address(ipv, addr): raise FirewallError(errors.INVALID_ADDR, "'%s' is not valid %s address" % (addr, ipv)) firewalld-0.8.2/src/firewall/core/io/ipset.py0000664007115300711530000005117113614563155022323 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ipset io XML handler, reader, writer""" __all__ = [ "IPSet", "ipset_reader", "ipset_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import checkIP, checkIP6, checkIPnMask, \ checkIP6nMask, u2b_if_py2, check_mac, check_port, checkInterface, \ checkProtocol from firewall.core.io.io_object import PY2, IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.ipset import IPSET_TYPES, IPSET_CREATE_OPTIONS from firewall.core.icmp import check_icmp_name, check_icmp_type, \ check_icmpv6_name, check_icmpv6_type from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class IPSet(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "type", "" ), # s ( "options", { "": "", }, ), # a{ss} ( "entries", [ "" ], ), # as ) DBUS_SIGNATURE = '(ssssa{ss}as)' ADDITIONAL_ALNUM_CHARS = [ "_", "-", ":", "." ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "ipset": [ "type" ], "option": [ "name" ], "entry": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "ipset": [ "version" ], "option": [ "value" ], } def __init__(self): super(IPSet, self).__init__() self.version = "" self.short = "" self.description = "" self.type = "" self.entries = [ ] self.options = { } self.applied = False def cleanup(self): self.version = "" self.short = "" self.description = "" self.type = "" del self.entries[:] self.options.clear() self.applied = False def encode_strings(self): """ HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.""" self.version = u2b_if_py2(self.version) self.short = u2b_if_py2(self.short) self.description = u2b_if_py2(self.description) self.type = u2b_if_py2(self.type) self.options = { u2b_if_py2(k):u2b_if_py2(v) for k, v in self.options.items() } self.entries = [ u2b_if_py2(e) for e in self.entries ] @staticmethod def check_entry(entry, options, ipset_type): family = "ipv4" if "family" in options: if options["family"] == "inet6": family = "ipv6" if not ipset_type.startswith("hash:"): raise FirewallError(errors.INVALID_IPSET, "ipset type '%s' not usable" % ipset_type) flags = ipset_type[5:].split(",") items = entry.split(",") if len(flags) != len(items) or len(flags) < 1: raise FirewallError( errors.INVALID_ENTRY, "entry '%s' does not match ipset type '%s'" % \ (entry, ipset_type)) for i in range(len(flags)): flag = flags[i] item = items[i] if flag == "ip": if "-" in item and family == "ipv4": # IP ranges only with plain IPs, no masks if i > 1: raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s'[%d]" % \ (item, entry, i)) splits = item.split("-") if len(splits) != 2: raise FirewallError( errors.INVALID_ENTRY, "invalid address range '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) for _split in splits: if (family == "ipv4" and not checkIP(_split)) or \ (family == "ipv6" and not checkIP6(_split)): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (_split, entry, ipset_type, family)) else: # IPs with mask only allowed in the first # position of the type if family == "ipv4": if item == "0.0.0.0": raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) if i == 0: ip_check = checkIPnMask else: ip_check = checkIP else: ip_check = checkIP6 if not ip_check(item): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) elif flag == "net": if "-" in item: # IP ranges only with plain IPs, no masks splits = item.split("-") if len(splits) != 2: raise FirewallError( errors.INVALID_ENTRY, "invalid address range '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) # First part can only be a plain IP if (family == "ipv4" and not checkIP(splits[0])) or \ (family == "ipv6" and not checkIP6(splits[0])): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (splits[0], entry, ipset_type, family)) # Second part can also have a mask if (family == "ipv4" and not checkIPnMask(splits[1])) or \ (family == "ipv6" and not checkIP6nMask(splits[1])): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (splits[1], entry, ipset_type, family)) else: # IPs with mask allowed in all positions, but no /0 if item.endswith("/0"): if not (family == "ipv6" and i == 0 and ipset_type == "hash:net,iface"): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) if (family == "ipv4" and not checkIPnMask(item)) or \ (family == "ipv6" and not checkIP6nMask(item)): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) elif flag == "mac": # ipset does not allow to add 00:00:00:00:00:00 if not check_mac(item) or item == "00:00:00:00:00:00": raise FirewallError( errors.INVALID_ENTRY, "invalid mac address '%s' in '%s'" % (item, entry)) elif flag == "port": if ":" in item: splits = item.split(":") if len(splits) != 2: raise FirewallError( errors.INVALID_ENTRY, "invalid port '%s'" % (item)) if splits[0] == "icmp": if family != "ipv4": raise FirewallError( errors.INVALID_ENTRY, "invalid protocol for family '%s' in '%s'" % \ (family, entry)) if not check_icmp_name(splits[1]) and not \ check_icmp_type(splits[1]): raise FirewallError( errors.INVALID_ENTRY, "invalid icmp type '%s' in '%s'" % \ (splits[1], entry)) elif splits[0] in [ "icmpv6", "ipv6-icmp" ]: if family != "ipv6": raise FirewallError( errors.INVALID_ENTRY, "invalid protocol for family '%s' in '%s'" % \ (family, entry)) if not check_icmpv6_name(splits[1]) and not \ check_icmpv6_type(splits[1]): raise FirewallError( errors.INVALID_ENTRY, "invalid icmpv6 type '%s' in '%s'" % \ (splits[1], entry)) elif splits[0] not in [ "tcp", "sctp", "udp", "udplite" ] \ and not checkProtocol(splits[0]): raise FirewallError( errors.INVALID_ENTRY, "invalid protocol '%s' in '%s'" % (splits[0], entry)) elif not check_port(splits[1]): raise FirewallError( errors.INVALID_ENTRY, "invalid port '%s'in '%s'" % (splits[1], entry)) else: if not check_port(item): raise FirewallError( errors.INVALID_ENTRY, "invalid port '%s' in '%s'" % (item, entry)) elif flag == "mark": if item.startswith("0x"): try: int_val = int(item, 16) except ValueError: raise FirewallError( errors.INVALID_ENTRY, "invalid mark '%s' in '%s'" % (item, entry)) else: try: int_val = int(item) except ValueError: raise FirewallError( errors.INVALID_ENTRY, "invalid mark '%s' in '%s'" % (item, entry)) if int_val < 0 or int_val > 4294967295: raise FirewallError( errors.INVALID_ENTRY, "invalid mark '%s' in '%s'" % (item, entry)) elif flag == "iface": if not checkInterface(item) or len(item) > 15: raise FirewallError( errors.INVALID_ENTRY, "invalid interface '%s' in '%s'" % (item, entry)) else: raise FirewallError(errors.INVALID_IPSET, "ipset type '%s' not usable" % ipset_type) def _check_config(self, config, item): if item == "type": if config not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, "'%s' is not valid ipset type" % config) if item == "options": for key in config.keys(): if key not in IPSET_CREATE_OPTIONS: raise FirewallError(errors.INVALID_IPSET, "ipset invalid option '%s'" % key) if key in [ "timeout", "hashsize", "maxelem" ]: try: int_value = int(config[key]) except ValueError: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is not an integer" % \ (key, config[key])) if int_value < 0: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is negative" % \ (key, config[key])) elif key == "family" and \ config[key] not in [ "inet", "inet6" ]: raise FirewallError(errors.INVALID_FAMILY, config[key]) def import_config(self, config): if "timeout" in config[4] and config[4]["timeout"] != "0": if len(config[5]) != 0: raise FirewallError(errors.IPSET_WITH_TIMEOUT) for entry in config[5]: IPSet.check_entry(entry, config[4], config[3]) super(IPSet, self).import_config(config) # PARSER class ipset_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "ipset": if "type" in attrs: if attrs["type"] not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, "%s" % attrs["type"]) self.item.type = attrs["type"] if "version" in attrs: self.item.version = attrs["version"] elif name == "short": pass elif name == "description": pass elif name == "option": value = "" if "value" in attrs: value = attrs["value"] if attrs["name"] not in \ [ "family", "timeout", "hashsize", "maxelem" ]: raise FirewallError( errors.INVALID_OPTION, "Unknown option '%s'" % attrs["name"]) if self.item.type == "hash:mac" and attrs["name"] in [ "family" ]: raise FirewallError( errors.INVALID_OPTION, "Unsupported option '%s' for type '%s'" % \ (attrs["name"], self.item.type)) if attrs["name"] in [ "family", "timeout", "hashsize", "maxelem" ] \ and not value: raise FirewallError( errors.INVALID_OPTION, "Missing mandatory value of option '%s'" % attrs["name"]) if attrs["name"] in [ "timeout", "hashsize", "maxelem" ]: try: int_value = int(value) except ValueError: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is not an integer" % \ (attrs["name"], value)) if int_value < 0: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is negative" % \ (attrs["name"], value)) if attrs["name"] == "family" and value not in [ "inet", "inet6" ]: raise FirewallError(errors.INVALID_FAMILY, value) if attrs["name"] not in self.item.options: self.item.options[attrs["name"]] = value else: log.warning("Option %s already set, ignoring.", attrs["name"]) # nothing to do for entry and entries here def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "entry": self.item.entries.append(self._element) def ipset_reader(filename, path): ipset = IPSet() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) ipset.name = filename[:-4] ipset.check_name(ipset.name) ipset.filename = filename ipset.path = path ipset.builtin = False if path.startswith(config.ETC_FIREWALLD) else True ipset.default = ipset.builtin handler = ipset_ContentHandler(ipset) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_IPSET, "not a valid ipset file: %s" % \ msg.getException()) del handler del parser if "timeout" in ipset.options and ipset.options["timeout"] != "0" and \ len(ipset.entries) > 0: # no entries visible for ipsets with timeout log.warning("ipset '%s': timeout option is set, entries are ignored", ipset.name) del ipset.entries[:] i = 0 entries_set = set() while i < len(ipset.entries): if ipset.entries[i] in entries_set: log.warning("Entry %s already set, ignoring.", ipset.entries[i]) ipset.entries.pop(i) else: try: ipset.check_entry(ipset.entries[i], ipset.options, ipset.type) except FirewallError as e: log.warning("%s, ignoring.", e) ipset.entries.pop(i) else: entries_set.add(ipset.entries[i]) i += 1 del entries_set if PY2: ipset.encode_strings() return ipset def ipset_writer(ipset, path=None): _path = path if path else ipset.path if ipset.filename: name = "%s/%s" % (_path, ipset.filename) else: name = "%s/%s.xml" % (_path, ipset.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start ipset element attrs = { "type": ipset.type } if ipset.version and ipset.version != "": attrs["version"] = ipset.version handler.startElement("ipset", attrs) handler.ignorableWhitespace("\n") # short if ipset.short and ipset.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(ipset.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if ipset.description and ipset.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(ipset.description) handler.endElement("description") handler.ignorableWhitespace("\n") # options for key,value in ipset.options.items(): handler.ignorableWhitespace(" ") if value != "": handler.simpleElement("option", { "name": key, "value": value }) else: handler.simpleElement("option", { "name": key }) handler.ignorableWhitespace("\n") # entries for entry in ipset.entries: handler.ignorableWhitespace(" ") handler.startElement("entry", { }) handler.characters(entry) handler.endElement("entry") handler.ignorableWhitespace("\n") # end ipset element handler.endElement('ipset') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-0.8.2/src/firewall/core/io/firewalld_conf.py0000664007115300711530000003153713626005157024155 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os.path import io import tempfile import shutil from firewall import config from firewall.core.logger import log from firewall.functions import b2u, u2b, PY2 valid_keys = [ "DefaultZone", "MinimalMark", "CleanupOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ] class firewalld_conf(object): def __init__(self, filename): self._config = { } self._deleted = [ ] self.filename = filename self.clear() def clear(self): self._config = { } self._deleted = [ ] def cleanup(self): self._config.clear() self._deleted = [ ] def get(self, key): return self._config.get(key.strip()) def set(self, key, value): _key = b2u(key.strip()) self._config[_key] = b2u(value.strip()) if _key in self._deleted: self._deleted.remove(_key) def __str__(self): s = "" for (key,value) in self._config.items(): if s: s += '\n' s += '%s=%s' % (key, value) return u2b(s) if PY2 else s # load self.filename def read(self): self.clear() try: f = open(self.filename, "r") except Exception as msg: log.error("Failed to load '%s': %s", self.filename, msg) self.set("DefaultZone", config.FALLBACK_ZONE) self.set("MinimalMark", str(config.FALLBACK_MINIMAL_MARK)) self.set("CleanupOnExit", "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no") self.set("Lockdown", "yes" if config.FALLBACK_LOCKDOWN else "no") self.set("IPv6_rpfilter","yes" if config.FALLBACK_IPV6_RPFILTER else "no") self.set("IndividualCalls", "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no") self.set("LogDenied", config.FALLBACK_LOG_DENIED) self.set("AutomaticHelpers", config.FALLBACK_AUTOMATIC_HELPERS) self.set("FirewallBackend", config.FALLBACK_FIREWALL_BACKEND) self.set("FlushAllOnReload", "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no") self.set("RFC3964_IPv4", "yes" if config.FALLBACK_RFC3964_IPV4 else "no") self.set("AllowZoneDrifting", "yes" if config.FALLBACK_ALLOW_ZONE_DRIFTING else "no") raise for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue # get key/value pair pair = [ x.strip() for x in line.split("=") ] if len(pair) != 2: log.error("Invalid option definition: '%s'", line.strip()) continue elif pair[0] not in valid_keys: log.error("Invalid option: '%s'", line.strip()) continue elif pair[1] == '': log.error("Missing value: '%s'", line.strip()) continue elif self._config.get(pair[0]) is not None: log.error("Duplicate option definition: '%s'", line.strip()) continue self._config[pair[0]] = pair[1] f.close() # check default zone if not self.get("DefaultZone"): log.error("DefaultZone is not set, using default value '%s'", config.FALLBACK_ZONE) self.set("DefaultZone", str(config.FALLBACK_ZONE)) # check minimal mark value = self.get("MinimalMark") try: int(value) except (ValueError, TypeError): if value is not None: log.warning("MinimalMark '%s' is not valid, using default " "value '%d'", value if value else '', config.FALLBACK_MINIMAL_MARK) self.set("MinimalMark", str(config.FALLBACK_MINIMAL_MARK)) # check cleanup on exit value = self.get("CleanupOnExit") if not value or value.lower() not in [ "no", "false", "yes", "true" ]: if value is not None: log.warning("CleanupOnExit '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_CLEANUP_ON_EXIT) self.set("CleanupOnExit", "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no") # check lockdown value = self.get("Lockdown") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("Lockdown '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_LOCKDOWN) self.set("Lockdown", "yes" if config.FALLBACK_LOCKDOWN else "no") # check ipv6_rpfilter value = self.get("IPv6_rpfilter") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("IPv6_rpfilter '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_IPV6_RPFILTER) self.set("IPv6_rpfilter","yes" if config.FALLBACK_IPV6_RPFILTER else "no") # check individual calls value = self.get("IndividualCalls") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("IndividualCalls '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_INDIVIDUAL_CALLS) self.set("IndividualCalls", "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no") # check log denied value = self.get("LogDenied") if not value or value not in config.LOG_DENIED_VALUES: if value is not None: log.warning("LogDenied '%s' is invalid, using default value '%s'", value, config.FALLBACK_LOG_DENIED) self.set("LogDenied", str(config.FALLBACK_LOG_DENIED)) # check automatic helpers value = self.get("AutomaticHelpers") if not value or value.lower() not in config.AUTOMATIC_HELPERS_VALUES: if value is not None: log.warning("AutomaticHelpers '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_AUTOMATIC_HELPERS) self.set("AutomaticHelpers", str(config.FALLBACK_AUTOMATIC_HELPERS)) value = self.get("FirewallBackend") if not value or value.lower() not in config.FIREWALL_BACKEND_VALUES: if value is not None: log.warning("FirewallBackend '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_FIREWALL_BACKEND) self.set("FirewallBackend", str(config.FALLBACK_FIREWALL_BACKEND)) value = self.get("FlushAllOnReload") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("FlushAllOnReload '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_FLUSH_ALL_ON_RELOAD) self.set("FlushAllOnReload", str(config.FALLBACK_FLUSH_ALL_ON_RELOAD)) value = self.get("RFC3964_IPv4") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("RFC3964_IPv4 '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_RFC3964_IPV4) self.set("RFC3964_IPv4", str(config.FALLBACK_RFC3964_IPV4)) value = self.get("AllowZoneDrifting") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("AllowZoneDrifting '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_ALLOW_ZONE_DRIFTING) self.set("AllowZoneDrifting", str(config.FALLBACK_ALLOW_ZONE_DRIFTING)) # save to self.filename if there are key/value changes def write(self): if len(self._config) < 1: # no changes: nothing to do return # handled keys done = [ ] if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) try: temp_file = tempfile.NamedTemporaryFile(mode='wt', prefix="%s." % os.path.basename(self.filename), dir=os.path.dirname(self.filename), delete=False) except Exception as msg: log.error("Failed to open temporary file: %s" % msg) raise modified = False empty = False try: f= io.open(self.filename, mode='rt', encoding='UTF-8') except Exception as msg: if os.path.exists(self.filename): log.error("Failed to open '%s': %s" % (self.filename, msg)) raise else: f = None else: for line in f: if not line: break # remove newline line = line.strip("\n") if len(line) < 1: if not empty: temp_file.write(u"\n") empty = True elif line[0] == '#': empty = False temp_file.write(line) temp_file.write(u"\n") else: p = line.split("=") if len(p) != 2: empty = False temp_file.write(line+u"\n") continue key = p[0].strip() value = p[1].strip() # check for modified key/value pairs if key not in done: if (key in self._config and \ self._config[key] != value): empty = False temp_file.write(u'%s=%s\n' % (key, self._config[key])) modified = True elif key in self._deleted: modified = True else: empty = False temp_file.write(line+u"\n") done.append(key) else: modified = True # write remaining key/value pairs if len(self._config) > 0: for (key,value) in self._config.items(): if key in done: continue if key in ["MinimalMark", "AutomaticHelpers"]: # omit deprecated from new config continue if not empty: temp_file.write(u"\n") empty = True temp_file.write(u'%s=%s\n' % (key, value)) modified = True if f: f.close() temp_file.close() if not modified: # not modified: remove tempfile os.remove(temp_file.name) return # make backup if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.old" % self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) # copy tempfile try: shutil.move(temp_file.name, self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Failed to create '%s': %s" % (self.filename, msg)) else: os.chmod(self.filename, 0o600) firewalld-0.8.2/src/firewall/core/helper.py0000664007115300711530000000144413341016621022031 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """The helper maxnamelen""" HELPER_MAXNAMELEN = 32 firewalld-0.8.2/src/firewall/core/modules.py0000664007115300711530000000720213341016621022220 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """modules backend""" __all__ = [ "modules" ] from firewall.core.prog import runProg from firewall.core.logger import log from firewall.config import COMMANDS class modules(object): def __init__(self): self._load_command = COMMANDS["modprobe"] # Use rmmod instead of modprobe -r (RHBZ#1031102) self._unload_command = COMMANDS["rmmod"] def __repr__(self): return '%s' % (self.__class__) def loaded_modules(self): """ get all loaded kernel modules and their dependencies """ mods = [ ] deps = { } with open("/proc/modules", "r") as f: for line in f: if not line: break line = line.strip() splits = line.split() mods.append(splits[0]) if splits[3] != "-": deps[splits[0]] = splits[3].split(",")[:-1] else: deps[splits[0]] = [ ] return mods, deps # [loaded modules], {module:[dependants]} def load_module(self, module): log.debug2("%s: %s %s", self.__class__, self._load_command, module) return runProg(self._load_command, [ module ]) def unload_module(self, module): log.debug2("%s: %s %s", self.__class__, self._unload_command, module) return runProg(self._unload_command, [ module ]) def get_deps(self, module, deps, ret): """ get all dependants of a module """ if module not in deps: return for mod in deps[module]: self.get_deps(mod, deps, ret) if mod not in ret: ret.append(mod) if module not in ret: ret.append(module) def get_firewall_modules(self): """ get all loaded firewall-related modules """ mods = [ ] (mods2, deps) = self.loaded_modules() self.get_deps("nf_conntrack", deps, mods) # these modules don't have dependants listed in /proc/modules for bad_bad_module in ["nf_conntrack_ipv4", "nf_conntrack_ipv6"]: if bad_bad_module in mods: # move them to end of list, so we'll remove them later mods.remove(bad_bad_module) mods.insert(-1, bad_bad_module) for mod in mods2: if mod in [ "ip_tables", "ip6_tables", "ebtables" ] or \ mod.startswith("iptable_") or mod.startswith("ip6table_") or \ mod.startswith("nf_") or mod.startswith("xt_") or \ mod.startswith("ipt_") or mod.startswith("ip6t_") : self.get_deps(mod, deps, mods) return mods def unload_firewall_modules(self): """ unload all firewall-related modules """ for module in self.get_firewall_modules(): (status, ret) = self.unload_module(module) if status != 0: log.debug1("Failed to unload module '%s': %s" %(module, ret)) firewalld-0.8.2/src/firewall/core/fw_ifcfg.py0000664007115300711530000000500213614563155022332 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Functions to search for and change ifcfg files""" __all__ = [ "search_ifcfg_of_interface", "ifcfg_set_zone_of_interface" ] import os import os.path from firewall import config from firewall.core.logger import log from firewall.core.io.ifcfg import ifcfg def search_ifcfg_of_interface(interface): """search ifcfg file for the interface in config.IFCFGDIR""" # Return quickly if config.IFCFGDIR does not exist if not os.path.exists(config.IFCFGDIR): return None for filename in sorted(os.listdir(config.IFCFGDIR)): if not filename.startswith("ifcfg-"): continue for ignored in [ ".bak", ".orig", ".rpmnew", ".rpmorig", ".rpmsave", "-range" ]: if filename.endswith(ignored): continue if "." in filename: continue ifcfg_file = ifcfg("%s/%s" % (config.IFCFGDIR, filename)) ifcfg_file.read() if ifcfg_file.get("DEVICE") == interface: return ifcfg_file # Wasn't found above, so assume filename matches the device we want filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface) if os.path.exists(filename): ifcfg_file = ifcfg(filename) ifcfg_file.read() return ifcfg_file return None def ifcfg_set_zone_of_interface(zone, interface): """Set zone (ZONE=) in the ifcfg file that uses the interface (DEVICE=)""" if zone is None: zone = "" ifcfg_file = search_ifcfg_of_interface(interface) if ifcfg_file is not None and ifcfg_file.get("ZONE") != zone and not \ (ifcfg_file.get("ZONE") is None and zone == ""): log.debug1("Setting ZONE=%s in '%s'" % (zone, ifcfg_file.filename)) ifcfg_file.set("ZONE", zone) ifcfg_file.write() firewalld-0.8.2/src/firewall/core/fw_nm.py0000664007115300711530000001477213614563155021704 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Functions for NetworkManager interaction""" __all__ = [ "check_nm_imported", "nm_is_imported", "nm_get_zone_of_connection", "nm_set_zone_of_connection", "nm_get_connections", "nm_get_connection_of_interface", "nm_get_bus_name", "nm_get_dbus_interface" ] import gi from gi.repository import GLib try: gi.require_version('NM', '1.0') except ValueError: _nm_imported = False else: try: from gi.repository import NM _nm_imported = True except (ImportError, ValueError, GLib.Error): _nm_imported = False _nm_client = None from firewall import errors from firewall.errors import FirewallError from firewall.core.logger import log import dbus def check_nm_imported(): """Check function to raise a MISSING_IMPORT error if the import of NM failed """ if not _nm_imported: raise FirewallError(errors.MISSING_IMPORT, "gi.repository.NM = 1.0") def nm_is_imported(): """Returns true if NM has been properly imported @return True if import was successful, False otherwirse """ return _nm_imported def nm_get_client(): """Returns the NM client object or None if the import of NM failed @return NM.Client instance if import was successful, None otherwise """ global _nm_client if not _nm_client: _nm_client = NM.Client.new(None) return _nm_client def nm_get_zone_of_connection(connection): """Get zone of connection from NM @param connection name @return zone string setting of connection, empty string if not set, None if connection is unknown """ check_nm_imported() con = nm_get_client().get_connection_by_uuid(connection) if con is None: return None setting_con = con.get_setting_connection() if setting_con is None: return None try: if con.get_flags() & (NM.SettingsConnectionFlags.NM_GENERATED | NM.SettingsConnectionFlags.NM_VOLATILE): return "" except AttributeError: # Prior to NetworkManager 1.12, we can only guess # that a connection was generated/volatile. if con.get_unsaved(): return "" zone = setting_con.get_zone() if zone is None: zone = "" return zone def nm_set_zone_of_connection(zone, connection): """Set the zone for a connection @param zone name @param connection name @return True if zone was set, else False """ check_nm_imported() con = nm_get_client().get_connection_by_uuid(connection) if con is None: return False setting_con = con.get_setting_connection() if setting_con is None: return False if zone == "": zone = None setting_con.set_property("zone", zone) return con.commit_changes(True, None) def nm_get_connections(connections, connections_name): """Get active connections from NM @param connections return dict @param connections_name return dict """ connections.clear() connections_name.clear() check_nm_imported() active_connections = nm_get_client().get_active_connections() for active_con in active_connections: # ignore vpn devices for now if active_con.get_vpn(): continue name = active_con.get_id() uuid = active_con.get_uuid() devices = active_con.get_devices() connections_name[uuid] = name for dev in devices: connections[dev.get_iface()] = uuid def nm_get_interfaces(): """Get active interfaces from NM @returns list of interface names """ check_nm_imported() active_interfaces = [] for active_con in nm_get_client().get_active_connections(): # ignore vpn devices for now if active_con.get_vpn(): continue try: con = active_con.get_connection() if con.get_flags() & (NM.SettingsConnectionFlags.NM_GENERATED | NM.SettingsConnectionFlags.NM_VOLATILE): continue except AttributeError: # Prior to NetworkManager 1.12, we can only guess # that a connection was generated/volatile. if con.get_unsaved(): continue for dev in active_con.get_devices(): active_interfaces.append(dev.get_iface()) return active_interfaces def nm_get_interfaces_in_zone(zone): interfaces = [] for interface in nm_get_interfaces(): conn = nm_get_connection_of_interface(interface) if zone == nm_get_zone_of_connection(conn): interfaces.append(interface) return interfaces def nm_get_connection_of_interface(interface): """Get connection from NM that is using the interface @param interface name @returns connection that is using interface or None """ check_nm_imported() device = nm_get_client().get_device_by_iface(interface) if device is None: return None active_con = device.get_active_connection() if active_con is None: return None try: con = active_con.get_connection() if con.get_flags() & NM.SettingsConnectionFlags.NM_GENERATED: return None except AttributeError: # Prior to NetworkManager 1.12, we can only guess # that a connection was generated. if con.get_unsaved(): return None return active_con.get_uuid() def nm_get_bus_name(): if not _nm_imported: return None try: bus = dbus.SystemBus() obj = bus.get_object(NM.DBUS_INTERFACE, NM.DBUS_PATH) name = obj.bus_name del obj, bus return name except Exception: log.debug2("Failed to get bus name of NetworkManager") return None def nm_get_dbus_interface(): if not _nm_imported: return "" return NM.DBUS_INTERFACE firewalld-0.8.2/src/firewall/core/ipset.py0000664007115300711530000002214613614563155021714 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """The ipset command wrapper""" __all__ = [ "ipset", "check_ipset_name", "remove_default_create_options" ] import os.path from firewall import errors from firewall.errors import FirewallError from firewall.core.prog import runProg from firewall.core.logger import log from firewall.functions import tempFile, readfile from firewall.config import COMMANDS IPSET_MAXNAMELEN = 32 IPSET_TYPES = [ # bitmap and set types are currently not supported # "bitmap:ip", # "bitmap:ip,mac", # "bitmap:port", # "list:set", "hash:ip", "hash:ip,port", "hash:ip,port,ip", "hash:ip,port,net", "hash:ip,mark", "hash:net", "hash:net,net", "hash:net,port", "hash:net,port,net", "hash:net,iface", "hash:mac", ] IPSET_CREATE_OPTIONS = { "family": "inet|inet6", "hashsize": "value", "maxelem": "value", "timeout": "value in secs", #"counters": None, #"comment": None, } IPSET_DEFAULT_CREATE_OPTIONS = { "family": "inet", "hashsize": "1024", "maxelem": "65536", } class ipset(object): """ipset command wrapper class""" def __init__(self): self._command = COMMANDS["ipset"] self.name = "ipset" def __run(self, args): """Call ipset with args""" # convert to string list _args = ["%s" % item for item in args] log.debug2("%s: %s %s", self.__class__, self._command, " ".join(_args)) (status, ret) = runProg(self._command, _args) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(_args), ret)) return ret def check_name(self, name): """Check ipset name""" if len(name) > IPSET_MAXNAMELEN: raise FirewallError(errors.INVALID_NAME, "ipset name '%s' is not valid" % name) def set_supported_types(self): """Return types that are supported by the ipset command and kernel""" ret = [ ] output = "" try: output = self.__run(["--help"]) except ValueError as ex: log.debug1("ipset error: %s" % ex) lines = output.splitlines() in_types = False for line in lines: #print(line) if in_types: splits = line.strip().split(None, 2) if splits[0] not in ret and splits[0] in IPSET_TYPES: ret.append(splits[0]) if line.startswith("Supported set types:"): in_types = True return ret def check_type(self, type_name): """Check ipset type""" if len(type_name) > IPSET_MAXNAMELEN or type_name not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, "ipset type name '%s' is not valid" % type_name) def set_create(self, set_name, type_name, options=None): """Create an ipset with name, type and options""" self.check_name(set_name) self.check_type(type_name) args = [ "create", set_name, type_name ] if isinstance(options, dict): for key, val in options.items(): args.append(key) if val != "": args.append(val) return self.__run(args) def set_destroy(self, set_name): self.check_name(set_name) return self.__run([ "destroy", set_name ]) def set_add(self, set_name, entry): args = [ "add", set_name, entry ] return self.__run(args) def set_delete(self, set_name, entry): args = [ "del", set_name, entry ] return self.__run(args) def test(self, set_name, entry, options=None): args = [ "test", set_name, entry ] if options: args.append("%s" % " ".join(options)) return self.__run(args) def set_list(self, set_name=None, options=None): args = [ "list" ] if set_name: args.append(set_name) if options: args.extend(options) return self.__run(args).split("\n") def set_get_active_terse(self): """ Get active ipsets (only headers) """ lines = self.set_list(options=["-terse"]) ret = { } _name = _type = None _options = { } for line in lines: if len(line) < 1: continue pair = [ x.strip() for x in line.split(":", 1) ] if len(pair) != 2: continue elif pair[0] == "Name": _name = pair[1] elif pair[0] == "Type": _type = pair[1] elif pair[0] == "Header": splits = pair[1].split() i = 0 while i < len(splits): opt = splits[i] if opt in [ "family", "hashsize", "maxelem", "timeout", "netmask" ]: if len(splits) > i: i += 1 _options[opt] = splits[i] else: log.error("Malformed ipset list -terse output: %s", line) return { } i += 1 if _name and _type: ret[_name] = (_type, remove_default_create_options(_options)) _name = _type = None _options.clear() return ret def save(self, set_name=None): args = [ "save" ] if set_name: args.append(set_name) return self.__run(args) def set_restore(self, set_name, type_name, entries, create_options=None, entry_options=None): self.check_name(set_name) self.check_type(type_name) temp_file = tempFile() if ' ' in set_name: set_name = "'%s'" % set_name args = [ "create", set_name, type_name, "-exist" ] if create_options: for key, val in create_options.items(): args.append(key) if val != "": args.append(val) temp_file.write("%s\n" % " ".join(args)) temp_file.write("flush %s\n" % set_name) for entry in entries: if ' ' in entry: entry = "'%s'" % entry if entry_options: temp_file.write("add %s %s %s\n" % \ (set_name, entry, " ".join(entry_options))) else: temp_file.write("add %s %s\n" % (set_name, entry)) temp_file.close() stat = os.stat(temp_file.name) log.debug2("%s: %s restore %s", self.__class__, self._command, "%s: %d" % (temp_file.name, stat.st_size)) args = [ "restore" ] (status, ret) = runProg(self._command, args, stdin=temp_file.name) if log.getDebugLogLevel() > 2: try: readfile(temp_file.name) except Exception: pass else: i = 1 for line in readfile(temp_file.name): log.debug3("%8d: %s" % (i, line), nofmt=1, nl=0) if not line.endswith("\n"): log.debug3("", nofmt=1) i += 1 os.unlink(temp_file.name) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(args), ret)) return ret def set_flush(self, set_name): args = [ "flush" ] if set_name: args.append(set_name) return self.__run(args) def rename(self, old_set_name, new_set_name): return self.__run([ "rename", old_set_name, new_set_name ]) def swap(self, set_name_1, set_name_2): return self.__run([ "swap", set_name_1, set_name_2 ]) def version(self): return self.__run([ "version" ]) def check_ipset_name(name): """Return true if ipset name is valid""" if len(name) > IPSET_MAXNAMELEN: return False return True def remove_default_create_options(options): """ Return only non default create options """ _options = options.copy() for opt in IPSET_DEFAULT_CREATE_OPTIONS: if opt in _options and \ IPSET_DEFAULT_CREATE_OPTIONS[opt] == _options[opt]: del _options[opt] return _options firewalld-0.8.2/src/firewall/core/fw_service.py0000664007115300711530000000314713341016621022710 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallService" ] from firewall import errors from firewall.errors import FirewallError class FirewallService(object): def __init__(self, fw): self._fw = fw self._services = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._services) def cleanup(self): self._services.clear() # zones def get_services(self): return sorted(self._services.keys()) def check_service(self, service): if service not in self._services: raise FirewallError(errors.INVALID_SERVICE, service) def get_service(self, service): self.check_service(service) return self._services[service] def add_service(self, obj): self._services[obj.name] = obj def remove_service(self, service): self.check_service(service) del self._services[service] firewalld-0.8.2/src/firewall/core/fw_policies.py0000664007115300711530000000536313614563155023075 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallPolicies" ] from firewall import config from firewall.core.logger import log from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall import errors from firewall.errors import FirewallError class FirewallPolicies(object): def __init__(self): self._lockdown = False self.lockdown_whitelist = LockdownWhitelist(config.LOCKDOWN_WHITELIST) def __repr__(self): return '%s(%r, %r)' % (self.__class__, self._lockdown, self.lockdown_whitelist) def cleanup(self): self._lockdown = False self.lockdown_whitelist.cleanup() # lockdown def access_check(self, key, value): if key == "context": log.debug2('Doing access check for context "%s"' % value) if self.lockdown_whitelist.match_context(value): log.debug3('context matches.') return True elif key == "uid": log.debug2('Doing access check for uid %d' % value) if self.lockdown_whitelist.match_uid(value): log.debug3('uid matches.') return True elif key == "user": log.debug2('Doing access check for user "%s"' % value) if self.lockdown_whitelist.match_user(value): log.debug3('user matches.') return True elif key == "command": log.debug2('Doing access check for command "%s"' % value) if self.lockdown_whitelist.match_command(value): log.debug3('command matches.') return True return False def enable_lockdown(self): if self._lockdown: raise FirewallError(errors.ALREADY_ENABLED, "enable_lockdown()") self._lockdown = True def disable_lockdown(self): if not self._lockdown: raise FirewallError(errors.NOT_ENABLED, "disable_lockdown()") self._lockdown = False def query_lockdown(self): return self._lockdown firewalld-0.8.2/src/firewall/core/watcher.py0000664007115300711530000000623413371036334022217 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2012-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Watcher" ] from gi.repository import Gio, GLib class Watcher(object): def __init__(self, callback, timeout): self._callback = callback self._timeout = timeout self._monitors = { } self._timeouts = { } self._blocked = [ ] def add_watch_dir(self, directory): gfile = Gio.File.new_for_path(directory) self._monitors[directory] = gfile.monitor_directory(\ Gio.FileMonitorFlags.NONE, None) self._monitors[directory].connect("changed", self._file_changed_cb) def add_watch_file(self, filename): gfile = Gio.File.new_for_path(filename) self._monitors[filename] = gfile.monitor_file(\ Gio.FileMonitorFlags.NONE, None) self._monitors[filename].connect("changed", self._file_changed_cb) def get_watches(self): return self._monitors.keys() def has_watch(self, filename): return filename in self._monitors def remove_watch(self, filename): del self._monitors[filename] def block_source(self, filename): if filename not in self._blocked: self._blocked.append(filename) def unblock_source(self, filename): if filename in self._blocked: self._blocked.remove(filename) def clear_timeouts(self): for filename in list(self._timeouts.keys()): GLib.source_remove(self._timeouts[filename]) del self._timeouts[filename] def _call_callback(self, filename): if filename not in self._blocked: self._callback(filename) del self._timeouts[filename] def _file_changed_cb(self, monitor, gio_file, gio_other_file, event): filename = gio_file.get_parse_name() if filename in self._blocked: if filename in self._timeouts: GLib.source_remove(self._timeouts[filename]) del self._timeouts[filename] return if event == Gio.FileMonitorEvent.CHANGED or \ event == Gio.FileMonitorEvent.CREATED or \ event == Gio.FileMonitorEvent.DELETED or \ event == Gio.FileMonitorEvent.ATTRIBUTE_CHANGED: if filename in self._timeouts: GLib.source_remove(self._timeouts[filename]) del self._timeouts[filename] self._timeouts[filename] = GLib.timeout_add_seconds(\ self._timeout, self._call_callback, filename) firewalld-0.8.2/src/firewall/core/fw_ipset.py0000664007115300711530000002171113641105765022404 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ipset backend""" __all__ = [ "FirewallIPSet" ] from firewall.core.logger import log from firewall.core.ipset import remove_default_create_options as rm_def_cr_opts from firewall.core.io.ipset import IPSet from firewall import errors from firewall.errors import FirewallError class FirewallIPSet(object): def __init__(self, fw): self._fw = fw self._ipsets = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._ipsets) # ipsets def cleanup(self): self._ipsets.clear() def check_ipset(self, name): if name not in self.get_ipsets(): raise FirewallError(errors.INVALID_IPSET, name) def query_ipset(self, name): return name in self.get_ipsets() def get_ipsets(self): return sorted(self._ipsets.keys()) def has_ipsets(self): return len(self._ipsets) > 0 def get_ipset(self, name, applied=False): self.check_ipset(name) obj = self._ipsets[name] if applied: self.check_applied_obj(obj) return obj def backends(self): backends = [] if self._fw.nftables_enabled: backends.append(self._fw.nftables_backend) if self._fw.ipset_enabled: backends.append(self._fw.ipset_backend) return backends def add_ipset(self, obj): if obj.type not in self._fw.ipset_supported_types: raise FirewallError(errors.INVALID_TYPE, "'%s' is not supported by ipset." % obj.type) self._ipsets[obj.name] = obj def remove_ipset(self, name, keep=False): obj = self._ipsets[name] if obj.applied and not keep: try: for backend in self.backends(): backend.set_destroy(name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: log.debug1("Keeping ipset '%s' because of timeout option", name) del self._ipsets[name] def apply_ipset(self, name): obj = self._ipsets[name] for backend in self.backends(): if backend.name == "ipset": active = backend.set_get_active_terse() if name in active and ("timeout" not in obj.options or \ obj.options["timeout"] == "0" or \ obj.type != active[name][0] or \ rm_def_cr_opts(obj.options) != \ active[name][1]): try: backend.set_destroy(name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) if self._fw.individual_calls(): try: backend.set_create(obj.name, obj.type, obj.options) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True if "timeout" in obj.options and \ obj.options["timeout"] != "0": # no entries visible for ipsets with timeout continue for entry in obj.entries: try: backend.set_add(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: try: backend.set_restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True def apply_ipsets(self): for name in self.get_ipsets(): obj = self._ipsets[name] obj.applied = False log.debug1("Applying ipset '%s'" % name) self.apply_ipset(name) def flush(self): for backend in self.backends(): # nftables sets are part of the normal firewall ruleset. if backend.name == "nftables": continue for ipset in self.get_ipsets(): try: self.check_applied(ipset) backend.set_destroy(ipset) except FirewallError as msg: if msg.code != errors.NOT_APPLIED: raise msg # TYPE def get_type(self, name): return self.get_ipset(name, applied=True).type # DIMENSION def get_dimension(self, name): return len(self.get_ipset(name, applied=True).type.split(",")) def check_applied(self, name): obj = self.get_ipset(name) self.check_applied_obj(obj) def check_applied_obj(self, obj): if not obj.applied: raise FirewallError( errors.NOT_APPLIED, obj.name) # OPTIONS def get_family(self, name): obj = self.get_ipset(name, applied=True) if "family" in obj.options: if obj.options["family"] == "inet6": return "ipv6" return "ipv4" # ENTRIES def add_entry(self, name, entry): obj = self.get_ipset(name, applied=True) IPSet.check_entry(entry, obj.options, obj.type) if entry in obj.entries: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already is in '%s'" % (entry, name)) try: for backend in self.backends(): backend.set_add(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: if "timeout" not in obj.options or obj.options["timeout"] == "0" \ and entry not in obj.entries: # no entries visible for ipsets with timeout obj.entries.append(entry) def remove_entry(self, name, entry): obj = self.get_ipset(name, applied=True) # no entry check for removal if entry not in obj.entries: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (entry, name)) try: for backend in self.backends(): backend.set_delete(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: if "timeout" not in obj.options or obj.options["timeout"] == "0" \ and entry not in obj.entries: # no entries visible for ipsets with timeout obj.entries.remove(entry) def query_entry(self, name, entry): obj = self.get_ipset(name, applied=True) if "timeout" in obj.options and obj.options["timeout"] != "0": # no entries visible for ipsets with timeout raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) return entry in obj.entries def get_entries(self, name): obj = self.get_ipset(name, applied=True) return obj.entries def set_entries(self, name, entries): obj = self.get_ipset(name, applied=True) for entry in entries: IPSet.check_entry(entry, obj.options, obj.type) if "timeout" not in obj.options or obj.options["timeout"] == "0": # no entries visible for ipsets with timeout obj.entries = entries try: for backend in self.backends(): backend.set_flush(obj.name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True try: for backend in self.backends(): if self._fw.individual_calls(): for entry in obj.entries: backend.set_add(obj.name, entry) else: backend.set_restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True return firewalld-0.8.2/src/firewall/core/fw_helper.py0000664007115300711530000000345113341016621022525 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """helper backend""" __all__ = [ "FirewallHelper" ] from firewall import errors from firewall.errors import FirewallError class FirewallHelper(object): def __init__(self, fw): self._fw = fw self._helpers = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._helpers) # helpers def cleanup(self): self._helpers.clear() def check_helper(self, name): if name not in self.get_helpers(): raise FirewallError(errors.INVALID_HELPER, name) def query_helper(self, name): return name in self.get_helpers() def get_helpers(self): return sorted(self._helpers.keys()) def has_helpers(self): return len(self._helpers) > 0 def get_helper(self, name): self.check_helper(name) return self._helpers[name] def add_helper(self, obj): self._helpers[obj.name] = obj def remove_helper(self, name): if name not in self._helpers: raise FirewallError(errors.INVALID_HELPER, name) del self._helpers[name] firewalld-0.8.2/src/firewall/__init__.py0000664007115300711530000000000013341016621021344 0ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/config/0000775007115300711530000000000013641123257020521 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/firewall/config/dbus.py0000664007115300711530000000455413620317435022040 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011,2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # DBUS_INTERFACE_VERSION = 1 DBUS_INTERFACE_REVISION = 13 DBUS_INTERFACE = "org.fedoraproject.FirewallD%d" % DBUS_INTERFACE_VERSION DBUS_INTERFACE_ZONE = DBUS_INTERFACE+".zone" DBUS_INTERFACE_DIRECT = DBUS_INTERFACE+".direct" DBUS_INTERFACE_POLICIES = DBUS_INTERFACE+".policies" DBUS_INTERFACE_IPSET = DBUS_INTERFACE+".ipset" DBUS_INTERFACE_CONFIG = DBUS_INTERFACE+".config" DBUS_INTERFACE_CONFIG_ZONE = DBUS_INTERFACE_CONFIG+".zone" DBUS_INTERFACE_CONFIG_SERVICE = DBUS_INTERFACE_CONFIG+".service" DBUS_INTERFACE_CONFIG_ICMPTYPE = DBUS_INTERFACE_CONFIG+".icmptype" DBUS_INTERFACE_CONFIG_POLICIES = DBUS_INTERFACE_CONFIG+".policies" DBUS_INTERFACE_CONFIG_DIRECT = DBUS_INTERFACE_CONFIG+".direct" DBUS_INTERFACE_CONFIG_IPSET = DBUS_INTERFACE_CONFIG+".ipset" DBUS_INTERFACE_CONFIG_HELPER = DBUS_INTERFACE_CONFIG+".helper" DBUS_PATH = "/org/fedoraproject/FirewallD%d" % DBUS_INTERFACE_VERSION DBUS_PATH_CONFIG = DBUS_PATH+"/config" DBUS_PATH_CONFIG_ICMPTYPE = DBUS_PATH+"/config/icmptype" DBUS_PATH_CONFIG_SERVICE = DBUS_PATH+"/config/service" DBUS_PATH_CONFIG_ZONE = DBUS_PATH+"/config/zone" DBUS_PATH_CONFIG_IPSET = DBUS_PATH+"/config/ipset" DBUS_PATH_CONFIG_HELPER = DBUS_PATH+"/config/helper" # Polkit actions _PK_ACTION = "org.fedoraproject.FirewallD%d" % DBUS_INTERFACE_VERSION PK_ACTION_POLICIES = _PK_ACTION+".policies" PK_ACTION_POLICIES_INFO = PK_ACTION_POLICIES+".info" PK_ACTION_CONFIG = _PK_ACTION+".config" PK_ACTION_CONFIG_INFO = PK_ACTION_CONFIG+".info" PK_ACTION_DIRECT = _PK_ACTION+".direct" PK_ACTION_DIRECT_INFO = PK_ACTION_DIRECT+".info" PK_ACTION_INFO = _PK_ACTION+".info" PK_ACTION_ALL = _PK_ACTION+".all" # implies all other actions firewalld-0.8.2/src/firewall/config/__init__.py0000664007115300711530000001111713641123204022623 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2007-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import absolute_import # translation import locale try: locale.setlocale(locale.LC_ALL, "") except locale.Error: import os os.environ['LC_ALL'] = 'C' locale.setlocale(locale.LC_ALL, "") DOMAIN = 'firewalld' import gettext gettext.install(domain=DOMAIN) from . import dbus # noqa: F401 # configuration DAEMON_NAME = 'firewalld' CONFIG_NAME = 'firewall-config' APPLET_NAME = 'firewall-applet' DATADIR = '/usr/share/' + DAEMON_NAME CONFIG_GLADE_NAME = CONFIG_NAME + '.glade' COPYRIGHT = '(C) 2010-2017 Red Hat, Inc.' VERSION = '0.8.2' AUTHORS = [ "Thomas Woerner ", "Jiri Popelka ", "Eric Garver ", ] LICENSE = gettext.gettext( "This program is free software; you can redistribute it and/or modify " "it under the terms of the GNU General Public License as published by " "the Free Software Foundation; either version 2 of the License, or " "(at your option) any later version.\n" "\n" "This program is distributed in the hope that it will be useful, " "but WITHOUT ANY WARRANTY; without even the implied warranty of " "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the " "GNU General Public License for more details.\n" "\n" "You should have received a copy of the GNU General Public License " "along with this program. If not, see .") WEBSITE = 'http://www.firewalld.org' def set_system_config_paths(path): global ETC_FIREWALLD, FIREWALLD_CONF, ETC_FIREWALLD_ZONES, \ ETC_FIREWALLD_SERVICES, ETC_FIREWALLD_ICMPTYPES, \ ETC_FIREWALLD_IPSETS, ETC_FIREWALLD_HELPERS, \ FIREWALLD_DIRECT, LOCKDOWN_WHITELIST ETC_FIREWALLD = path FIREWALLD_CONF = path + '/firewalld.conf' ETC_FIREWALLD_ZONES = path + '/zones' ETC_FIREWALLD_SERVICES = path + '/services' ETC_FIREWALLD_ICMPTYPES = path + '/icmptypes' ETC_FIREWALLD_IPSETS = path + '/ipsets' ETC_FIREWALLD_HELPERS = path + '/helpers' FIREWALLD_DIRECT = path + '/direct.xml' LOCKDOWN_WHITELIST = path + '/lockdown-whitelist.xml' set_system_config_paths('/etc/firewalld') def set_default_config_paths(path): global USR_LIB_FIREWALLD, FIREWALLD_ZONES, FIREWALLD_SERVICES, \ FIREWALLD_ICMPTYPES, FIREWALLD_IPSETS, FIREWALLD_HELPERS USR_LIB_FIREWALLD = path FIREWALLD_ZONES = path + '/zones' FIREWALLD_SERVICES = path + '/services' FIREWALLD_ICMPTYPES = path + '/icmptypes' FIREWALLD_IPSETS = path + '/ipsets' FIREWALLD_HELPERS = path + '/helpers' set_default_config_paths('/usr/lib/firewalld') FIREWALLD_LOGFILE = '/var/log/firewalld' FIREWALLD_PIDFILE = "/var/run/firewalld.pid" FIREWALLD_TEMPDIR = '/run/firewalld' SYSCONFIGDIR = '/etc/sysconfig' IFCFGDIR = "/etc/sysconfig/network-scripts" SYSCTL_CONFIG = '/etc/sysctl.conf' # commands used by backends COMMANDS = { "ipv4": "/usr/sbin/iptables", "ipv4-restore": "/usr/sbin/iptables-restore", "ipv6": "/usr/sbin/ip6tables", "ipv6-restore": "/usr/sbin/ip6tables-restore", "eb": "/usr/sbin/ebtables", "eb-restore": "/usr/sbin/ebtables-restore", "ipset": "/usr/sbin/ipset", "modprobe": "/usr/sbin/modprobe", "rmmod": "/usr/sbin/rmmod", } LOG_DENIED_VALUES = [ "all", "unicast", "broadcast", "multicast", "off" ] AUTOMATIC_HELPERS_VALUES = [ "yes", "no", "system" ] FIREWALL_BACKEND_VALUES = [ "nftables", "iptables" ] # fallbacks: will be overloaded by firewalld.conf FALLBACK_ZONE = "public" FALLBACK_MINIMAL_MARK = 100 FALLBACK_CLEANUP_ON_EXIT = True FALLBACK_LOCKDOWN = False FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "no" FALLBACK_FIREWALL_BACKEND = "nftables" FALLBACK_FLUSH_ALL_ON_RELOAD = True FALLBACK_RFC3964_IPV4 = True FALLBACK_ALLOW_ZONE_DRIFTING = False firewalld-0.8.2/src/firewall/config/__init__.py.in0000664007115300711530000001077713630022170023241 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2007-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import absolute_import # translation import locale try: locale.setlocale(locale.LC_ALL, "") except locale.Error: import os os.environ['LC_ALL'] = 'C' locale.setlocale(locale.LC_ALL, "") DOMAIN = 'firewalld' import gettext gettext.install(domain=DOMAIN) from . import dbus # noqa: F401 # configuration DAEMON_NAME = 'firewalld' CONFIG_NAME = 'firewall-config' APPLET_NAME = 'firewall-applet' DATADIR = '/usr/share/' + DAEMON_NAME CONFIG_GLADE_NAME = CONFIG_NAME + '.glade' COPYRIGHT = '(C) 2010-2017 Red Hat, Inc.' VERSION = '@PACKAGE_VERSION@' AUTHORS = [ "Thomas Woerner ", "Jiri Popelka ", "Eric Garver ", ] LICENSE = gettext.gettext( "This program is free software; you can redistribute it and/or modify " "it under the terms of the GNU General Public License as published by " "the Free Software Foundation; either version 2 of the License, or " "(at your option) any later version.\n" "\n" "This program is distributed in the hope that it will be useful, " "but WITHOUT ANY WARRANTY; without even the implied warranty of " "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the " "GNU General Public License for more details.\n" "\n" "You should have received a copy of the GNU General Public License " "along with this program. If not, see .") WEBSITE = 'http://www.firewalld.org' def set_system_config_paths(path): global ETC_FIREWALLD, FIREWALLD_CONF, ETC_FIREWALLD_ZONES, \ ETC_FIREWALLD_SERVICES, ETC_FIREWALLD_ICMPTYPES, \ ETC_FIREWALLD_IPSETS, ETC_FIREWALLD_HELPERS, \ FIREWALLD_DIRECT, LOCKDOWN_WHITELIST ETC_FIREWALLD = path FIREWALLD_CONF = path + '/firewalld.conf' ETC_FIREWALLD_ZONES = path + '/zones' ETC_FIREWALLD_SERVICES = path + '/services' ETC_FIREWALLD_ICMPTYPES = path + '/icmptypes' ETC_FIREWALLD_IPSETS = path + '/ipsets' ETC_FIREWALLD_HELPERS = path + '/helpers' FIREWALLD_DIRECT = path + '/direct.xml' LOCKDOWN_WHITELIST = path + '/lockdown-whitelist.xml' set_system_config_paths('/etc/firewalld') def set_default_config_paths(path): global USR_LIB_FIREWALLD, FIREWALLD_ZONES, FIREWALLD_SERVICES, \ FIREWALLD_ICMPTYPES, FIREWALLD_IPSETS, FIREWALLD_HELPERS USR_LIB_FIREWALLD = path FIREWALLD_ZONES = path + '/zones' FIREWALLD_SERVICES = path + '/services' FIREWALLD_ICMPTYPES = path + '/icmptypes' FIREWALLD_IPSETS = path + '/ipsets' FIREWALLD_HELPERS = path + '/helpers' set_default_config_paths('/usr/lib/firewalld') FIREWALLD_LOGFILE = '/var/log/firewalld' FIREWALLD_PIDFILE = "/var/run/firewalld.pid" FIREWALLD_TEMPDIR = '/run/firewalld' SYSCONFIGDIR = '/etc/sysconfig' IFCFGDIR = "@IFCFGDIR@" SYSCTL_CONFIG = '/etc/sysctl.conf' # commands used by backends COMMANDS = { "ipv4": "@IPTABLES@", "ipv4-restore": "@IPTABLES_RESTORE@", "ipv6": "@IP6TABLES@", "ipv6-restore": "@IP6TABLES_RESTORE@", "eb": "@EBTABLES@", "eb-restore": "@EBTABLES_RESTORE@", "ipset": "@IPSET@", "modprobe": "@MODPROBE@", "rmmod": "@RMMOD@", } LOG_DENIED_VALUES = [ "all", "unicast", "broadcast", "multicast", "off" ] AUTOMATIC_HELPERS_VALUES = [ "yes", "no", "system" ] FIREWALL_BACKEND_VALUES = [ "nftables", "iptables" ] # fallbacks: will be overloaded by firewalld.conf FALLBACK_ZONE = "public" FALLBACK_MINIMAL_MARK = 100 FALLBACK_CLEANUP_ON_EXIT = True FALLBACK_LOCKDOWN = False FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "no" FALLBACK_FIREWALL_BACKEND = "nftables" FALLBACK_FLUSH_ALL_ON_RELOAD = True FALLBACK_RFC3964_IPV4 = True FALLBACK_ALLOW_ZONE_DRIFTING = False firewalld-0.8.2/src/firewall/errors.py0000664007115300711530000001031013641105304021126 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ALREADY_ENABLED = 11 NOT_ENABLED = 12 COMMAND_FAILED = 13 NO_IPV6_NAT = 14 PANIC_MODE = 15 ZONE_ALREADY_SET = 16 UNKNOWN_INTERFACE = 17 ZONE_CONFLICT = 18 BUILTIN_CHAIN = 19 EBTABLES_NO_REJECT = 20 NOT_OVERLOADABLE = 21 NO_DEFAULTS = 22 BUILTIN_ZONE = 23 BUILTIN_SERVICE = 24 BUILTIN_ICMPTYPE = 25 NAME_CONFLICT = 26 NAME_MISMATCH = 27 PARSE_ERROR = 28 ACCESS_DENIED = 29 UNKNOWN_SOURCE = 30 RT_TO_PERM_FAILED = 31 IPSET_WITH_TIMEOUT = 32 BUILTIN_IPSET = 33 ALREADY_SET = 34 MISSING_IMPORT = 35 DBUS_ERROR = 36 BUILTIN_HELPER = 37 NOT_APPLIED = 38 INVALID_ACTION = 100 INVALID_SERVICE = 101 INVALID_PORT = 102 INVALID_PROTOCOL = 103 INVALID_INTERFACE = 104 INVALID_ADDR = 105 INVALID_FORWARD = 106 INVALID_ICMPTYPE = 107 INVALID_TABLE = 108 INVALID_CHAIN = 109 INVALID_TARGET = 110 INVALID_IPV = 111 INVALID_ZONE = 112 INVALID_PROPERTY = 113 INVALID_VALUE = 114 INVALID_OBJECT = 115 INVALID_NAME = 116 INVALID_FILENAME = 117 INVALID_DIRECTORY = 118 INVALID_TYPE = 119 INVALID_SETTING = 120 INVALID_DESTINATION = 121 INVALID_RULE = 122 INVALID_LIMIT = 123 INVALID_FAMILY = 124 INVALID_LOG_LEVEL = 125 INVALID_AUDIT_TYPE = 126 INVALID_MARK = 127 INVALID_CONTEXT = 128 INVALID_COMMAND = 129 INVALID_USER = 130 INVALID_UID = 131 INVALID_MODULE = 132 INVALID_PASSTHROUGH = 133 INVALID_MAC = 134 INVALID_IPSET = 135 INVALID_ENTRY = 136 INVALID_OPTION = 137 INVALID_HELPER = 138 INVALID_PRIORITY = 139 MISSING_TABLE = 200 MISSING_CHAIN = 201 MISSING_PORT = 202 MISSING_PROTOCOL = 203 MISSING_ADDR = 204 MISSING_NAME = 205 MISSING_SETTING = 206 MISSING_FAMILY = 207 RUNNING_BUT_FAILED = 251 NOT_RUNNING = 252 NOT_AUTHORIZED = 253 UNKNOWN_ERROR = 254 import sys class FirewallError(Exception): def __init__(self, code, msg=None): self.code = code if msg is not None: # escape msg if needed if sys.version < '3': try: x = str(msg) # noqa: F841 except UnicodeEncodeError: msg = unicode(msg).encode("unicode_escape") # noqa: F821 self.msg = msg def __repr__(self): return '%s(%r, %r)' % (self.__class__, self.code, self.msg) def __str__(self): if self.msg: return "%s: %s" % (self.errors[self.code], self.msg) return self.errors[self.code] def get_code(msg): if ":" in msg: idx = msg.index(":") ecode = msg[:idx] else: ecode = msg try: code = FirewallError.codes[ecode] except KeyError: code = UNKNOWN_ERROR return code get_code = staticmethod(get_code) mod = sys.modules[FirewallError.__module__] FirewallError.errors = { getattr(mod,varname) : varname for varname in dir(mod) if not varname.startswith("_") and \ type(getattr(mod,varname)) == int } FirewallError.codes = { FirewallError.errors[code] : code for code in FirewallError.errors } firewalld-0.8.2/src/firewall/command.py0000664007115300711530000005473113626005156021256 0ustar00egarveregarver00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """FirewallCommand class for command line client simplification""" __all__ = [ "FirewallCommand" ] import sys from firewall import errors from firewall.errors import FirewallError from dbus.exceptions import DBusException from firewall.functions import checkIPnMask, checkIP6nMask, check_mac, \ check_port, check_single_address class FirewallCommand(object): def __init__(self, quiet=False, verbose=False): self.quiet = quiet self.verbose = verbose self.__use_exception_handler = True self.fw = None def set_fw(self, fw): self.fw = fw def set_quiet(self, flag): self.quiet = flag def get_quiet(self): return self.quiet def set_verbose(self, flag): self.verbose = flag def get_verbose(self): return self.verbose def print_msg(self, msg=None): if msg is not None and not self.quiet: sys.stdout.write(msg + "\n") def print_error_msg(self, msg=None): if msg is not None and not self.quiet: sys.stderr.write(msg + "\n") def print_warning(self, msg=None): FAIL = '\033[91m' END = '\033[00m' if sys.stderr.isatty(): msg = FAIL + msg + END self.print_error_msg(msg) def print_and_exit(self, msg=None, exit_code=0): #OK = '\033[92m' #END = '\033[00m' if exit_code > 1: self.print_warning(msg) else: #if sys.stdout.isatty(): # msg = OK + msg + END self.print_msg(msg) sys.exit(exit_code) def fail(self, msg=None): self.print_and_exit(msg, 2) def print_if_verbose(self, msg=None): if msg is not None and self.verbose: sys.stdout.write(msg + "\n") def __cmd_sequence(self, cmd_type, option, action_method, query_method, # pylint: disable=W0613, R0913, R0914 parse_method, message, start_args=None, end_args=None, # pylint: disable=W0613 no_exit=False): if self.fw is not None: self.fw.authorizeAll() items = [ ] _errors = 0 _error_codes = [ ] for item in option: if parse_method is not None: try: item = parse_method(item) except Exception as msg: code = FirewallError.get_code(str(msg)) if len(option) > 1: self.print_warning("Warning: %s" % msg) else: self.print_and_exit("Error: %s" % msg, code) if code not in _error_codes: _error_codes.append(code) _errors += 1 continue items.append(item) for item in items: call_item = [ ] if start_args is not None: call_item += start_args if not isinstance(item, list) and not isinstance(item, tuple): call_item.append(item) else: call_item += item if end_args is not None: call_item += end_args self.deactivate_exception_handler() try: action_method(*call_item) except (DBusException, Exception) as msg: if isinstance(msg, DBusException): self.fail_if_not_authorized(msg.get_dbus_name()) msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: code = 0 if len(option) > 1: self.print_warning("Warning: %s" % msg) elif code == 0: self.print_warning("Warning: %s" % msg) return else: self.print_and_exit("Error: %s" % msg, code) if code not in _error_codes: _error_codes.append(code) _errors += 1 self.activate_exception_handler() if not no_exit: if len(option) > _errors or 0 in _error_codes: # There have been more options than errors or there # was at least one error code 0, return. return elif len(_error_codes) == 1: # Exactly one error code, use it. sys.exit(_error_codes[0]) elif len(_error_codes) > 1: # There is more than error, exit using # UNKNOWN_ERROR. This could happen within sequences # where parsing failed with different errors like # INVALID_PORT and INVALID_PROTOCOL. sys.exit(errors.UNKNOWN_ERROR) def add_sequence(self, option, action_method, query_method, parse_method, # pylint: disable=R0913 message, no_exit=False): self.__cmd_sequence("add", option, action_method, query_method, parse_method, message, no_exit=no_exit) def x_add_sequence(self, x, option, action_method, query_method, # pylint: disable=R0913 parse_method, message, no_exit=False): self.__cmd_sequence("add", option, action_method, query_method, parse_method, message, start_args=[x], no_exit=no_exit) def zone_add_timeout_sequence(self, zone, option, action_method, # pylint: disable=R0913 query_method, parse_method, message, timeout, no_exit=False): self.__cmd_sequence("add", option, action_method, query_method, parse_method, message, start_args=[zone], end_args=[timeout], no_exit=no_exit) def remove_sequence(self, option, action_method, query_method, # pylint: disable=R0913 parse_method, message, no_exit=False): self.__cmd_sequence("remove", option, action_method, query_method, parse_method, message, no_exit=no_exit) def x_remove_sequence(self, x, option, action_method, query_method, # pylint: disable=R0913 parse_method, message, no_exit=False): self.__cmd_sequence("remove", option, action_method, query_method, parse_method, message, start_args=[x], no_exit=no_exit) def __query_sequence(self, option, query_method, parse_method, message, # pylint: disable=R0913 start_args=None, no_exit=False): items = [ ] for item in option: if parse_method is not None: try: item = parse_method(item) except Exception as msg: if len(option) > 1: self.print_warning("Warning: %s" % msg) continue else: code = FirewallError.get_code(str(msg)) self.print_and_exit("Error: %s" % msg, code) items.append(item) for item in items: call_item = [ ] if start_args is not None: call_item += start_args if not isinstance(item, list) and not isinstance(item, tuple): call_item.append(item) else: call_item += item self.deactivate_exception_handler() try: res = query_method(*call_item) except DBusException as msg: self.fail_if_not_authorized(msg.get_dbus_name()) code = FirewallError.get_code(msg.get_dbus_message()) if len(option) > 1: self.print_warning("Warning: %s" % msg.get_dbus_message()) continue else: self.print_and_exit("Error: %s" % msg.get_dbus_message(), code) except Exception as msg: code = FirewallError.get_code(str(msg)) if len(option) > 1: self.print_warning("Warning: %s" % msg) else: self.print_and_exit("Error: %s" % msg, code) self.activate_exception_handler() if len(option) > 1: self.print_msg("%s: %s" % (message % item, ("no", "yes")[res])) else: self.print_query_result(res) if not no_exit: sys.exit(0) def query_sequence(self, option, query_method, parse_method, message, # pylint: disable=R0913 no_exit=False): self.__query_sequence(option, query_method, parse_method, message, no_exit=no_exit) def x_query_sequence(self, x, option, query_method, parse_method, # pylint: disable=R0913 message, no_exit=False): self.__query_sequence(option, query_method, parse_method, message, start_args=[x], no_exit=no_exit) def parse_source(self, value): if not checkIPnMask(value) and not checkIP6nMask(value) \ and not check_mac(value) and not \ (value.startswith("ipset:") and len(value) > 6): raise FirewallError(errors.INVALID_ADDR, "'%s' is no valid IPv4, IPv6 or MAC address, nor an ipset" % value) return value def parse_port(self, value, separator="/"): try: (port, proto) = value.split(separator) except ValueError: raise FirewallError(errors.INVALID_PORT, "bad port (most likely " "missing protocol), correct syntax is " "portid[-portid]%sprotocol" % separator) if not check_port(port): raise FirewallError(errors.INVALID_PORT, port) if proto not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \ proto) return (port, proto) def parse_forward_port(self, value, compat=False): port = None protocol = None toport = None toaddr = None i = 0 while ("=" in value[i:]): opt = value[i:].split("=", 1)[0] i += len(opt) + 1 if "=" in value[i:]: val = value[i:].split(":", 1)[0] else: val = value[i:] i += len(val) + 1 if opt == "port": port = val elif opt == "proto": protocol = val elif opt == "toport": toport = val elif opt == "toaddr": toaddr = val elif opt == "if" and compat: # ignore if option in compat mode pass else: raise FirewallError(errors.INVALID_FORWARD, "invalid forward port arg '%s'" % (opt)) if not port: raise FirewallError(errors.INVALID_FORWARD, "missing port") if not protocol: raise FirewallError(errors.INVALID_FORWARD, "missing protocol") if not (toport or toaddr): raise FirewallError(errors.INVALID_FORWARD, "missing destination") if not check_port(port): raise FirewallError(errors.INVALID_PORT, port) if protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \ protocol) if toport and not check_port(toport): raise FirewallError(errors.INVALID_PORT, toport) if toaddr and not check_single_address("ipv4", toaddr): if compat or not check_single_address("ipv6", toaddr): raise FirewallError(errors.INVALID_ADDR, toaddr) return (port, protocol, toport, toaddr) def parse_ipset_option(self, value): args = value.split("=") if len(args) == 1: return (args[0], "") elif len(args) == 2: return args else: raise FirewallError(errors.INVALID_OPTION, "invalid ipset option '%s'" % (value)) def check_destination_ipv(self, value): ipvs = [ "ipv4", "ipv6", ] if value not in ipvs: raise FirewallError(errors.INVALID_IPV, "invalid argument: %s (choose from '%s')" % \ (value, "', '".join(ipvs))) return value def parse_service_destination(self, value): try: (ipv, destination) = value.split(":", 1) except ValueError: raise FirewallError(errors.INVALID_DESTINATION, "destination syntax is ipv:address[/mask]") return (self.check_destination_ipv(ipv), destination) def check_ipv(self, value): ipvs = [ "ipv4", "ipv6", "eb" ] if value not in ipvs: raise FirewallError(errors.INVALID_IPV, "invalid argument: %s (choose from '%s')" % \ (value, "', '".join(ipvs))) return value def check_helper_family(self, value): ipvs = [ "", "ipv4", "ipv6" ] if value not in ipvs: raise FirewallError(errors.INVALID_IPV, "invalid argument: %s (choose from '%s')" % \ (value, "', '".join(ipvs))) return value def check_module(self, value): if not value.startswith("nf_conntrack_"): raise FirewallError( errors.INVALID_MODULE, "'%s' does not start with 'nf_conntrack_'" % value) if len(value.replace("nf_conntrack_", "")) < 1: raise FirewallError(errors.INVALID_MODULE, "Module name '%s' too short" % value) return value def print_zone_info(self, zone, settings, default_zone=None, extra_interfaces=[]): # pylint: disable=R0914 target = settings.getTarget() icmp_block_inversion = settings.getIcmpBlockInversion() interfaces = sorted(set(settings.getInterfaces() + extra_interfaces)) sources = settings.getSources() services = settings.getServices() ports = settings.getPorts() protocols = settings.getProtocols() masquerade = settings.getMasquerade() forward_ports = settings.getForwardPorts() source_ports = settings.getSourcePorts() icmp_blocks = settings.getIcmpBlocks() rules = settings.getRichRules() description = settings.getDescription() short_description = settings.getShort() def rich_rule_sorted_key(rule): priority = 0 search_str = "priority=" try: i = rule.index(search_str) except ValueError: pass else: i += len(search_str) priority = int(rule[i:i+(rule[i:].index(" "))].replace("\"", "")) return priority attributes = [] if default_zone is not None: if zone == default_zone: attributes.append("default") if interfaces or sources: attributes.append("active") if attributes: zone = zone + " (%s)" % ", ".join(attributes) self.print_msg(zone) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" target: " + target) self.print_msg(" icmp-block-inversion: %s" % \ ("yes" if icmp_block_inversion else "no")) self.print_msg(" interfaces: " + " ".join(interfaces)) self.print_msg(" sources: " + " ".join(sources)) self.print_msg(" services: " + " ".join(sorted(services))) self.print_msg(" ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in ports])) self.print_msg(" protocols: " + " ".join(sorted(protocols))) self.print_msg(" masquerade: %s" % ("yes" if masquerade else "no")) self.print_msg(" forward-ports: " + "\n\t".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \ (port, proto, toport, toaddr) for (port, proto, toport, toaddr) in \ forward_ports])) self.print_msg(" source-ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in source_ports])) self.print_msg(" icmp-blocks: " + " ".join(icmp_blocks)) self.print_msg(" rich rules: \n\t" + "\n\t".join( sorted(rules, key=rich_rule_sorted_key))) def print_service_info(self, service, settings): ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() description = settings.getDescription() destinations = settings.getDestinations() short_description = settings.getShort() includes = settings.getIncludes() helpers = settings.getHelpers() self.print_msg(service) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in ports])) self.print_msg(" protocols: " + " ".join(protocols)) self.print_msg(" source-ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in source_ports])) self.print_msg(" modules: " + " ".join(modules)) self.print_msg(" destination: " + " ".join(["%s:%s" % (k, v) for k, v in destinations.items()])) self.print_msg(" includes: " + " ".join(sorted(includes))) self.print_msg(" helpers: " + " ".join(sorted(helpers))) def print_icmptype_info(self, icmptype, settings): destinations = settings.getDestinations() description = settings.getDescription() short_description = settings.getShort() if len(destinations) == 0: destinations = [ "ipv4", "ipv6" ] self.print_msg(icmptype) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" destination: " + " ".join(destinations)) def print_ipset_info(self, ipset, settings): ipset_type = settings.getType() options = settings.getOptions() entries = settings.getEntries() description = settings.getDescription() short_description = settings.getShort() self.print_msg(ipset) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" type: " + ipset_type) self.print_msg(" options: " + " ".join(["%s=%s" % (k, v) if v else k for k, v in options.items()])) self.print_msg(" entries: " + " ".join(entries)) def print_helper_info(self, helper, settings): ports = settings.getPorts() module = settings.getModule() family = settings.getFamily() description = settings.getDescription() short_description = settings.getShort() self.print_msg(helper) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" family: " + family) self.print_msg(" module: " + module) self.print_msg(" ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in ports])) def print_query_result(self, value): if value: self.print_and_exit("yes") else: self.print_and_exit("no", 1) def exception_handler(self, exception_message): if not self.__use_exception_handler: raise self.fail_if_not_authorized(exception_message) code = FirewallError.get_code(str(exception_message)) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: self.print_warning("Warning: %s" % exception_message) else: self.print_and_exit("Error: %s" % exception_message, code) def fail_if_not_authorized(self, exception_message): if "NotAuthorizedException" in exception_message: msg = """Authorization failed. Make sure polkit agent is running or run the application as superuser.""" self.print_and_exit(msg, errors.NOT_AUTHORIZED) def deactivate_exception_handler(self): self.__use_exception_handler = False def activate_exception_handler(self): self.__use_exception_handler = True def get_ipset_entries_from_file(self, filename): entries = [ ] entries_set = set() f = open(filename) for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue if line not in entries_set: entries.append(line) entries_set.add(line) f.close() return entries firewalld-0.8.2/src/firewalld.in0000775007115300711530000001555413641105304017756 0ustar00egarveregarver00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # python fork magic derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Dan Walsh import os import sys import dbus import traceback import argparse from firewall import config from firewall.functions import firewalld_is_active from firewall.core.logger import log, FileLog def parse_cmdline(): parser = argparse.ArgumentParser() parser.add_argument('--debug', nargs='?', const=1, default=0, type=int, choices=range(1, log.DEBUG_MAX+1), help="""Enable logging of debug messages. Additional argument in range 1..%s can be used to specify log level.""" % log.DEBUG_MAX, metavar="level") parser.add_argument('--debug-gc', help="""Turn on garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks.""", action="store_true") parser.add_argument('--nofork', help="""Turn off daemon forking, run as a foreground process.""", action="store_true") parser.add_argument('--nopid', help="""Disable writing pid file and don't check for existing server process.""", action="store_true") parser.add_argument('--system-config', help="""Path to firewalld system configuration""", metavar="path") parser.add_argument('--default-config', help="""Path to firewalld default configuration""", metavar="path") parser.add_argument('--log-file', help="""Path to firewalld log file""", metavar="path") return parser.parse_args() def setup_logging(args): # Set up logging capabilities log.setDateFormat("%Y-%m-%d %H:%M:%S") log.setFormat("%(date)s %(label)s%(message)s") log.setInfoLogging("*", log.syslog, [ log.FATAL, log.ERROR, log.WARNING ], fmt="%(label)s%(message)s") log.setDebugLogLevel(log.NO_INFO) log.setDebugLogLevel(log.NO_DEBUG) if args.debug: log.setInfoLogLevel(log.INFO_MAX) log.setDebugLogLevel(args.debug) if args.nofork: log.addInfoLogging("*", log.stdout) log.addDebugLogging("*", log.stdout) log_file = FileLog(config.FIREWALLD_LOGFILE, "a") try: log_file.open() except IOError as e: log.error("Failed to open log file '%s': %s", config.FIREWALLD_LOGFILE, str(e)) else: log.addInfoLogging("*", log_file, [ log.FATAL, log.ERROR, log.WARNING ]) log.addDebugLogging("*", log_file) if args.debug: log.addInfoLogging("*", log_file) log.addDebugLogging("*", log_file) def startup(args): try: if not args.nofork: # do the UNIX double-fork magic, see Stevens' "Advanced # Programming in the UNIX Environment" for details (ISBN 0201563177) pid = os.fork() if pid > 0: # exit first parent sys.exit(0) # decouple from parent environment os.chdir("/") os.setsid() os.umask(os.umask(0o077) | 0o022) # Do not close the file descriptors here anymore # File descriptors are now closed in runProg before execve # Redirect the standard I/O file descriptors to /dev/null if hasattr(os, "devnull"): REDIRECT_TO = os.devnull else: REDIRECT_TO = "/dev/null" fd = os.open(REDIRECT_TO, os.O_RDWR) os.dup2(fd, 0) # standard input (0) os.dup2(fd, 1) # standard output (1) os.dup2(fd, 2) # standard error (2) if not args.nopid: # write the pid file with open(config.FIREWALLD_PIDFILE, "w") as f: f.write(str(os.getpid())) if not os.path.exists(config.FIREWALLD_TEMPDIR): os.mkdir(config.FIREWALLD_TEMPDIR, 0o750) if args.system_config: config.set_system_config_paths(args.system_config) if args.default_config: config.set_default_config_paths(args.default_config) # Start the server mainloop here from firewall.server import server server.run_server(args.debug_gc) # Clean up on exit if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) except OSError as e: log.fatal("Fork #1 failed: %d (%s)" % (e.errno, e.strerror)) log.error(traceback.format_exc()) if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except dbus.exceptions.DBusException as e: log.fatal(str(e)) log.error(traceback.format_exc()) if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except IOError as e: log.fatal(str(e)) log.error(traceback.format_exc()) if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) def main(): # firewalld should only be run as the root user if os.getuid() != 0: print("You need to be root to run %s." % sys.argv[0]) sys.exit(-1) # Process the command-line arguments args = parse_cmdline() if args.log_file: config.FIREWALLD_LOGFILE = args.log_file setup_logging(args) # Don't attempt to run two copies of firewalld simultaneously if not args.nopid and firewalld_is_active(): log.fatal("Not starting FirewallD, already running.") sys.exit(1) startup(args) sys.exit(0) if __name__ == '__main__': main() firewalld-0.8.2/src/Makefile.am0000664007115300711530000000553313620317435017511 0ustar00egarveregarver00000000000000SUBDIRS = icons tests dist_bin_SCRIPTS_in = firewall-applet.in firewall-cmd.in firewall-offline-cmd.in firewall-config.in dist_sbin_SCRIPTS_in = firewalld.in dist_bin_SCRIPTS = $(dist_bin_SCRIPTS_in:.in=) dist_sbin_SCRIPTS = $(dist_sbin_SCRIPTS_in:.in=) gladedir = $(pkgdatadir) dist_glade_DATA = firewall-config.glade gtkextradir = $(pkgdatadir) dist_gtkextra_DATA = gtk3_chooserbutton.py gtk3_niceexpander.py nobase_dist_python_DATA = \ firewall/client.py \ firewall/command.py \ firewall/config/dbus.py \ firewall/config/__init__.py \ firewall/core/base.py \ firewall/core/ebtables.py \ firewall/core/fw_config.py \ firewall/core/fw_direct.py \ firewall/core/fw_helper.py \ firewall/core/fw_icmptype.py \ firewall/core/fw_ifcfg.py \ firewall/core/fw_ipset.py \ firewall/core/fw_nm.py \ firewall/core/fw_policies.py \ firewall/core/fw.py \ firewall/core/fw_service.py \ firewall/core/fw_transaction.py \ firewall/core/fw_zone.py \ firewall/core/helper.py \ firewall/core/icmp.py \ firewall/core/__init__.py \ firewall/core/io/direct.py \ firewall/core/io/firewalld_conf.py \ firewall/core/io/functions.py \ firewall/core/io/helper.py \ firewall/core/io/icmptype.py \ firewall/core/io/ifcfg.py \ firewall/core/io/__init__.py \ firewall/core/io/io_object.py \ firewall/core/io/ipset.py \ firewall/core/io/lockdown_whitelist.py \ firewall/core/io/service.py \ firewall/core/io/zone.py \ firewall/core/ipset.py \ firewall/core/ipXtables.py \ firewall/core/logger.py \ firewall/core/modules.py \ firewall/core/nftables.py \ firewall/core/prog.py \ firewall/core/rich.py \ firewall/core/watcher.py \ firewall/dbus_utils.py \ firewall/errors.py \ firewall/functions.py \ firewall/fw_types.py \ firewall/__init__.py \ firewall/server/config_helper.py \ firewall/server/config_icmptype.py \ firewall/server/config_ipset.py \ firewall/server/config.py \ firewall/server/config_service.py \ firewall/server/config_zone.py \ firewall/server/decorators.py \ firewall/server/firewalld.py \ firewall/server/__init__.py \ firewall/server/server.py EXTRA_DIST = \ firewall/config/__init__.py.in \ $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) CLEANFILES = *~ *\# .\#* *.py? FLAKE8_IGNORE = E121,E122,E123,E124,E126,E127,E128,E201,E202,E203,E211,E221,E222,E225,E226,E231,E241,E251,E261,E262,E265,E266,W291,W293,E301,E302,E303,E305,E306,W391,E402,E501,E502,W503,W504,E722,E741 check-local: find . -name '*.py' -or -name '*.py.in' |xargs flake8 --ignore="$(FLAKE8_IGNORE)" flake8 --ignore="$(FLAKE8_IGNORE)" $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) @echo @for file in $(filter-out $(EXTRA_DIST:.in=),$(nobase_dist_python_DATA) $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done firewalld-0.8.2/src/gtk3_niceexpander.py0000664007115300711530000000576313341016621021422 0ustar00egarveregarver00000000000000#!/usr/bin/python -Es # -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # class NiceExpander(object): def __init__(self, expanded_button, unexpanded_button, paned, child): self.expanded_button = expanded_button self.unexpanded_button = unexpanded_button self.paned = paned self.child = child self.sensitive = True self.expanded = False self.callback = { } self.parent = self.expanded_button.get_parent() self.expanded_button.connect("clicked", self.expand_cb) self.unexpanded_button.connect("clicked", self.unexpand_cb) self.set_expanded(True) def expand_cb(self, *args): self.expanded = False self.expanded_button.hide() self.unexpanded_button.show() self.child.hide() width = self.unexpanded_button.get_allocated_width() width += self.parent.get_border_width()*2 self.paned.set_position(width) self.call_notify_expanded() def unexpand_cb(self, *args): self.expanded = True self.expanded_button.show() self.unexpanded_button.hide() self.child.show() width = self.expanded_button.get_allocated_width() width += self.parent.get_border_width()*2 self.paned.set_position(width) self.call_notify_expanded() def set_expanded(self, flag): self.expanded = flag if flag: self.unexpand_cb() else: self.expand_cb() def get_expanded(self): return self.expanded def connect(self, name, callback, *args): if name == "notify::expanded": self.callback[name] = (callback, args) else: raise ValueError("Unknown callback name '%s'" % name) def call_notify_expanded(self): name = "notify::expanded" if name in self.callback: cb = self.callback[name] try: cb[0](*cb[1]) except Exception as msg: print(msg) def set_sensitive(self, value): self.expanded_button.set_sensitive(value) self.unexpanded_button.set_sensitive(value) self.child.set_sensitive(value) def get_sensitive(self): return self.expanded_button.get_sensitive() def is_sensitive(self): return self.expanded_button.is_sensitive() firewalld-0.8.2/src/firewall-config0000775007115300711530000121242213641123204020441 0ustar00egarveregarver00000000000000#!/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2011-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys import string import gi try: gi.require_version('Gtk', '3.0') from gi.repository import Gtk, Gdk, Pango, Gio Gtk.init(sys.argv) except RuntimeError as e: print("firewall-config: %s" % e) print("This is a graphical application and requires DISPLAY to be set.") sys.exit(1) from gi.repository import GObject, GLib sys.modules['gobject'] = GObject import os datadir = None if os.getenv("FIREWALLD_DEVEL_ENV") is not None: datadir = os.getenv("FIREWALLD_DEVEL_ENV") sys.path.insert(0, datadir) from dbus.exceptions import DBusException from firewall import config from firewall import client from firewall import functions from firewall.core.base import DEFAULT_ZONE_TARGET, REJECT_TYPES, \ ZONE_SOURCE_IPSET_TYPES from firewall.core.ipset import IPSET_MAXNAMELEN from firewall.core.helper import HELPER_MAXNAMELEN from firewall.core.io.zone import Zone from firewall.core.io.service import Service from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core import rich from firewall.core.fw_nm import nm_is_imported, nm_get_dbus_interface, \ nm_get_connections, nm_get_zone_of_connection, \ nm_set_zone_of_connection from firewall import errors from firewall.errors import FirewallError import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext if not datadir: datadir = config.DATADIR sys.path.insert(0, datadir) from gtk3_chooserbutton import ChooserButton from gtk3_niceexpander import NiceExpander def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text FIREWALL_CONFIG_SCHEMA = "org.fedoraproject.FirewallConfig" class FirewallConfig(object): def __init__(self): builder = Gtk.Builder() builder.set_translation_domain("firewalld") builder.add_from_file("%s/%s" % (datadir, config.CONFIG_GLADE_NAME)) builder.connect_signals(self) self.connected_label = _("Connection to firewalld established.") self.trying_to_connect_label = \ _("Trying to connect to firewalld, waiting...") self.failed_to_connect_label = \ _("Failed to connect to firewalld. Please make sure that the " "service has been started correctly and try again.") self.changes_applied_label = _("Changes applied.") self.used_by_label = _("Used by network connection '%s'") self.default_zone_used_by_label = _("Default zone used by network " "connection '%s'") self.enabled = _("enabled") self.disabled = _("disabled") self.settings = Gio.Settings.new(FIREWALL_CONFIG_SCHEMA) self.modified_timer = None self.connection_timer = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } self.default_zone = "" self.nf_conntrack_helpers = { } # point to the visible dialogs self.visible_dialogs = [ ] self.connection_lost = False # get icon and logo (foo, width, height) = Gtk.icon_size_lookup(Gtk.IconSize.BUTTON) size = min(width, height) self.icon_theme = Gtk.IconTheme.get_default() try: self.icon = self.icon_theme.load_icon(config.CONFIG_NAME, size, 0) self.logo = self.icon_theme.load_icon(config.CONFIG_NAME, 48, 0) except: print(_("Failed to load icons.")) self.icon = self.logo = None # get widgets self.mainWindow = builder.get_object("mainWindow") self.mainWindow.set_icon(self.icon) self.mainOverlay = builder.get_object("mainOverlay") self.mainPaned = builder.get_object("mainPaned") self.statusLabel = builder.get_object("statusLabel") self.modifiedLabel = builder.get_object("modifiedLabel") self.lockdownLabel = builder.get_object("lockdownLabel") self.panicLabel = builder.get_object("panicLabel") self.waitingWindow = builder.get_object("waitingWindow") self.waitingWindowLabel = builder.get_object("waitingWindowLabel") self.waitingWindowSpinner = builder.get_object("waitingWindowSpinner") self.waitingWindowQuitButton = \ builder.get_object("waitingWindowQuitButton") self.mainOverlay.add_overlay(self.waitingWindow) self.waitingWindow.set_valign(Gtk.Align.CENTER) self.waitingWindow.set_halign(Gtk.Align.CENTER) self.mainNotebook = builder.get_object("mainNotebook") self.ipsetsBox = builder.get_object("ipsetsBox") self.ipsetsMenuitem = builder.get_object("ipsetsMenuitem") self.icmpTypesBox = builder.get_object("icmpTypesBox") self.icmpTypesMenuitem = builder.get_object("icmpTypesMenuitem") self.helpersBox = builder.get_object("helpersBox") self.helpersMenuitem = builder.get_object("helpersMenuitem") self.directBox = builder.get_object("directBox") self.directMenuitem = builder.get_object("directMenuitem") self.lockdownWhitelistBox = builder.get_object("lockdownWhitelistBox") self.lockdownWhitelistMenuitem = \ builder.get_object("lockdownWhitelistMenuitem") self.activeBindingsMenuitem = \ builder.get_object("activeBindingsMenuitem") self.changeZonesConnectionMenuitem = \ builder.get_object("changeZonesConnectionMenuitem") self.left_menu = Gtk.Menu.new() self.left_menu.set_reserve_toggle_size(False) self.changeZonesConnectionMenuitem.set_submenu(self.left_menu) self.changeZonesConnectionMenuitem.connect( "activate", self.left_menu_cb, self.left_menu) self.active_zones = { } self.panicMenuitem = builder.get_object("panicMenuitem") self.panic_check_id = \ self.panicMenuitem.connect_after("toggled", self.panic_check_cb) self.lockdownMenuitem = builder.get_object("lockdownMenuitem") self.lockdown_check_id = \ self.lockdownMenuitem.connect_after("toggled", self.lockdown_check_cb) self.lockdownContextView = builder.get_object("lockdownContextView") self.lockdownContextStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownContextView.append_column( Gtk.TreeViewColumn(_("Context"), Gtk.CellRendererText(), text=0)) self.lockdownContextView.set_model(self.lockdownContextStore) self.lockdownContextView.get_selection().connect( \ "changed", self.change_lockdown_context_selection_cb) self.editLockdownContextButton = \ builder.get_object("editLockdownContextButton") self.removeLockdownContextButton = \ builder.get_object("removeLockdownContextButton") self.contextDialog = builder.get_object("contextDialog") self.contextDialogOkButton = builder.get_object("contextDialogOkButton") self.contextDialogCancelButton = \ builder.get_object("contextDialogCancelButton") self.contextDialogContextEntry = \ builder.get_object("contextDialogContextEntry") self.lockdownCommandView = builder.get_object("lockdownCommandView") self.lockdownCommandStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownCommandView.append_column( Gtk.TreeViewColumn(_("Command line"), Gtk.CellRendererText(), text=0)) self.lockdownCommandView.set_model(self.lockdownCommandStore) self.lockdownCommandView.get_selection().connect( \ "changed", self.change_lockdown_command_selection_cb) self.editLockdownCommandButton = \ builder.get_object("editLockdownCommandButton") self.removeLockdownCommandButton = \ builder.get_object("removeLockdownCommandButton") self.commandDialog = builder.get_object("commandDialog") self.commandDialogOkButton = builder.get_object("commandDialogOkButton") self.commandDialogCancelButton = \ builder.get_object("commandDialogCancelButton") self.commandDialogCommandEntry = \ builder.get_object("commandDialogCommandEntry") self.lockdownUserView = builder.get_object("lockdownUserView") self.lockdownUserStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownUserView.append_column( Gtk.TreeViewColumn(_("User name"), Gtk.CellRendererText(), text=0)) self.lockdownUserView.set_model(self.lockdownUserStore) self.lockdownUserView.get_selection().connect( \ "changed", self.change_lockdown_user_selection_cb) self.editLockdownUserButton = \ builder.get_object("editLockdownUserButton") self.removeLockdownUserButton = \ builder.get_object("removeLockdownUserButton") self.userDialog = builder.get_object("userDialog") self.userDialogOkButton = builder.get_object("userDialogOkButton") self.userDialogCancelButton = \ builder.get_object("userDialogCancelButton") self.userDialogUserEntry = \ builder.get_object("userDialogUserEntry") self.lockdownUidView = builder.get_object("lockdownUidView") self.lockdownUidStore = Gtk.ListStore(GObject.TYPE_INT) self.lockdownUidView.append_column( Gtk.TreeViewColumn(_("User id"), Gtk.CellRendererText(), text=0)) self.lockdownUidView.set_model(self.lockdownUidStore) self.lockdownUidView.get_selection().connect( \ "changed", self.change_lockdown_uid_selection_cb) self.editLockdownUidButton = \ builder.get_object("editLockdownUidButton") self.removeLockdownUidButton = \ builder.get_object("removeLockdownUidButton") self.uidDialog = builder.get_object("uidDialog") self.uidDialogOkButton = builder.get_object("uidDialogOkButton") self.uidDialogCancelButton = \ builder.get_object("uidDialogCancelButton") self.uidDialogUidEntry = \ builder.get_object("uidDialogUidEntry") self.serviceConfServicesEditBox = \ builder.get_object("serviceConfServicesEditBox") self.serviceConfPortBox = \ builder.get_object("serviceConfPortBox") self.serviceConfProtocolBox = \ builder.get_object("serviceConfProtocolBox") self.serviceConfSourcePortBox = \ builder.get_object("serviceConfSourcePortBox") self.serviceConfModuleBox = \ builder.get_object("serviceConfModuleBox") self.serviceConfDestinationGrid = \ builder.get_object("serviceConfDestinationGrid") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.directChainView = builder.get_object("directChainView") self.directChainStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING) # chain self.directChainView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directChainView.set_model(self.directChainStore) self.directChainView.get_selection().connect( \ "changed", self.change_chain_selection_cb) self.editDirectChainButton = \ builder.get_object("editDirectChainButton") self.removeDirectChainButton = \ builder.get_object("removeDirectChainButton") self.directChainDialog = builder.get_object("directChainDialog") self.directChainDialogOkButton = \ builder.get_object("directChainDialogOkButton") self.directChainDialogCancelButton = \ builder.get_object("directChainDialogCancelButton") self.directChainDialogIPVCombobox = \ builder.get_object("directChainDialogIPVCombobox") self.directChainDialogTableCombobox = \ builder.get_object("directChainDialogTableCombobox") self.directChainDialogChainEntry = \ builder.get_object("directChainDialogChainEntry") self.directRuleView = builder.get_object("directRuleView") self.directRuleStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING, # chain GObject.TYPE_INT, # priority GObject.TYPE_STRING) # args self.directRuleView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=3)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=4)) self.directRuleView.set_model(self.directRuleStore) self.directRuleView.get_selection().connect( \ "changed", self.change_rule_selection_cb) self.editDirectRuleButton = \ builder.get_object("editDirectRuleButton") self.removeDirectRuleButton = \ builder.get_object("removeDirectRuleButton") self.directRuleDialog = builder.get_object("directRuleDialog") self.directRuleDialogOkButton = \ builder.get_object("directRuleDialogOkButton") self.directRuleDialogCancelButton = \ builder.get_object("directRuleDialogCancelButton") self.directRuleDialogIPVCombobox = \ builder.get_object("directRuleDialogIPVCombobox") self.directRuleDialogTableCombobox = \ builder.get_object("directRuleDialogTableCombobox") self.directRuleDialogChainEntry = \ builder.get_object("directRuleDialogChainEntry") self.directRuleDialogPrioritySpinbutton = \ builder.get_object("directRuleDialogPrioritySpinbutton") self.directRuleDialogArgsEntry = \ builder.get_object("directRuleDialogArgsEntry") self.directPassthroughBox = builder.get_object("directPassthroughBox") self.directPassthroughView = builder.get_object("directPassthroughView") self.directPassthroughStore = Gtk.ListStore( GObject.TYPE_STRING, # ipv GObject.TYPE_STRING) # passthrough self.directPassthroughView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directPassthroughView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=1)) self.directPassthroughView.set_model(self.directPassthroughStore) self.directPassthroughView.get_selection().connect( \ "changed", self.change_passthrough_selection_cb) self.editDirectPassthroughButton = \ builder.get_object("editDirectPassthroughButton") self.removeDirectPassthroughButton = \ builder.get_object("removeDirectPassthroughButton") self.directPassthroughDialog = \ builder.get_object("directPassthroughDialog") self.directPassthroughDialogOkButton = \ builder.get_object("directPassthroughDialogOkButton") self.directPassthroughDialogCancelButton = \ builder.get_object("directPassthroughDialogCancelButton") self.directPassthroughDialogIPVCombobox = \ builder.get_object("directPassthroughDialogIPVCombobox") self.directPassthroughDialogArgsEntry = \ builder.get_object("directPassthroughDialogArgsEntry") self.mainVBox = builder.get_object("mainVBox") self.optionsMenuitem = builder.get_object("optionsMenuitem") self.viewMenuitem = builder.get_object("viewMenuitem") self.aboutDialog = builder.get_object("aboutDialog") self.aboutDialog.set_program_name(config.CONFIG_NAME) self.aboutDialog.set_version(config.VERSION) self.aboutDialog.set_authors(config.AUTHORS) self.aboutDialog.set_license(config.LICENSE) self.aboutDialog.set_wrap_license(True) self.aboutDialog.set_copyright(config.COPYRIGHT) self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.set_modal(True) self.aboutDialog.set_icon(self.icon) self.aboutDialog.set_logo(self.logo) self.aboutDialog.set_website(config.WEBSITE) self.currentViewCombobox = builder.get_object("currentViewCombobox") self.currentViewCombobox.append_text(_("Runtime")) self.currentViewCombobox.append_text(_("Permanent")) self.runtime_view = True self.zoneView = builder.get_object("zoneView") self.zoneStore = Gtk.ListStore(GObject.TYPE_STRING, # name GObject.TYPE_INT) # weight self.zoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.zoneView.set_model(self.zoneStore) self.zoneStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.zoneView.get_selection().connect("changed", self.onChangeZone) self.zoneNotebook = builder.get_object("zoneNotebook") self.defaultZoneLabel = builder.get_object("defaultZoneLabel") self.defaultZoneDialog = builder.get_object("defaultZoneDialog") self.defaultZoneDialogOkButton = \ builder.get_object("defaultZoneDialogOkButton") self.defaultZoneView = builder.get_object("defaultZoneView") self.defaultZoneStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_INT) self.defaultZoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.defaultZoneView.set_model(self.defaultZoneStore) self.defaultZoneView.get_selection().connect(\ "changed", self.on_defaultZoneViewSelection_changed) self.logDeniedLabel = builder.get_object("logDeniedLabel") self.logDeniedDialog = builder.get_object("logDeniedDialog") self.logDeniedDialogOkButton = \ builder.get_object("logDeniedDialogOkButton") self.logDeniedDialogValueCombobox = \ builder.get_object("logDeniedDialogValueCombobox") for value in config.LOG_DENIED_VALUES: self.logDeniedDialogValueCombobox.append_text(value) self.automaticHelpersLabel = builder.get_object("automaticHelpersLabel") self.automaticHelpersDialog = builder.get_object("automaticHelpersDialog") self.automaticHelpersDialogOkButton = \ builder.get_object("automaticHelpersDialogOkButton") self.automaticHelpersDialogValueCombobox = \ builder.get_object("automaticHelpersDialogValueCombobox") for value in config.AUTOMATIC_HELPERS_VALUES: self.automaticHelpersDialogValueCombobox.append_text(value) self.zoneEditBox = builder.get_object("zoneEditBox") self.zoneEditBox.hide() self.zoneEditLoadDefaultsButton = \ builder.get_object("zoneEditLoadDefaultsButton") self.zoneEditEditButton = builder.get_object("zoneEditEditButton") self.zoneEditRemoveButton = builder.get_object("zoneEditRemoveButton") self.zoneBaseDialog = builder.get_object("zoneBaseDialog") self.zoneBaseDialogOkButton = \ builder.get_object("zoneBaseDialogOkButton") self.zoneBaseDialogNameEntry = \ builder.get_object("zoneBaseDialogNameEntry") self.zoneBaseDialogVersionEntry = \ builder.get_object("zoneBaseDialogVersionEntry") self.zoneBaseDialogShortEntry = \ builder.get_object("zoneBaseDialogShortEntry") self.zoneBaseDialogDescText = \ builder.get_object("zoneBaseDialogDescText") self.zoneBaseDialogDescText.get_buffer().connect(\ "changed", self.onZoneBaseDialogChanged) self.zoneBaseDialogTargetCheck = \ builder.get_object("zoneBaseDialogTargetCheck") self.zoneBaseDialogTargetCombobox = \ builder.get_object("zoneBaseDialogTargetCombobox") self.serviceView = builder.get_object("serviceView") self.serviceStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.service_toggle_cb, self.serviceStore, 0) self.serviceView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.serviceView.append_column( Gtk.TreeViewColumn(_("Service"), Gtk.CellRendererText(), text=1)) self.serviceView.set_model(self.serviceStore) self.serviceStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView = builder.get_object("portView") self.portStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.portView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.portView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.portView.set_model(self.portStore) self.portStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView.get_selection().connect("changed", self.change_port_selection_cb) self.editPortButton = builder.get_object("editPortButton") self.removePortButton = builder.get_object("removePortButton") self.portDialog = builder.get_object("portDialog") self.portDialogOkButton = builder.get_object("portDialogOkButton") self.portDialogCancelButton = \ builder.get_object("portDialogCancelButton") self.portDialogPortEntry = builder.get_object("portDialogPortEntry") self.portDialogProtoCombobox = \ builder.get_object("portDialogProtoCombobox") self.protocolView = builder.get_object("protocolView") self.protocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.protocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.protocolView.set_model(self.protocolStore) self.protocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.protocolView.get_selection().connect( "changed", self.change_protocol_selection_cb) self.editProtocolButton = builder.get_object("editProtocolButton") self.removeProtocolButton = builder.get_object("removeProtocolButton") self.protoDialog = builder.get_object("protoDialog") self.protoDialogOkButton = builder.get_object("protoDialogOkButton") self.protoDialogCancelButton = \ builder.get_object("protoDialogCancelButton") self.protoDialogProtoLabel = builder.get_object("protoDialogProtoLabel") self.protoDialogProtoCombobox = \ builder.get_object("protoDialogProtoCombobox") self.protoDialogOtherProtoCheck = \ builder.get_object("protoDialogOtherProtoCheck") self.protoDialogOtherProtoEntry = \ builder.get_object("protoDialogOtherProtoEntry") self.sourcePortView = builder.get_object("sourcePortView") self.sourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.sourcePortView.set_model(self.sourcePortStore) self.sourcePortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.sourcePortView.get_selection().connect( "changed", self.change_source_port_selection_cb) self.editSourcePortButton = builder.get_object("editSourcePortButton") self.removeSourcePortButton = \ builder.get_object("removeSourcePortButton") self.masqueradeCheck = builder.get_object("masqueradeCheck") self.masqueradeEventbox = builder.get_object("masqueradeEventbox") self.masqueradeEventbox.connect("button-press-event", self.masquerade_check_cb) self.forwardView = builder.get_object("forwardView") self.forwardStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING) self.forwardView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.forwardView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Port"), Gtk.CellRendererText(), text=2)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Address"), Gtk.CellRendererText(), text=3)) self.forwardView.set_model(self.forwardStore) self.forwardStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.forwardView.get_selection().connect(\ "changed", self.change_forward_selection_cb) self.editForwardButton = builder.get_object("editForwardButton") self.removeForwardButton = builder.get_object("removeForwardButton") self.forwardDialog = builder.get_object("forwardDialog") self.forwardDialogOkButton = builder.get_object("forwardDialogOkButton") self.forwardDialogCancelButton = \ builder.get_object("forwardDialogCancelButton") self.forwardDialogPortEntry = \ builder.get_object("forwardDialogPortEntry") self.forwardDialogProtoCombobox = \ builder.get_object("forwardDialogProtoCombobox") self.forwardDialogLocalCheck = \ builder.get_object("forwardDialogLocalCheck") self.forwardDialogToPortCheck = \ builder.get_object("forwardDialogToPortCheck") self.forwardDialogToPortLabel = \ builder.get_object("forwardDialogToPortLabel") self.forwardDialogToPortEntry = \ builder.get_object("forwardDialogToPortEntry") self.forwardDialogToAddrLabel = \ builder.get_object("forwardDialogToAddrLabel") self.forwardDialogToAddrEntry = \ builder.get_object("forwardDialogToAddrEntry") # bindings Expander self.bindingsBox = builder.get_object("bindingsBox") self.bindingsExpanderButton = \ builder.get_object("bindingsExpanderButton") self.bindingsUnexpanderButton = \ builder.get_object("bindingsUnexpanderButton") self.bindingsExpander = NiceExpander( self.bindingsExpanderButton, self.bindingsUnexpanderButton, self.mainPaned, self.bindingsBox) self.bindingsExpander.connect("notify::expanded", self.bindings_expander_changed) # bindings View self.bindingsView = builder.get_object("bindingsView") self.bindingsStore = Gtk.TreeStore(GObject.TYPE_STRING, # label GObject.TYPE_STRING, # connection/interface/source GObject.TYPE_STRING) # real zone self.bindingsView.set_model(self.bindingsStore) self.bindingsView.append_column( Gtk.TreeViewColumn(_("Bindings"), Gtk.CellRendererText(), markup=0)) self.connectionsIter = self.bindingsStore.append( None, [ _("Connections"), "", "" ]) self.interfacesIter = self.bindingsStore.append( None, [ _("Interfaces"), "", "" ]) self.sourcesIter = self.bindingsStore.append( None, [ _("Sources"), "", "" ]) self.bindingsView.get_selection().connect("changed", self.onSelectBinding) self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.bindingsView.set_show_expanders(False) self.bindingsView.set_level_indentation(10) self.changeBindingsButton = builder.get_object("changeBindingsButton") self.changeBindingsButton.connect("clicked", self.onChangeBinding) #self.editBindingsButton = builder.get_object("editBindingsButton") #self.editBindingsButton.connect("clicked", self.onEditBinding) self.ipsetConfIPSetView = builder.get_object("ipsetConfIPSetView") self.ipsetConfIPSetStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.ipsetConfIPSetView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.ipsetConfIPSetView.set_model(self.ipsetConfIPSetStore) self.ipsetConfIPSetStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.ipsetConfIPSetView.get_selection().connect("changed", self.onChangeIPSet) self.ipsetConfNotebook = builder.get_object("ipsetConfNotebook") self.ipsetConfEntryLabel = builder.get_object("ipsetConfEntryLabel") self.ipsetConfTimeoutLabel = builder.get_object("ipsetConfTimeoutLabel") self.ipsetConfEntrySW = builder.get_object("ipsetConfEntrySW") self.ipsetConfEntryView = builder.get_object("ipsetConfEntryView") self.ipsetConfEntryStore = Gtk.ListStore(GObject.TYPE_STRING) self.ipsetConfEntryView.append_column( Gtk.TreeViewColumn(_("Entry"), Gtk.CellRendererText(), text=0)) self.ipsetConfEntryView.set_model(self.ipsetConfEntryStore) self.ipsetConfEntryStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.ipsetConfEntryView.get_selection().connect(\ "changed", self.change_ipset_conf_entry_selection_cb) self.ipsetConfIPSetEditBox = \ builder.get_object("ipsetConfIPSetEditBox") self.ipsetConfEntryBox = \ builder.get_object("ipsetConfEntryBox") self.ipsetConfEditIPSetButton = \ builder.get_object("ipsetConfEditIPSetButton") self.ipsetConfRemoveIPSetButton = \ builder.get_object("ipsetConfRemoveIPSetButton") self.ipsetConfLoadDefaultsIPSetButton = \ builder.get_object("ipsetConfLoadDefaultsIPSetButton") self.ipsetConfAddEntryBox = \ builder.get_object("ipsetConfAddEntryBox") self.ipsetConfAddEntryMenu = \ builder.get_object("ipsetConfAddEntryMenu") self.ipsetConfAddEntryMenubutton = \ builder.get_object("ipsetConfAddEntryMenubutton") self.ipsetConfEditEntryButton = \ builder.get_object("ipsetConfEditEntryButton") self.ipsetConfRemoveEntryBox = \ builder.get_object("ipsetConfRemoveEntryBox") self.ipsetConfRemoveEntryMenu = \ builder.get_object("ipsetConfRemoveEntryMenu") self.ipsetConfRemoveEntryMenubutton = \ builder.get_object("ipsetConfRemoveEntryMenubutton") self.ipsetConfRemoveEntryMenuitem = \ builder.get_object("ipsetConfRemoveEntryMenuitem") self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) self.ipsetEntryDialog = \ builder.get_object("ipsetEntryDialog") self.ipsetEntryDialogCancelButton = \ builder.get_object("ipsetEntryDialogCancelButton") self.ipsetEntryDialogOkButton = \ builder.get_object("ipsetEntryDialogOkButton") self.ipsetEntryDialogEntryEntry = \ builder.get_object("ipsetEntryDialogEntryEntry") self.ipsetEntryDialogTypeLabel = \ builder.get_object("ipsetEntryDialogTypeLabel") self.ipsetBaseDialog = builder.get_object("ipsetBaseDialog") self.ipsetBaseDialogOkButton = \ builder.get_object("ipsetBaseDialogOkButton") self.ipsetBaseDialogNameEntry = \ builder.get_object("ipsetBaseDialogNameEntry") self.ipsetBaseDialogVersionEntry = \ builder.get_object("ipsetBaseDialogVersionEntry") self.ipsetBaseDialogShortEntry = \ builder.get_object("ipsetBaseDialogShortEntry") self.ipsetBaseDialogDescText = \ builder.get_object("ipsetBaseDialogDescText") self.ipsetBaseDialogDescText.get_buffer().connect(\ "changed", self.onIPSetBaseDialogChanged) self.ipsetBaseDialogTypeCombobox = \ builder.get_object("ipsetBaseDialogTypeCombobox") self.ipsetBaseDialogBadTypeLabel = \ builder.get_object("ipsetBaseDialogBadTypeLabel") self.ipsetBaseDialogFamilyLabel = \ builder.get_object("ipsetBaseDialogFamilyLabel") self.ipsetBaseDialogFamilyCombobox = \ builder.get_object("ipsetBaseDialogFamilyCombobox") self.ipsetBaseDialogTimeoutEntry = \ builder.get_object("ipsetBaseDialogTimeoutEntry") self.ipsetBaseDialogHashsizeEntry = \ builder.get_object("ipsetBaseDialogHashsizeEntry") self.ipsetBaseDialogMaxelemEntry = \ builder.get_object("ipsetBaseDialogMaxelemEntry") self.helperConfHelperNotebook = \ builder.get_object("helperConfHelperNotebook") self.helperConfHelperEditBox = \ builder.get_object("helperConfHelperEditBox") self.helperConfPortBox = \ builder.get_object("helperConfPortBox") self.helperConfEditHelperButton = \ builder.get_object("helperConfEditHelperButton") self.helperConfRemoveHelperButton = \ builder.get_object("helperConfRemoveHelperButton") self.helperConfLoadDefaultsHelperButton = \ builder.get_object("helperConfLoadDefaultsHelperButton") self.helperConfAddPortButton = \ builder.get_object("helperConfAddPortButton") self.helperConfEditPortButton = \ builder.get_object("helperConfEditPortButton") self.helperConfRemovePortButton = \ builder.get_object("helperConfRemovePortButton") self.helperBaseDialog = builder.get_object("helperBaseDialog") self.helperBaseDialogOkButton = \ builder.get_object("helperBaseDialogOkButton") self.helperBaseDialogNameEntry = \ builder.get_object("helperBaseDialogNameEntry") self.helperBaseDialogVersionEntry = \ builder.get_object("helperBaseDialogVersionEntry") self.helperBaseDialogShortEntry = \ builder.get_object("helperBaseDialogShortEntry") self.helperBaseDialogDescText = \ builder.get_object("helperBaseDialogDescText") self.helperBaseDialogDescText.get_buffer().connect(\ "changed", self.onHelperBaseDialogChanged) self.helperBaseDialogModuleChooser = \ ChooserButton(builder.get_object("helperBaseDialogModuleChooser")) self.helperBaseDialogFamilyCombobox = \ builder.get_object("helperBaseDialogFamilyCombobox") self.icmpView = builder.get_object("icmpView") self.icmpStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.icmp_toggle_cb, self.icmpStore, 0) self.icmpView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.icmpView.append_column( Gtk.TreeViewColumn(_("Icmp Type"), Gtk.CellRendererText(), text=1)) self.icmpView.set_model(self.icmpStore) self.icmpStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.icmpBlockInversionCheck = \ builder.get_object("icmpBlockInversionCheck") self.icmpBlockInversionEventbox = \ builder.get_object("icmpBlockInversionEventbox") self.icmpBlockInversionEventbox.connect( "button-press-event", self.icmp_block_inversion_check_cb) self.helperConfHelperView = builder.get_object("helperConfHelperView") self.helperConfHelperStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.helperConfHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperConfHelperView.set_model(self.helperConfHelperStore) self.helperConfHelperStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.helperConfHelperView.get_selection().connect("changed", self.onChangeHelper) self.helperConfPortView = builder.get_object("helperConfPortView") self.helperConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.helperConfPortView.set_model(self.helperConfPortStore) self.helperConfPortStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.helperConfPortView.get_selection().connect(\ "changed", self.change_helper_conf_port_selection_cb) self.richRuleView = builder.get_object("richRuleView") self.richRuleStore = Gtk.ListStore(GObject.TYPE_PYOBJECT, # the rule obj GObject.TYPE_STRING, # ipv4/ipv6 GObject.TYPE_INT, # priority GObject.TYPE_STRING, # action GObject.TYPE_STRING, # element GObject.TYPE_STRING, # source GObject.TYPE_STRING, # destination GObject.TYPE_STRING, # log GObject.TYPE_STRING) # audit self.richRuleView.append_column( Gtk.TreeViewColumn(_("Family"), Gtk.CellRendererText(), text=1)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=2)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=3)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=4)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=5)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=6)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=7)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=8)) self.richRuleView.set_model(self.richRuleStore) self.richRuleStore.set_sort_column_id(2, Gtk.SortType.ASCENDING) self.richRuleView.get_selection().connect( \ "changed", self.change_rich_rule_selection_cb) self.addRichRuleButton = builder.get_object("addRichRuleButton") self.editRichRuleButton = builder.get_object("editRichRuleButton") self.removeRichRuleButton = builder.get_object("removeRichRuleButton") self.richRuleDialog = builder.get_object("richRuleDialog") self.richRuleDialogOkButton = builder.get_object( \ "richRuleDialogOkButton") self.richRuleDialogCancelButton = builder.get_object( \ "richRuleDialogCancelButton") self.richRuleDialogFamilyCombobox = builder.get_object( \ "richRuleDialogFamilyCombobox") self.richRuleDialogPriorityEntry = builder.get_object( \ "richRuleDialogPriorityEntry") self.richRuleDialogElementCheck = builder.get_object( \ "richRuleDialogElementCheck") self.richRuleDialogElementBox = builder.get_object( \ "richRuleDialogElementBox") self.richRuleDialogElementCombobox = builder.get_object( \ "richRuleDialogElementCombobox") self.richRuleDialogElementChooser = ChooserButton(builder.get_object( \ "richRuleDialogElementChooser")) self.richRuleDialogActionCheck = builder.get_object( \ "richRuleDialogActionCheck") self.richRuleDialogActionBox = builder.get_object( \ "richRuleDialogActionBox") self.richRuleDialogActionCombobox = builder.get_object( \ "richRuleDialogActionCombobox") self.richRuleDialogActionRejectBox = builder.get_object( \ "richRuleDialogActionRejectBox") self.richRuleDialogActionRejectTypeCheck = builder.get_object( \ "richRuleDialogActionRejectTypeCheck") self.richRuleDialogActionRejectTypeCombobox = builder.get_object( \ "richRuleDialogActionRejectTypeCombobox") self.richRuleDialogActionMarkBox = builder.get_object( \ "richRuleDialogActionMarkBox") self.richRuleDialogActionMarkChooser = ChooserButton(builder.get_object( \ "richRuleDialogActionMarkChooser")) self.richRuleDialogActionLimitCheck = builder.get_object( \ "richRuleDialogActionLimitCheck") self.richRuleDialogActionLimitBox = builder.get_object( \ "richRuleDialogActionLimitBox") self.richRuleDialogActionLimitRateEntry = builder.get_object( \ "richRuleDialogActionLimitRateEntry") self.richRuleDialogActionLimitDurationCombobox = builder.get_object( \ "richRuleDialogActionLimitDurationCombobox") self.richRuleDialogSourceLabel = builder.get_object( \ "richRuleDialogSourceLabel") self.richRuleDialogSourceInvertCheck = builder.get_object( \ "richRuleDialogSourceInvertCheck") self.richRuleDialogSourceTypeCombobox = builder.get_object( \ "richRuleDialogSourceTypeCombobox") self.richRuleDialogSourceChooser = ChooserButton(builder.get_object( \ "richRuleDialogSourceChooser")) self.richRuleDialogDestinationLabel = builder.get_object( \ "richRuleDialogDestinationLabel") self.richRuleDialogDestinationBox = builder.get_object( \ "richRuleDialogDestinationBox") self.richRuleDialogDestinationInvertCheck = builder.get_object( \ "richRuleDialogDestinationInvertCheck") self.richRuleDialogDestinationChooser = \ ChooserButton(builder.get_object( \ "richRuleDialogDestinationChooser")) self.richRuleDialogLogCheck = builder.get_object( \ "richRuleDialogLogCheck") self.richRuleDialogLogGrid = builder.get_object( \ "richRuleDialogLogGrid") self.richRuleDialogLogPrefixEntry = builder.get_object( \ "richRuleDialogLogPrefixEntry") self.richRuleDialogLogLevelCombobox = builder.get_object( \ "richRuleDialogLogLevelCombobox") self.richRuleDialogLogLimitCheck = builder.get_object( \ "richRuleDialogLogLimitCheck") self.richRuleDialogLogLimitBox = builder.get_object( \ "richRuleDialogLogLimitBox") self.richRuleDialogLogLimitRateEntry = builder.get_object( \ "richRuleDialogLogLimitRateEntry") self.richRuleDialogLogLimitDurationCombobox = builder.get_object( \ "richRuleDialogLogLimitDurationCombobox") self.richRuleDialogAuditCheck = builder.get_object( \ "richRuleDialogAuditCheck") self.richRuleDialogAuditBox = builder.get_object( \ "richRuleDialogAuditBox") self.richRuleDialogAuditLimitBox = builder.get_object( \ "richRuleDialogAuditLimitBox") self.richRuleDialogAuditLimitCheck = builder.get_object( \ "richRuleDialogAuditLimitCheck") self.richRuleDialogAuditLimitRateEntry = builder.get_object( \ "richRuleDialogAuditLimitRateEntry") self.richRuleDialogAuditLimitDurationCombobox = builder.get_object( \ "richRuleDialogAuditLimitDurationCombobox") self.interfaceView = builder.get_object("interfaceView") self.interfaceStore = Gtk.ListStore(GObject.TYPE_STRING, # interface GObject.TYPE_STRING) # comment self.interfaceView.append_column( Gtk.TreeViewColumn(_("Interface"), Gtk.CellRendererText(), text=0)) self.interfaceView.append_column( Gtk.TreeViewColumn(_("Comment"), Gtk.CellRendererText(), text=1)) self.interfaceView.set_model(self.interfaceStore) self.interfaceView.get_selection().connect( "changed", self.change_interface_selection_cb) self.interfaceDialog = builder.get_object("interfaceDialog") self.interfaceDialogOkButton = builder.get_object( "interfaceDialogOkButton") self.interfaceDialogCancelButton = builder.get_object( "interfaceDialogCancelButton") self.interfaceDialogInterfaceEntry = builder.get_object( "interfaceDialogInterfaceEntry") self.editInterfaceButton = builder.get_object("editInterfaceButton") self.removeInterfaceButton = builder.get_object("removeInterfaceButton") self.sourceView = builder.get_object("sourceView") self.sourceStore = Gtk.ListStore(GObject.TYPE_STRING) # source self.sourceView.append_column( Gtk.TreeViewColumn(_("Source"), Gtk.CellRendererText(), text=0)) self.sourceView.set_model(self.sourceStore) self.sourceView.get_selection().connect( "changed", self.change_source_selection_cb) self.editSourceButton = builder.get_object("editSourceButton") self.removeSourceButton = builder.get_object("removeSourceButton") self.serviceConfServiceNotebook = \ builder.get_object("serviceConfServiceNotebook") self.serviceConfServiceEditBox = \ builder.get_object("serviceConfServiceEditBox") self.serviceConfEditServiceButton = \ builder.get_object("serviceConfEditServiceButton") self.serviceConfRemoveServiceButton = \ builder.get_object("serviceConfRemoveServiceButton") self.serviceConfLoadDefaultsServiceButton = \ builder.get_object("serviceConfLoadDefaultsServiceButton") self.serviceConfServiceView = \ builder.get_object("serviceConfServiceView") self.serviceConfServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfServiceView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.serviceConfServiceView.set_model(self.serviceConfServiceStore) self.serviceConfServiceStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfServiceView.get_selection().connect(\ "changed", self.onChangeService) self.serviceConfPortView = builder.get_object("serviceConfPortView") self.serviceConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfPortView.set_model(self.serviceConfPortStore) self.serviceConfPortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.serviceConfPortView.get_selection().connect(\ "changed", self.change_service_dialog_port_selection_cb) self.serviceConfEditPortButton = \ builder.get_object("serviceConfEditPortButton") self.serviceConfRemovePortButton = \ builder.get_object("serviceConfRemovePortButton") self.serviceConfProtocolView = \ builder.get_object("serviceConfProtocolView") self.serviceConfProtocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfProtocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.serviceConfProtocolView.set_model(self.serviceConfProtocolStore) self.serviceConfProtocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.serviceConfProtocolView.get_selection().connect(\ "changed", self.change_service_dialog_protocol_selection_cb) self.serviceConfEditProtocolButton = \ builder.get_object("serviceConfEditProtocolButton") self.serviceConfRemoveProtocolButton = \ builder.get_object("serviceConfRemoveProtocolButton") self.serviceConfSourcePortView = \ builder.get_object("serviceConfSourcePortView") self.serviceConfSourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfSourcePortView.set_model(self.serviceConfSourcePortStore) self.serviceConfSourcePortStore.set_sort_column_id( 1, Gtk.SortType.ASCENDING) self.serviceConfSourcePortView.get_selection().connect(\ "changed", self.change_service_dialog_source_port_selection_cb) self.serviceConfEditSourcePortButton = \ builder.get_object("serviceConfEditSourcePortButton") self.serviceConfRemoveSourcePortButton = \ builder.get_object("serviceConfRemoveSourcePortButton") self.serviceConfModuleView = \ builder.get_object("serviceConfModuleView") self.serviceConfModuleStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfModuleView.append_column( Gtk.TreeViewColumn("Module", Gtk.CellRendererText(), text=0)) self.serviceConfModuleView.set_model(self.serviceConfModuleStore) self.serviceConfModuleStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfModuleView.get_selection().connect(\ "changed", self.change_service_dialog_module_selection_cb) self.serviceConfEditModuleButton = \ builder.get_object("serviceConfEditModuleButton") self.serviceConfRemoveModuleButton = \ builder.get_object("serviceConfRemoveModuleButton") self.serviceConfDestIpv4Chooser = ChooserButton( builder.get_object("serviceConfDestIpv4Chooser"), "") self.serviceConfDestIpv6Chooser = ChooserButton( builder.get_object("serviceConfDestIpv6Chooser"), "") self.addressDialog = builder.get_object("addressDialog") self.addressDialogLabel = builder.get_object("addressDialogLabel") self.addressDialogLabel2 = builder.get_object("addressDialogLabel2") self.addressDialogOkButton = \ builder.get_object("addressDialogOkButton") self.addressDialogCancelButton = \ builder.get_object("addressDialogCancelButton") self.addressDialogAddressEntry = \ builder.get_object("addressDialogAddressEntry") self.macDialog = builder.get_object("macDialog") self.macDialogOkButton = \ builder.get_object("macDialogOkButton") self.macDialogCancelButton = \ builder.get_object("macDialogCancelButton") self.macDialogMacEntry = \ builder.get_object("macDialogMacEntry") self.ipsetDialog = builder.get_object("ipsetDialog") self.ipsetDialogOkButton = \ builder.get_object("ipsetDialogOkButton") self.ipsetDialogCancelButton = \ builder.get_object("ipsetDialogCancelButton") self.ipsetDialogIPSetView = \ builder.get_object("ipsetDialogIPSetView") self.ipsetDialogIPSetStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("IPSet", Gtk.CellRendererText(), text=0)) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("Type", Gtk.CellRendererText(), text=1)) self.ipsetDialogIPSetView.set_model(self.ipsetDialogIPSetStore) self.ipsetDialogIPSetView.get_selection().connect( \ "changed", self.change_ipset_selection_cb) self.helperDialog = builder.get_object("helperDialog") self.helperDialogOkButton = \ builder.get_object("helperDialogOkButton") self.helperDialogCancelButton = \ builder.get_object("helperDialogCancelButton") self.helperDialogHelperView = \ builder.get_object("helperDialogHelperView") self.helperDialogHelperStore = Gtk.ListStore(GObject.TYPE_STRING) self.helperDialogHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperDialogHelperView.set_model(self.helperDialogHelperStore) self.helperDialogHelperView.get_selection().connect( \ "changed", self.change_helper_selection_cb) self.moduleDialog = builder.get_object("moduleDialog") self.moduleDialogOkButton = builder.get_object("moduleDialogOkButton") self.moduleDialogCancelButton = \ builder.get_object("moduleDialogCancelButton") self.moduleDialogModuleLabel = builder.get_object("moduleDialogModuleLabel") self.moduleDialogModuleCombobox = \ builder.get_object("moduleDialogModuleCombobox") self.moduleDialogOtherModuleCheck = \ builder.get_object("moduleDialogOtherModuleCheck") self.moduleDialogOtherModuleEntry = \ builder.get_object("moduleDialogOtherModuleEntry") self.sourceDialog = builder.get_object("sourceDialog") self.sourceDialogOkButton = \ builder.get_object("sourceDialogOkButton") self.sourceDialogCancelButton = \ builder.get_object("sourceDialogCancelButton") self.sourceDialogSourceTypeCombobox = \ builder.get_object("sourceDialogSourceTypeCombobox") self.sourceDialogSourceChooser = ChooserButton(builder.get_object( \ "sourceDialogSourceChooser")) self.markDialog = builder.get_object("markDialog") self.markDialogOkButton = \ builder.get_object("markDialogOkButton") self.markDialogCancelButton = \ builder.get_object("markDialogCancelButton") self.markDialogMarkEntry = \ builder.get_object("markDialogMarkEntry") self.markDialogMaskEntry = \ builder.get_object("markDialogMaskEntry") self.serviceBaseDialog = builder.get_object("serviceBaseDialog") self.serviceBaseDialogOkButton = \ builder.get_object("serviceBaseDialogOkButton") self.serviceBaseDialogNameEntry = \ builder.get_object("serviceBaseDialogNameEntry") self.serviceBaseDialogVersionEntry = \ builder.get_object("serviceBaseDialogVersionEntry") self.serviceBaseDialogShortEntry = \ builder.get_object("serviceBaseDialogShortEntry") self.serviceBaseDialogDescText = \ builder.get_object("serviceBaseDialogDescText") self.serviceBaseDialogDescText.get_buffer().connect(\ "changed", self.onServiceBaseDialogChanged) self.icmpDialogIcmpNotebook = \ builder.get_object("icmpDialogIcmpNotebook") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.icmpDialogEditIcmpButton = \ builder.get_object("icmpDialogEditIcmpButton") self.icmpDialogRemoveIcmpButton = \ builder.get_object("icmpDialogRemoveIcmpButton") self.icmpDialogLoadDefaultsIcmpButton = \ builder.get_object("icmpDialogLoadDefaultsIcmpButton") self.icmpDialogIcmpView = \ builder.get_object("icmpDialogIcmpView") self.icmpDialogIcmpStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmpDialogIcmpView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.icmpDialogIcmpView.set_model(self.icmpDialogIcmpStore) self.icmpDialogIcmpStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.icmpDialogIcmpView.get_selection().connect(\ "changed", self.onChangeIcmp) self.icmpDialogDestIpv4Check = \ builder.get_object("icmpDialogDestIpv4Check") self.icmpDialogDestIpv6Check = \ builder.get_object("icmpDialogDestIpv6Check") self.icmpDialogDestIpv4Eventbox = \ builder.get_object("icmpDialogDestIpv4Eventbox") self.icmpDialogDestIpv4Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv4_check_cb) self.icmpDialogDestIpv6Eventbox = \ builder.get_object("icmpDialogDestIpv6Eventbox") self.icmpDialogDestIpv6Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv6_check_cb) self.icmpBaseDialog = builder.get_object("icmpBaseDialog") self.icmpBaseDialogOkButton = \ builder.get_object("icmpBaseDialogOkButton") self.icmpBaseDialogNameEntry = \ builder.get_object("icmpBaseDialogNameEntry") self.icmpBaseDialogVersionEntry = \ builder.get_object("icmpBaseDialogVersionEntry") self.icmpBaseDialogShortEntry = \ builder.get_object("icmpBaseDialogShortEntry") self.icmpBaseDialogDescText = \ builder.get_object("icmpBaseDialogDescText") self.icmpBaseDialogDescText.get_buffer().connect(\ "changed", self.onIcmpBaseDialogChanged) # service dialog self.serviceDialog = builder.get_object("serviceDialog") self.serviceDialogOkButton = builder.get_object("serviceDialogOkButton") self.serviceDialogCancelButton = \ builder.get_object("serviceDialogCancelButton") self.serviceDialogServiceView = \ builder.get_object("serviceDialogServiceView") self.serviceDialogServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceDialogServiceView.append_column( Gtk.TreeViewColumn("Service", Gtk.CellRendererText(), text=0)) self.serviceDialogServiceView.set_model(self.serviceDialogServiceStore) self.serviceDialogServiceView.get_selection().connect( \ "changed", self.change_service_selection_cb) # icmptype dialog self.icmptypeDialog = builder.get_object("icmptypeDialog") self.icmptypeDialogOkButton = \ builder.get_object("icmptypeDialogOkButton") self.icmptypeDialogCancelButton = \ builder.get_object("icmptypeDialogCancelButton") self.icmptypeDialogIcmptypeView = \ builder.get_object("icmptypeDialogIcmptypeView") self.icmptypeDialogIcmptypeStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmptypeDialogIcmptypeView.append_column( Gtk.TreeViewColumn("ICMP Type", Gtk.CellRendererText(), text=0)) self.icmptypeDialogIcmptypeView.set_model( self.icmptypeDialogIcmptypeStore) self.icmptypeDialogIcmptypeView.get_selection().connect( \ "changed", self.change_icmptype_selection_cb) # firewall client self.fw = client.FirewallClient(wait=1) self.__use_exception_handler = True self.fw.setExceptionHandler(self._exception_handler) self.fw.setNotAuthorizedLoop(True) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled_cb) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled_cb) self.fw.connect("connection-changed", self.connection_changed) self.fw.connect("default-zone-changed", self.default_zone_changed_cb) self.fw.connect("reloaded", self.reload_cb) self.fw.connect("lockdown-enabled", self.lockdown_enabled_cb) self.fw.connect("lockdown-disabled", self.lockdown_disabled_cb) self.fw.connect("log-denied-changed", self.log_denied_changed_cb) self.fw.connect("service-added", self.service_added_cb) self.fw.connect("service-removed", self.service_removed_cb) self.fw.connect("port-added", self.port_added_cb) self.fw.connect("port-removed", self.port_removed_cb) self.fw.connect("protocol-added", self.protocol_added_cb) self.fw.connect("protocol-removed", self.protocol_removed_cb) self.fw.connect("source-port-added", self.source_port_added_cb) self.fw.connect("source-port-removed", self.source_port_removed_cb) self.fw.connect("masquerade-added", self.masquerade_added_cb) self.fw.connect("masquerade-removed", self.masquerade_removed_cb) self.fw.connect("forward-port-added", self.forward_port_added_cb) self.fw.connect("forward-port-removed", self.forward_port_removed_cb) self.fw.connect("icmp-block-added", self.icmp_added_cb) self.fw.connect("icmp-block-removed", self.icmp_removed_cb) self.fw.connect("icmp-block-inversion-added", self.icmp_inversion_added_cb) self.fw.connect("icmp-block-inversion-removed", self.icmp_inversion_removed_cb) self.fw.connect("richrule-added", self.richrule_added_cb) self.fw.connect("richrule-removed", self.richrule_removed_cb) self.fw.connect("interface-added", self.interface_added_cb) self.fw.connect("interface-removed", self.interface_removed_cb) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed_cb) self.fw.connect("source-added", self.source_added_cb) self.fw.connect("source-removed", self.source_removed_cb) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed_cb) self.fw.connect("ipset-entry-added", self.ipset_entry_added_cb) self.fw.connect("ipset-entry-removed", self.ipset_entry_removed_cb) self.fw.connect("lockdown-whitelist-command-added", self.lockdown_whitelist_command_added_cb) self.fw.connect("lockdown-whitelist-command-removed", self.lockdown_whitelist_command_removed_cb) self.fw.connect("lockdown-whitelist-context-added", self.lockdown_whitelist_context_added_cb) self.fw.connect("lockdown-whitelist-context-removed", self.lockdown_whitelist_context_removed_cb) self.fw.connect("lockdown-whitelist-uid-added", self.lockdown_whitelist_uid_added_cb) self.fw.connect("lockdown-whitelist-uid-removed", self.lockdown_whitelist_uid_removed_cb) self.fw.connect("lockdown-whitelist-user-added", self.lockdown_whitelist_user_added_cb) self.fw.connect("lockdown-whitelist-user-removed", self.lockdown_whitelist_user_removed_cb) self.fw.connect("direct:chain-added", self.direct_chain_added_cb) self.fw.connect("direct:chain-removed", self.direct_chain_removed_cb) self.fw.connect("direct:rule-added", self.direct_rule_added_cb) self.fw.connect("direct:rule-removed", self.direct_rule_removed_cb) self.fw.connect("direct:passthrough-added", self.direct_passthrough_added_cb) self.fw.connect("direct:passthrough-removed", self.direct_passthrough_removed_cb) self.fw.connect("config:direct:updated", self.direct_updated_cb) self.fw.connect("config:zone-added", self.conf_zone_added_cb) self.fw.connect("config:zone-updated", self.conf_zone_updated_cb) self.fw.connect("config:zone-removed", self.conf_zone_removed_cb) self.fw.connect("config:zone-renamed", self.conf_zone_renamed_cb) self.fw.connect("config:ipset-added", self.conf_ipset_added_cb) self.fw.connect("config:ipset-updated", self.conf_ipset_updated_cb) self.fw.connect("config:ipset-removed", self.conf_ipset_removed_cb) self.fw.connect("config:ipset-renamed", self.conf_ipset_renamed_cb) self.fw.connect("config:service-added", self.conf_service_added_cb) self.fw.connect("config:service-updated", self.conf_service_updated_cb) self.fw.connect("config:service-removed", self.conf_service_removed_cb) self.fw.connect("config:service-renamed", self.conf_service_renamed_cb) self.fw.connect("config:icmptype-added", self.conf_icmp_added_cb) self.fw.connect("config:icmptype-updated", self.conf_icmp_updated_cb) self.fw.connect("config:icmptype-removed", self.conf_icmp_removed_cb) self.fw.connect("config:icmptype-renamed", self.conf_icmp_renamed_cb) self.fw.connect("config:helper-added", self.conf_helper_added_cb) self.fw.connect("config:helper-updated", self.conf_helper_updated_cb) self.fw.connect("config:helper-removed", self.conf_helper_removed_cb) self.fw.connect("config:helper-renamed", self.conf_helper_renamed_cb) self.fw.connect("config:policies:lockdown-whitelist-updated", self.lockdown_whitelist_updated_cb) # settings self.settings.connect("changed::show-ipsets", self.settings_show_ipsets_changed) self.settings_show_ipsets_changed(self.settings, "show-ipsets") self.settings.connect("changed::show-icmp-types", self.settings_show_icmp_types_changed) self.settings_show_icmp_types_changed(self.settings, "show-icmp-types") self.settings.connect("changed::show-direct", self.settings_show_direct_changed) self.settings_show_direct_changed(self.settings, "show-direct") self.settings.connect("changed::show-helpers", self.settings_show_helpers_changed) self.settings_show_helpers_changed(self.settings, "show-helpers") self.settings.connect("changed::show-lockdown-whitelist", self.settings_show_lockdown_whitelist_changed) self.settings_show_lockdown_whitelist_changed(self.settings, "show-lockdown-whitelist") self.settings.connect("changed::show-active-bindings", self.settings_show_active_bindings_changed) self.settings_show_active_bindings_changed(self.settings, "show-active-bindings") # connect self.connections = { } self.connections_name = { } if nm_is_imported(): self.fw.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') else: text = _("No NetworkManager imports available") self._warning(text) self.nm_signal_receiver() # start with no connection self.connection_changed() # mainloop self.mainWindow.show() self.mainloop = GLib.MainLoop() try: self.mainloop.run() except KeyboardInterrupt: self.onQuit() def add_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def remove_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def hide_and_remove_visible_dialogs(self): while len(self.visible_dialogs) > 0: dialog = self.visible_dialogs.pop() dialog.hide() def left_menu_cb(self, widget, menu): menu.show_all() def no_select(self, item): item.deselect() def change_zone_interface_editor(self, item, interface, zone): if interface in self.zone_interface_editors: return self.zone_interface_editors[interface].present() editor = ZoneInterfaceEditor(self.fw, interface, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_interface_editors[interface] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfInterface(editor.get_zone(), interface) del self.zone_interface_editors[interface] def change_zone_connection_editor(self, item, connection, connection_name, zone): if connection in self.zone_connection_editors: return self.zone_connection_editors[connection].present() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_connection_editors[connection] = editor editor.show_all() editor.run() editor.hide() del self.zone_connection_editors[connection] def change_zone_source_editor(self, item, source, zone): if source in self.zone_source_editors: return self.zone_source_editors[source].present() editor = ZoneSourceEditor(self.fw, source, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_source_editors[source] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfSource(editor.get_zone(), source) del self.zone_source_editors[source] def onViewIPSet_toggled(self, button): self.settings.set_boolean("show-ipsets", button.get_active()) def settings_show_ipsets_changed(self, settings, key): self.show_ipsets = settings.get_boolean(key) self.ipsetsBox.set_visible(self.show_ipsets) self.ipsetsMenuitem.set_active(self.show_ipsets) if self.show_ipsets: if self.fw.connected: self.load_ipsets() else: self.ipsetConfIPSetStore.clear() def onViewICMPTypes_toggled(self, button): self.settings.set_boolean("show-icmp-types", button.get_active()) def settings_show_icmp_types_changed(self, settings, key): self.show_icmp_types = settings.get_boolean(key) self.icmpTypesBox.set_visible(self.show_icmp_types) self.icmpTypesMenuitem.set_active(self.show_icmp_types) if self.show_icmp_types: if self.fw.connected: self.load_icmps() else: self.icmpDialogIcmpStore.clear() def onViewHelpers_toggled(self, button): self.settings.set_boolean("show-helpers", button.get_active()) def settings_show_helpers_changed(self, settings, key): self.show_helpers = settings.get_boolean(key) self.helpersBox.set_visible(self.show_helpers) self.helpersMenuitem.set_active(self.show_helpers) if self.show_helpers: if self.fw.connected: self.load_helpers() else: self.helperConfHelperStore.clear() def onViewDirect_toggled(self, button): self.settings.set_boolean("show-direct", button.get_active()) def settings_show_direct_changed(self, settings, key): self.show_direct = settings.get_boolean(key) self.directBox.set_visible(self.show_direct) self.directMenuitem.set_active(self.show_direct) if self.show_direct: if self.fw.connected: self.load_direct() else: self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() def onViewLockdownWhitelist_toggled(self, button): self.settings.set_boolean("show-lockdown-whitelist", button.get_active()) def settings_show_lockdown_whitelist_changed(self, settings, key): self.show_lockdown_whitelist = settings.get_boolean(key) self.lockdownWhitelistBox.set_visible(self.show_lockdown_whitelist) self.lockdownWhitelistMenuitem.set_active(self.show_lockdown_whitelist) if self.show_lockdown_whitelist: if self.fw.connected: self.load_lockdown_whitelist() else: self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() def settings_show_active_bindings_changed(self, settings, key): self.show_active_bindings = settings.get_boolean(key) self.activeBindingsMenuitem.set_active(self.show_active_bindings) if self.show_active_bindings != self.bindingsExpander.get_expanded(): self.bindingsExpander.set_expanded(self.show_active_bindings) def onViewActiveBindings_toggled(self, button): self.settings.set_boolean("show-active-bindings", button.get_active()) def bindings_expander_changed(self, *args): self.show_active_bindings = self.bindingsExpander.get_expanded() self.settings.set_boolean("show-active-bindings", self.show_active_bindings) self.activeBindingsMenuitem.set_active(self.show_active_bindings) def nm_signal_receiver(self, *args, **kwargs): #print("nm_signal_receiver", args, kwargs) self.update_active_zones() self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): try: nm_get_connections(self.connections, self.connections_name) except Exception: text = _("Failed to get connections from NetworkManager") self._warning(text) iter = self.interfaceStore.get_iter_first() while iter: interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) if zone == "": comment = self.default_zone_used_by_label % \ connection_name else: comment = self.used_by_label % connection_name self.interfaceStore.set_value(iter, 1, comment) iter = self.interfaceStore.iter_next(iter) self.change_interface_selection_cb(self.interfaceView.get_selection()) def _dialog(self, text, msg=None, title=None, message_type=Gtk.MessageType.INFO, buttons=[("gtk-close", 1)]): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=message_type) dialog.set_markup(text) if title: dialog.set_title(title) if msg: dialog.format_secondary_markup(msg) if len(buttons) > 0: for button,id in buttons: dialog.add_button(button, id) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) result = dialog.run() dialog.hide() return result def _warning(self, msg): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=Gtk.MessageType.WARNING) dialog.set_markup("" + _("Warning") + "") dialog.format_secondary_markup(msg) dialog.add_button("gtk-close", 1) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) dialog.run() dialog.hide() def _error(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=(("gtk-ok", 0),("gtk-quit", 1))) == 1: self.onQuit() def connection_failed(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=[("gtk-quit", 1)]) == 1: self.onQuit() def connection_changed(self): if self.connection_timer: GLib.source_remove(self.connection_timer) self.connection_timer = None if self.fw.connected: self.fw.authorizeAll() self.statusLabel.set_text(self.connected_label) self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) lockdown = self.fw.queryLockdown() if lockdown: self.lockdownLabel.set_text(self.enabled) else: self.lockdownLabel.set_text(self.disabled) panic = self.fw.queryPanicMode() if panic: self.panicLabel.set_text(self.enabled) else: self.panicLabel.set_text(self.disabled) self.modifiedLabel.set_text("") self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(lockdown) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(panic) self.panicMenuitem.handler_unblock(self.panic_check_id) self.nf_conntrack_helpers = \ self.fw.get_property("nf_conntrack_helpers") for x in self.nf_conntrack_helpers.keys(): self.moduleDialogModuleCombobox.append_text(x) if self.connection_lost: self.onChangeView() else: self.currentViewCombobox.set_active(0) self.waitingWindow.hide() self.waitingWindowSpinner.stop() else: if self.statusLabel.get_text() == self.connected_label: self.connection_lost = True self.statusLabel.set_text(self.trying_to_connect_label) self.defaultZoneLabel.set_text("-") self.lockdownLabel.set_text("-") self.panicLabel.set_text("-") self.moduleDialogModuleCombobox.remove_all() self.nf_conntrack_helpers.clear() self.hide_and_remove_visible_dialogs() self.waitingWindow.show() self.waitingWindowLabel.set_text(self.trying_to_connect_label) self.waitingWindowSpinner.start() self.connection_timer = GLib.timeout_add_seconds( 15, self.connection_failed, self.failed_to_connect_label) self.update_active_zones() self.mainPaned.set_sensitive(self.fw.connected) # make all entries in options menu (in)sensitive for child in self.optionsMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) # make all entries in view menu (in)sensitive for child in self.viewMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) def changes_applied(self): self.modifiedLabel.set_text(self.changes_applied_label) if self.modified_timer: GLib.source_remove(self.modified_timer) self.modified_timer = GLib.timeout_add_seconds( 5, self.clear_changes_applied, None) def clear_changes_applied(self, *args): self.modifiedLabel.set_text("") self.modified_timer = None def panic_mode_enabled_cb(self): self.panicLabel.set_text(self.enabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(True) self.panicMenuitem.handler_unblock(self.panic_check_id) def panic_mode_disabled_cb(self): self.panicLabel.set_text(self.disabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(False) self.panicMenuitem.handler_unblock(self.panic_check_id) def reload_cb(self): self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() self.update_active_zones() def load_zones(self): selected_zone = self.get_selected_zone() if self.runtime_view: zones = self.fw.getZones() else: zones = self.fw.config().getZoneNames() # reset and fill notebook content according to view selection = self.zoneView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) self.zoneStore.clear() self.serviceStore.clear() self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.icmpStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() if self.runtime_view: for item in self.fw.listServices(): self.serviceStore.append([False, item]) for item in self.fw.listIcmpTypes(): self.icmpStore.append([False, item]) else: for item in self.fw.config().getServiceNames(): self.serviceStore.append([False, item]) for item in self.fw.config().getIcmpTypeNames(): self.icmpStore.append([False, item]) # zones active_zones = self.active_zones.keys() for zone in zones: if zone in active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) if selected_zone in zones: _zone = selected_zone else: _zone = self.defaultZoneLabel.get_text() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == _zone: selection.select_iter(iter) return iter = self.zoneStore.iter_next(iter) # fallback selection.select_path(0) if not self.get_selected_zone(): self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) def get_active_service(self): selection = self.serviceConfServiceView.get_selection() (model, iter) = selection.get_selected() if iter: return self.serviceConfServiceStore.get_value(iter, 0) return None def load_services(self): active_service = self.get_active_service() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() selection = self.serviceConfServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.serviceConfServiceStore.clear() # services for service in services: self.serviceConfServiceStore.append([service]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == \ active_service: selection.select_iter(iter) return iter = self.serviceConfServiceStore.iter_next(iter) selection.select_path(0) if not self.get_active_service(): self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) def change_rich_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editRichRuleButton.set_sensitive(True) self.removeRichRuleButton.set_sensitive(True) else: self.editRichRuleButton.set_sensitive(False) self.removeRichRuleButton.set_sensitive(False) def service_added_cb(self, zone, service, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, True) break iter = self.serviceStore.iter_next(iter) def service_removed_cb(self, zone, service): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, False) break iter = self.serviceStore.iter_next(iter) def service_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addService(selected_zone, name) else: self.fw.removeService(selected_zone, name) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addService(name) else: zone.removeService(name) self.changes_applied() def change_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editPortButton.set_sensitive(True) self.removePortButton.set_sensitive(True) else: self.editPortButton.set_sensitive(False) self.removePortButton.set_sensitive(False) def change_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourcePortButton.set_sensitive(True) self.removeSourcePortButton.set_sensitive(True) else: self.editSourcePortButton.set_sensitive(False) self.removeSourcePortButton.set_sensitive(False) def change_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editProtocolButton.set_sensitive(True) self.removeProtocolButton.set_sensitive(True) else: self.editProtocolButton.set_sensitive(False) self.removeProtocolButton.set_sensitive(False) def change_forward_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editForwardButton.set_sensitive(True) self.removeForwardButton.set_sensitive(True) else: self.editForwardButton.set_sensitive(False) self.removeForwardButton.set_sensitive(False) def masquerade_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.masqueradeCheck.get_active(): if not self.fw.queryMasquerade(selected_zone): self.fw.addMasquerade(selected_zone) self.changes_applied() else: if self.fw.queryMasquerade(selected_zone): self.fw.removeMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setMasquerade(not self.masqueradeCheck.get_active()) self.changes_applied() def masquerade_added_cb(self, zone, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(True) def masquerade_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(False) def icmp_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addIcmpBlock(selected_zone, name) else: self.fw.removeIcmpBlock(selected_zone, name) else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addIcmpBlock(name) else: zone.removeIcmpBlock(name) self.changes_applied() def icmp_added_cb(self, zone, icmp, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, True) break iter = self.icmpStore.iter_next(iter) def icmp_removed_cb(self, zone, icmp): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, False) break iter = self.icmpStore.iter_next(iter) def icmp_block_inversion_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.icmpBlockInversionCheck.get_active(): if not self.fw.queryIcmpBlockInversion(selected_zone): self.fw.addIcmpBlockInversion(selected_zone) self.changes_applied() else: if self.fw.queryIcmpBlockInversion(selected_zone): self.fw.removeIcmpBlockInversion(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setIcmpBlockInversion(not self.icmpBlockInversionCheck.get_active()) self.changes_applied() def icmp_inversion_added_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(True) def icmp_inversion_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(False) def _add_rich_rule(self, obj): family = "all" priority = 0 src = "" dest = "" elem = "" log = "" audit = "" action = "" if obj.family: family = obj.family if obj.priority: priority = obj.priority if obj.action: if type(obj.action) == rich.Rich_Accept: action = _("accept") elif type(obj.action) == rich.Rich_Reject: action = _("reject") if obj.action.type is not None: action += "\n" + obj.action.type elif type(obj.action) == rich.Rich_Drop: action = _("drop") elif type(obj.action) == rich.Rich_Mark: action = _("mark") action += "\nset " + obj.action.set if obj.action.limit: action += "\n" + _("limit") + " " + obj.action.limit.value if obj.source: if obj.source.invert: src = "! " if obj.source.addr: src += "IP: %s" % obj.source.addr elif obj.source.mac: src += "MAC: %s" % obj.source.mac elif obj.source.ipset: src += "ipset:%s" % obj.source.ipset if obj.destination: dest = obj.destination.addr if obj.destination.invert: dest = "! %s" % dest if obj.element: if type(obj.element) == rich.Rich_Service: elem = _("service") + "\n" + obj.element.name elif type(obj.element) == rich.Rich_Port: elem = _("port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) elif type(obj.element) == rich.Rich_Protocol: elem = _("protocol") + "\n" + obj.element.value elif type(obj.element) == rich.Rich_Masquerade: elem = _("masquerade") elif type(obj.element) == rich.Rich_IcmpBlock: elem = _("icmp-block") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_IcmpType: elem = _("icmp-type") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_ForwardPort: elem = _("forward-port") + "\n%s" % self.create_fwp_string( obj.element.port, obj.element.protocol, obj.element.to_port, obj.element.to_address) elif type(obj.element) == rich.Rich_SourcePort: elem = _("source-port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) else: elem = str(obj.element) if obj.log: if obj.log.prefix: log = '"%s"' % obj.log.prefix if obj.log.level: log += "\n" + _("level") + " " + obj.log.level if obj.log.limit: log += "\n" + _("limit") + " " + obj.log.limit.value if log == "": log = _("yes") if obj.audit: if obj.audit.limit: audit += "\n" + _("limit") + " " + obj.audit.limit.value if audit == "": audit = _("yes") self.richRuleStore.append([obj, family, priority, action, elem, src, dest, log, audit]) def richrule_added_cb(self, zone, rule, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): # already there return iter = self.richRuleStore.iter_next(iter) # nothing found, so add it self._add_rich_rule(obj) def richrule_removed_cb(self, zone, rule): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): self.richRuleStore.remove(iter) break iter = self.richRuleStore.iter_next(iter) def _add_interface(self, interface): comment = "" if interface in self.connections: zone = nm_get_zone_of_connection(self.connections[interface]) if zone == "": comment = self.default_zone_used_by_label % \ self.connections[interface] else: comment = self.used_by_label % self.connections[interface] self.interfaceStore.append([interface, comment]) def interface_added_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # already there return iter = self.interfaceStore.iter_next(iter) # nothing found, so add it self._add_interface(interface) def interface_removed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: self.interfaceStore.remove(iter) break iter = self.interfaceStore.iter_next(iter) def zone_of_interface_changed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view: return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # it is here, remove it self.interfaceStore.remove(iter) iter = self.interfaceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self._add_interface(interface) def source_added_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # already there return iter = self.sourceStore.iter_next(iter) # nothing found, so add it self.sourceStore.append([source]) def source_removed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: self.sourceStore.remove(iter) break iter = self.sourceStore.iter_next(iter) def zone_of_source_changed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view: return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # it is here, remove it self.sourceStore.remove(iter) iter = self.sourceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self.sourceStore.append([source]) def conf_zone_added_cb(self, zone): if self.runtime_view: return # check if zone is in store iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: return iter = self.zoneStore.iter_next(iter) # not in list, append if zone in self.active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.zoneView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_zone_updated_cb(self, zone): if self.runtime_view or zone != self.get_selected_zone(): return self.onChangeZone() def conf_zone_removed_cb(self, zone): if self.runtime_view: return iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: self.zoneStore.remove(iter) break iter = self.zoneStore.iter_next(iter) def conf_zone_renamed_cb(self, zone): if self.runtime_view: return # Get all zones, renamed the one that is missing. # If more or less than one is missing, update zone store. zones = self.fw.config().getZoneNames() use_iter = None iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) not in zones: if use_iter is not None: return self.load_zones() use_iter = iter iter = self.zoneStore.iter_next(iter) if use_iter is None: return self.load_zones() self.zoneStore.set_value(use_iter, 0, zone) def deactivate_exception_handler(self): self.__use_exception_handler = False def activate_exception_handler(self): self.__use_exception_handler = True def _exception_handler(self, exception_message): if not self.__use_exception_handler: raise if "NotAuthorizedException" in exception_message: self._error(_("Authorization failed.")) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", functions.b2u(_("Invalid name"))) self._warning(msg) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace( "NAME_CONFLICT", functions.b2u(_("Name already exists"))) self._warning(msg) elif "NO_DEFAULTS" in exception_message: pass else: self._error(exception_message) def get_selected_zone(self): selection = self.zoneView.get_selection() (model, iter) = selection.get_selected() if iter: return self.zoneStore.get_value(iter, 0) return None def onQuit(self, *args): self.mainloop.quit() sys.exit() def onAbout(self, *args): self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.show_all() self.aboutDialog.run() self.aboutDialog.hide() def onReloadFirewalld(self, *args): self.fw.reload() def onChangeView(self, *args): # Fix interaction problem of changed event of gtk combobox with # polkit-kde by processing all remaining events. # # The changed callback is signaled before the popup window has been # destroyed and before the focus (keyboard and mouse) has been reset. # This results in a deadlock in KDE and Qt, because the polkit KDE # agent can not get the focus and the user has no chance to enter the # desired password into the agent and is also not able to close the # agent with the mouse. The focus is still on the combobox popup. Gdk.DisplayManager.get().get_default_display().flush() self.fw.authorizeAll() self.runtime_view = (self.currentViewCombobox.get_active_text() == \ _("Runtime")) self.zoneEditBox.set_sensitive(not self.runtime_view) self.serviceConfDestinationGrid.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv4Check.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv6Check.set_sensitive(not self.runtime_view) self.ipsetConfEntryBox.set_sensitive(False) if self.runtime_view: self.zoneEditBox.hide() self.ipsetConfIPSetEditBox.hide() self.serviceConfServiceEditBox.hide() self.serviceConfPortBox.hide() self.serviceConfProtocolBox.hide() self.serviceConfSourcePortBox.hide() self.serviceConfModuleBox.hide() self.icmpDialogIcmpEditBox.hide() self.helperConfHelperEditBox.hide() self.helperConfPortBox.hide() else: self.zoneEditBox.show() self.ipsetConfIPSetEditBox.show() self.serviceConfServiceEditBox.show() self.serviceConfPortBox.show() self.serviceConfProtocolBox.show() self.serviceConfSourcePortBox.show() self.serviceConfModuleBox.show() self.icmpDialogIcmpEditBox.show() self.helperConfHelperEditBox.show() self.helperConfPortBox.show() self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu left_menu_children = self.left_menu.get_children() for child in left_menu_children: self.left_menu.remove(child) child.destroy() # add connecitons entry item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Connections"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if self.fw.connected: self.active_zones = self.fw.getActiveZones() else: self.active_zones = { } # clean bindingsView, leave connections, interfaces and sources entries self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.NONE) iter = self.bindingsStore.iter_children(self.connectionsIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.connectionsIter) iter = self.bindingsStore.iter_children(self.interfacesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.interfacesIter) iter = self.bindingsStore.iter_children(self.sourcesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.sourcesIter) self.changeBindingsButton.set_sensitive(False) # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in connections: zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, [ interface, ] ] else: connections[connection][1].append(interface) # add NM controlled entries for connection in sorted(connections): [ zone, _interfaces ] = connections[connection] connection_name = self.connections_name[connection] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() if zone == "": label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Default Zone")), self.default_zone)) else: label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_connection_editor, connection, connection_name, zone) self.left_menu.append(item) if zone == "": self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Default Zone: %s") % self.default_zone), connection, zone ]) else: self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Zone: %s") % zone), connection, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Interfaces"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(interfaces) > 0: # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (interface, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_interface_editor, interface, zone) self.left_menu.append(item) self.bindingsStore.append( self.interfacesIter, [ "%s\n%s" % (interface, _("Zone: %s") % zone), interface, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Sources"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(sources) > 0: for source in sorted(sources): zone = sources[source] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (source, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_source_editor, source, zone) self.left_menu.append(item) self.bindingsStore.append( self.sourcesIter, [ "%s\n%s" % (source, _("Zone: %s") % zone), source, zone ]) self.bindingsView.expand_all() self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) in self.active_zones.keys(): self.zoneStore.set_value(iter, 1, Pango.Weight.BOLD) else: self.zoneStore.set_value(iter, 1, Pango.Weight.NORMAL) iter = self.zoneStore.iter_next(iter) def onChangeDefaultZone(self, *args): self.defaultZoneStore.clear() zones = self.fw.getZones() # self.default_zone = self.fw.getDefaultZone() for zone in zones: if zone == self.default_zone: self.defaultZoneStore.append([zone, Pango.Weight.BOLD]) else: self.defaultZoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.defaultZoneView.get_selection() if self.default_zone in zones: selection.select_path(zones.index(self.default_zone)) else: selection.set_mode(Gtk.SelectionMode.NONE) self.defaultZoneDialogOkButton.set_sensitive(False) self.defaultZoneDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.defaultZoneDialog.set_transient_for(self.mainWindow) self.defaultZoneDialog.show_all() self.add_visible_dialog(self.defaultZoneDialog) result = self.defaultZoneDialog.run() self.defaultZoneDialog.hide() self.remove_visible_dialog(self.defaultZoneDialog) if result == 1: (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] if new_default_zone != self.default_zone: self.fw.setDefaultZone(new_default_zone) self.default_zone = new_default_zone self.changes_applied() def on_logDeniedDialogValueCombobox_changed(self, combo): self.logDeniedDialogOkButton.set_sensitive( combo.get_active_text() != self.log_denied) def onChangeLogDenied(self, *args): combobox_select_text(self.logDeniedDialogValueCombobox, self.fw.getLogDenied()) self.logDeniedDialogOkButton.set_sensitive(False) self.logDeniedDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.logDeniedDialog.set_transient_for(self.mainWindow) self.logDeniedDialog.show_all() self.add_visible_dialog(self.logDeniedDialog) result = self.logDeniedDialog.run() self.logDeniedDialog.hide() self.remove_visible_dialog(self.logDeniedDialog) if result == 1: value = self.logDeniedDialogValueCombobox.get_active_text() if value != self.log_denied: self.fw.setLogDenied(value) self.log_denied = value self.changes_applied() def log_denied_changed_cb(self, value): self.logDeniedLabel.set_text(value) combobox_select_text(self.logDeniedDialogValueCombobox, value) def set_automaticHelpersLabel(self, value): if value == "system": self.automaticHelpersLabel.set_text( "%s (%s)" % (value, { 0:"off", 1:"on" }[ self.fw.get_property("nf_conntrack_helper_setting")])) else: self.automaticHelpersLabel.set_text(value) def on_automaticHelpersDialogValueCombobox_changed(self, combo): self.automaticHelpersDialogOkButton.set_sensitive( combo.get_active_text() != self.automatic_helpers) def onChangeAutomaticHelpers(self, *args): combobox_select_text(self.automaticHelpersDialogValueCombobox, self.fw.getAutomaticHelpers()) self.automaticHelpersDialogOkButton.set_sensitive(False) self.automaticHelpersDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.automaticHelpersDialog.set_transient_for(self.mainWindow) self.automaticHelpersDialog.show_all() self.add_visible_dialog(self.automaticHelpersDialog) result = self.automaticHelpersDialog.run() self.automaticHelpersDialog.hide() self.remove_visible_dialog(self.automaticHelpersDialog) if result == 1: value = self.automaticHelpersDialogValueCombobox.get_active_text() if value != self.automatic_helpers: self.fw.setAutomaticHelpers(value) self.automatic_helpers = value self.changes_applied() def automatic_helpers_changed_cb(self, value): self.set_automaticHelpersLabel(value) combobox_select_text(self.automaticHelpersDialogValueCombobox, value) def onRuntimeToPermanent(self, *args): self.fw.runtimeToPermanent() def on_defaultZoneViewSelection_changed(self, selection): (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] self.defaultZoneDialogOkButton.set_sensitive( \ new_default_zone != self.default_zone) def default_zone_changed_cb(self, zone): self.default_zone = zone self.defaultZoneLabel.set_text(zone) self.update_active_zones() def onSelectBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: self.changeBindingsButton.set_sensitive(False) return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: selection.unselect_all() self.changeBindingsButton.set_sensitive(False) #self.editBindingsButton.set_sensitive(False) return if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(False) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) def onBindingClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onChangeBinding() def onChangeBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: return item = self.bindingsStore.get_value(iter, 1) zone = self.bindingsStore.get_value(iter, 2) if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.change_zone_connection_editor(None, item, self.connections_name[item], zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.change_zone_interface_editor(None, item, zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.change_zone_source_editor(None, item, zone) #def onEditBindingClicked(self, widget, event): # if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: # self.onEditBinding() #def onEditBinding(self, *args): # return def onChangeZone(self, *args): selected_zone = self.get_selected_zone() ### load zone settings self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.sourcePortStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() self.serviceView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.portView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.zoneNotebook.set_tooltip_markup("") if not selected_zone: self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) iter = self.serviceStore.get_iter_first() while iter: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) self.masqueradeCheck.set_active(False) iter = self.icmpStore.get_iter_first() while iter: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(False) return self.zoneEditEditButton.set_sensitive(True) self.zoneNotebook.set_sensitive(True) if self.runtime_view: # load runtime configuration try: settings = self.fw.getZoneSettings(selected_zone) except: return default = False builtin = False else: # load permanent configuration try: zone = self.fw.config().getZoneByName(selected_zone) except: return settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] services = settings.getServices() ports = settings.getPorts() protocols = settings.getProtocols() masquerade = settings.getMasquerade() forward_ports = settings.getForwardPorts() source_ports = settings.getSourcePorts() icmpblocks = settings.getIcmpBlocks() rules = settings.getRichRules() interfaces = settings.getInterfaces() sources = settings.getSources() icmp_block_inversion = settings.getIcmpBlockInversion() self.zoneNotebook.set_sensitive(True) self.zoneEditRemoveButton.set_sensitive(not builtin and default) self.zoneEditLoadDefaultsButton.set_sensitive(not default) # set services _services = services[:] iter = self.serviceStore.get_iter_first() while iter: name = self.serviceStore.get_value(iter, 1) if name in _services: self.serviceStore.set_value(iter, 0, True) _services.remove(name) else: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) # handle unknown services for name in _services: text = _("Zone '%s': Service '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1), (_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeService(selected_zone, name) else: settings.removeService(name) zone.update(settings) self.changes_applied() # set ports for item in ports: self.portStore.append(item) # set protocols for item in protocols: self.protocolStore.append([item]) # set masquerade self.masqueradeCheck.set_active(masquerade) # set forward ports for item in forward_ports: self.forwardStore.append(item) # set source ports for item in source_ports: self.sourcePortStore.append(item) # set icmpblocks _icmpblocks = icmpblocks[:] iter = self.icmpStore.get_iter_first() while iter: name = self.icmpStore.get_value(iter, 1) if name in _icmpblocks: self.icmpStore.set_value(iter, 0, True) _icmpblocks.remove(name) else: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(icmp_block_inversion) # handle unknown icmpblocks for name in _icmpblocks: text = _("Zone '%s': ICMP type '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1),(_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeIcmpBlock(selected_zone, name) else: settings.removeIcmpBlock(name) zone.update(settings) self.changes_applied() # set rich rules for item in rules: rule = rich.Rich_Rule(rule_str=item) self._add_rich_rule(rule) # set interfaces for item in interfaces: self._add_interface(item) # set sources for item in sources: self.sourceStore.append([item]) self.serviceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.portView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.interfaceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) def onAddZone(self, *args): if self.runtime_view: return self.add_edit_zone(True) def onRemoveZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.remove() self.changes_applied() self.load_zones() self.onChangeZone() def onEditZone(self, *args): if self.runtime_view: return self.add_edit_zone(False) def onLoadDefaultsZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.loadDefaults() self.changes_applied() self.onChangeZone() def entry_changed(self, entry, allowed_chars, modify=None): "Remove all disallowed characters and truncate length." origtext = entry.get_text() newtext = origtext for char in origtext: if char not in allowed_chars: newtext = newtext.replace(char, "") OK = len(newtext) > 0 if modify: OK, newtext = modify(newtext) if newtext != origtext: entry.set_text(newtext) return OK def onZoneBaseDialogChanged(self, *args): def check_zone_name(zone): max_len = functions.max_zone_name_len() parts = zone.split('/') if len(parts) < 2: return (True, zone) if len(parts[0]) > max_len: parts[0] = parts[0][:max_len] zone = '/'.join(parts[:2]) OK = len(zone) > 1 and zone[0] != '/' and zone[-1] != '/' return (OK, zone) OK=True if args and (args[0] == self.zoneBaseDialogNameEntry): additional_chars = "".join(Zone.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_zone_name) self.zoneBaseDialogOkButton.set_sensitive(OK) def onZoneBaseDialogTargetCheckToggled(self, check): val = check.get_active() self.zoneBaseDialogTargetCombobox.set_sensitive(not val) def add_edit_zone(self, add): l = functions.max_zone_name_len() self.zoneBaseDialogNameEntry.set_max_length(l) self.zoneBaseDialogNameEntry.set_width_chars(l) self.zoneBaseDialogNameEntry.set_max_width_chars(l) if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_target = None self.zoneBaseDialogNameEntry.set_text("") self.zoneBaseDialogVersionEntry.set_text("") self.zoneBaseDialogShortEntry.set_text("") self.zoneBaseDialogDescText.get_buffer().set_text("") self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] old_name = zone.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_target = settings.getTarget() self.zoneBaseDialogNameEntry.set_text(old_name) self.zoneBaseDialogVersionEntry.set_text(old_version) self.zoneBaseDialogShortEntry.set_text(old_short) self.zoneBaseDialogDescText.get_buffer().set_text(old_desc) if old_target == "default" or \ old_target == DEFAULT_ZONE_TARGET: self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: self.zoneBaseDialogTargetCheck.set_active(False) combobox_select_text(self.zoneBaseDialogTargetCombobox, old_target if old_target != "%%REJECT%%" else "REJECT") self.zoneBaseDialogOkButton.set_sensitive(False) if builtin: self.zoneBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in zone, rename not supported.")) else: self.zoneBaseDialogNameEntry.set_tooltip_markup("") self.zoneBaseDialogNameEntry.set_sensitive(not builtin and default) self.zoneBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.zoneBaseDialog.set_transient_for(self.mainWindow) self.zoneBaseDialog.show_all() self.add_visible_dialog(self.zoneBaseDialog) result = self.zoneBaseDialog.run() self.zoneBaseDialog.hide() self.remove_visible_dialog(self.zoneBaseDialog) if result != 1: return name = self.zoneBaseDialogNameEntry.get_text() version = self.zoneBaseDialogVersionEntry.get_text() short = self.zoneBaseDialogShortEntry.get_text() buffer = self.zoneBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) target = "default" # this has been DEFAULT_ZONE_TARGET before if not self.zoneBaseDialogTargetCheck.get_active(): target = self.zoneBaseDialogTargetCombobox.get_active_text() if target == "REJECT": target = "%%REJECT%%" if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_target == target: # no changes return if not add: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() else: settings = client.FirewallClientZoneSettings() if old_version != version or old_short != short or \ old_desc != desc or old_target != target: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setTarget(target) if not add: zone.update(settings) if not add: if old_name == name: return zone.rename(name) else: self.fw.config().addZone(name, settings) self.changes_applied() def onAddRichRule(self, *args): self.add_edit_rich_rule(True) def onEditRichRule(self, *args): self.add_edit_rich_rule(False) def onRichRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_rich_rule(False) def onRemoveRichRule(self, *args): selected_zone = self.get_selected_zone() selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return obj = self.richRuleStore.get_value(iter, 0) if self.runtime_view: self.fw.removeRichRule(selected_zone, str(obj)) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeRichRule(str(obj)) self.changes_applied() def add_edit_rich_rule(self, add): self.richRuleDialogFamilyCombobox.set_active(0) self.richRuleDialogPriorityEntry.set_value(0) self.richRuleDialogElementCheck.set_active(False) self.richRuleDialogElementCombobox.set_active(0) self.richRuleDialogElementChooser.set_text("") self.richRuleDialogActionCheck.set_active(False) self.richRuleDialogActionCombobox.set_active(0) self.richRuleDialogActionRejectTypeCheck.set_active(False) self.richRuleDialogActionRejectTypeCombobox.set_active(0) self.richRuleDialogActionMarkChooser.set_text("") self.richRuleDialogActionLimitCheck.set_active(False) self.richRuleDialogActionLimitRateEntry.set_text("") self.richRuleDialogActionLimitDurationCombobox.set_active(0) self.richRuleDialogSourceInvertCheck.set_active(False) self.richRuleDialogSourceTypeCombobox.set_active(0) self.richRuleDialogSourceChooser.set_text("") self.richRuleDialogDestinationInvertCheck.set_active(False) self.richRuleDialogDestinationChooser.set_text("") self.richRuleDialogLogCheck.set_active(False) self.richRuleDialogLogPrefixEntry.set_text("") self.richRuleDialogLogLevelCombobox.set_active(4) self.richRuleDialogLogLimitCheck.set_active(False) self.richRuleDialogLogLimitRateEntry.set_text("") self.richRuleDialogLogLimitDurationCombobox.set_active(0) self.richRuleDialogAuditCheck.set_active(False) self.richRuleDialogAuditLimitCheck.set_active(False) self.richRuleDialogAuditLimitRateEntry.set_text("") self.richRuleDialogAuditLimitDurationCombobox.set_active(0) smhd = { "s": _("second"), "m": _("minute"), "h": _("hour"), "d": _("day") } loglevel = { "emerg": _("emergency"), "alert": _("alert"), "crit": _("critical"), "error": _("error"), "warning": _("warning"), "notice": _("notice"), "info": _("info"), "debug": _("debug"), } selected_zone = self.get_selected_zone() old_obj = None iter = None if not add: selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_obj = self.richRuleStore.get_value(iter, 0) self.richRuleDialog.old_obj = old_obj if old_obj: if old_obj.family in [ "ipv4", "ipv6" ]: combobox_select_text(self.richRuleDialogFamilyCombobox, old_obj.family, insensitive=True) if old_obj.priority != 0: self.richRuleDialogPriorityEntry.set_value(old_obj.priority) if old_obj.element: self.richRuleDialogElementCheck.set_active(True) # element if type(old_obj.element) == rich.Rich_Service: combobox_select_text(self.richRuleDialogElementCombobox, _("service")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_Port: combobox_select_text(self.richRuleDialogElementCombobox, _("port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) elif type(old_obj.element) == rich.Rich_Protocol: combobox_select_text(self.richRuleDialogElementCombobox, _("protocol")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.value) elif type(old_obj.element) == rich.Rich_Masquerade: combobox_select_text(self.richRuleDialogElementCombobox, _("masquerade")) elif type(old_obj.element) == rich.Rich_IcmpBlock: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-block")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_IcmpType: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-type")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_ForwardPort: combobox_select_text(self.richRuleDialogElementCombobox, _("forward-port")) s = "%s/%s" % (old_obj.element.port, old_obj.element.protocol) if old_obj.element.to_port != "": s += " >%s" % old_obj.element.to_port if old_obj.element.to_address != "": s += " @%s" % old_obj.element.to_address self.richRuleDialogElementChooser.set_text(s) elif type(old_obj.element) == rich.Rich_SourcePort: combobox_select_text(self.richRuleDialogElementCombobox, _("source-port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) # action if old_obj.action: self.richRuleDialogActionCheck.set_active(True) action = None if type(old_obj.action) == rich.Rich_Accept: action = _("accept") elif type(old_obj.action) == rich.Rich_Reject: action = _("reject") self.richRuleDialogActionRejectTypeCombobox.remove_all() if old_obj.family is not None: for icmp in REJECT_TYPES[old_obj.family]: self.richRuleDialogActionRejectTypeCombobox. \ append(icmp, icmp) if old_obj.action.type: self.richRuleDialogActionRejectTypeCheck. \ set_active(True) self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[old_obj.family][0]) elif type(old_obj.action) == rich.Rich_Drop: action = _("drop") elif type(old_obj.action) == rich.Rich_Mark: action = _("mark") self.richRuleDialogActionMarkChooser.set_text(old_obj.action.set) combobox_select_text(self.richRuleDialogActionCombobox, action) if old_obj.action.limit: self.richRuleDialogActionLimitCheck.set_active(True) (rate, duration) = old_obj.action.limit.value.split("/") self.richRuleDialogActionLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogActionLimitDurationCombobox, smhd[duration], insensitive=True) # source if old_obj.source: if old_obj.source.addr: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "IP") self.richRuleDialogSourceChooser.set_text(old_obj.source.addr) elif old_obj.source.mac: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "MAC") self.richRuleDialogSourceChooser.set_text(old_obj.source.mac) elif old_obj.source.ipset: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "ipset") self.richRuleDialogSourceChooser.set_text(old_obj.source.ipset) self.richRuleDialogSourceInvertCheck.set_active( \ old_obj.source.invert) # destination if old_obj.destination: self.richRuleDialogDestinationChooser.set_text( \ old_obj.destination.addr) self.richRuleDialogDestinationInvertCheck.set_active( \ old_obj.destination.invert) # log if old_obj.log: self.richRuleDialogLogCheck.set_active(True) if old_obj.log.prefix: self.richRuleDialogLogPrefixEntry.set_text( \ old_obj.log.prefix) log_level = "warning" if old_obj.log.level and old_obj.log.level != log_level: log_level = old_obj.log.level combobox_select_text(self.richRuleDialogLogLevelCombobox, loglevel[log_level]) if old_obj.log.limit: self.richRuleDialogLogLimitCheck.set_active(True) (rate, duration) = old_obj.log.limit.value.split("/") self.richRuleDialogLogLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogLogLimitDurationCombobox, smhd[duration], insensitive=True) # audit if old_obj.audit: self.richRuleDialogAuditCheck.set_active(True) if old_obj.audit.limit: self.richRuleDialogAuditLimitCheck.set_active(True) (rate, duration) = old_obj.audit.limit.value.split("/") self.richRuleDialogAuditLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogAuditLimitDurationCombobox, smhd[duration], insensitive=True) self.richRuleDialogOkButton.set_sensitive(False) self.on_richRuleDialog_changed() self.richRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.richRuleDialog.set_transient_for(self.mainWindow) self.richRuleDialog.show_all() self.add_visible_dialog(self.richRuleDialog) result = self.richRuleDialog.run() self.richRuleDialog.hide() self.remove_visible_dialog(self.richRuleDialog) if result != 1: return obj = self.richRuleDialog_getRule() old_rule = str(old_obj) rule = str(obj) if old_rule == rule: # nothing to change return if self.runtime_view: if not self.fw.queryRichRule(selected_zone, rule): self.fw.addRichRule(selected_zone, rule) if not add: self.fw.removeRichRule(selected_zone, old_rule) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryRichRule(rule): if not add: zone.removeRichRule(old_rule) zone.addRichRule(rule) self.changes_applied() def on_richRuleDialogElementChooser_clicked(self, *args): combolabel = self.richRuleDialogElementCombobox.get_active_text() old_value = self.richRuleDialogElementChooser.get_text() familylabel = self.richRuleDialogFamilyCombobox.get_active_text() if familylabel == _("ipv4"): family = "ipv4" elif familylabel == _("ipv6"): family = "ipv6" else: family = None value = None if combolabel == _("service"): value = self.service_select_dialog(old_value) elif combolabel == _("port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) elif combolabel == _("protocol"): value = self.protocol_select_dialog(old_value) elif combolabel == _("icmp-block"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("icmp-type"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("forward-port"): value = self.forwardport_select_dialog(family, old_value) elif combolabel == _("source-port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) if value is None: return self.richRuleDialogElementChooser.set_text(value) def port_select_dialog(self, old_port, old_proto): self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return None port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return None return "%s/%s" % (port, proto) def onProtoChanged(self, *args): if self.protoDialogOtherProtoCheck.get_active(): self.protoDialogProtoLabel.set_sensitive(False) self.protoDialogProtoCombobox.set_sensitive(False) self.protoDialogOtherProtoEntry.set_sensitive(True) proto = self.protoDialogOtherProtoEntry.get_text() else: self.protoDialogProtoLabel.set_sensitive(True) self.protoDialogProtoCombobox.set_sensitive(True) self.protoDialogOtherProtoEntry.set_sensitive(False) proto = self.protoDialogProtoCombobox.get_active_text() if functions.checkProtocol(proto): self.protoDialogOkButton.set_sensitive(True) else: self.protoDialogOkButton.set_sensitive(False) def protocol_select_dialog(self, old_proto): self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) self.protoDialogOtherProtoEntry.set_text("") if old_proto: if not combobox_select_text(self.protoDialogProtoCombobox, old_proto): self.protoDialogOtherProtoCheck.set_active(True) self.protoDialogOtherProtoEntry.set_text(old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return None if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return None return proto def change_service_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceDialogOkButton.set_sensitive(True) else: self.serviceDialogOkButton.set_sensitive(False) def service_select_dialog(self, old_service=""): self.serviceDialogServiceStore.clear() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() for service in services: self.serviceDialogServiceStore.append([service]) selection = self.serviceDialogServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.serviceDialogServiceStore.get_iter_first() while iter: if self.serviceDialogServiceStore.get_value(iter, 0) == \ old_service: selection.select_iter(iter) iter = self.serviceDialogServiceStore.iter_next(iter) self.serviceDialogOkButton.set_sensitive(False) self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceDialog.set_transient_for(self.mainWindow) self.serviceDialog.show_all() self.add_visible_dialog(self.serviceDialog) result = self.serviceDialog.run() self.serviceDialog.hide() self.remove_visible_dialog(self.serviceDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None service = self.serviceDialogServiceStore.get_value(iter, 0) if old_service == service: return None return service def change_icmptype_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.icmptypeDialogOkButton.set_sensitive(True) else: self.icmptypeDialogOkButton.set_sensitive(False) def icmptype_select_dialog(self, old_icmptype=""): self.icmptypeDialogIcmptypeStore.clear() if self.runtime_view: icmptypes = self.fw.listIcmpTypes() else: icmptypes = self.fw.config().getIcmpTypeNames() for icmptype in icmptypes: self.icmptypeDialogIcmptypeStore.append([icmptype]) selection = self.icmptypeDialogIcmptypeView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.icmptypeDialogIcmptypeStore.get_iter_first() while iter: if self.icmptypeDialogIcmptypeStore.get_value(iter, 0) == \ old_icmptype: selection.select_iter(iter) iter = self.icmptypeDialogIcmptypeStore.iter_next(iter) self.icmptypeDialogOkButton.set_sensitive(False) self.icmptypeDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmptypeDialog.set_transient_for(self.mainWindow) self.icmptypeDialog.show_all() self.add_visible_dialog(self.icmptypeDialog) result = self.icmptypeDialog.run() self.icmptypeDialog.hide() self.remove_visible_dialog(self.icmptypeDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None icmptype = self.icmptypeDialogIcmptypeStore.get_value(iter, 0) if old_icmptype == icmptype: return None return icmptype def on_richRuleDialogSourceChooser_clicked(self, *args): old_address = self.richRuleDialogSourceChooser.get_text() _type = self.richRuleDialogSourceTypeCombobox.get_active_text() combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None if _type == "IP": address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, family) if address is not None: self.richRuleDialogSourceChooser.set_text(address) def on_richRuleDialogDestinationChooser_clicked(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None old_address = self.richRuleDialogDestinationChooser.get_text() address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogDestinationChooser.set_text(address) def create_fwp_string(self, port, proto, to_port, to_addr): _to_port = "" if to_port != "": _to_port = " >%s" % to_port _to_addr = "" if to_addr != "": _to_addr = " @%s" % to_addr return "%s/%s%s%s" % (port, proto, _to_port, _to_addr) def split_fwp_string(self, text): port = "" proto = "" to_port = "" to_addr = "" if ">" in text: # to_port splits = text.split(">") (port,proto) = splits[0].split("/") if "@" in splits[1]: (to_port,to_addr) = splits[1].split("@") else: to_port = splits[1] elif "@" in text: splits = text.split("@") (port,proto) = splits[0].split("/") to_addr = splits[1] return (port.strip(), proto.strip(), to_port.strip(), to_addr.strip()) def richRuleDialog_getRule(self): smhd = { _("second"): "s", _("minute"): "m", _("hour"): "h", _("day"): "d" } loglevel = { _("emergency"): "emerg", # 0, system is unusable _("alert"): "alert", # 1, action must be taken immediately _("critical"): "crit", # 2, critical conditions _("error"): "error", # 3, error conditions _("warning"): "warning", # 4, warning conditions _("notice"): "notice", # 5, normal but significant condition _("info"): "info", # 6, informational _("debug"): "debug", } # 7, debug-level messages # family combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): rule = rich.Rich_Rule("ipv4") # ipv4 rule elif combolabel == _("ipv6"): rule = rich.Rich_Rule("ipv6") # ipv6 rule else: rule = rich.Rich_Rule() # ipv4+ipv6 rule # priority priority = self.richRuleDialogPriorityEntry.get_value_as_int() if priority != 0: rule.priority = priority # element if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("service"): rule.element = rich.Rich_Service( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_Port(port, proto) elif combolabel == _("protocol"): rule.element = rich.Rich_Protocol( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-block"): rule.element = rich.Rich_IcmpBlock( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-type"): rule.element = rich.Rich_IcmpType( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("forward-port"): text = self.richRuleDialogElementChooser.get_text() try: (port, proto, to_port, to_addr) = \ self.split_fwp_string(text) except: return None rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr) elif combolabel == _("masquerade"): rule.element = rich.Rich_Masquerade() elif combolabel == _("source-port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_SourcePort(port, proto) # action if self.richRuleDialogActionCheck.is_sensitive() and \ self.richRuleDialogActionCheck.get_active(): limit = None if self.richRuleDialogActionLimitCheck.get_active(): value = self.richRuleDialogActionLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogActionLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) combolabel = self.richRuleDialogActionCombobox.get_active_text() if combolabel == _("accept"): rule.action = rich.Rich_Accept(limit) elif combolabel == _("reject"): _type = None if self.richRuleDialogActionRejectTypeCheck.get_active(): _type = self.richRuleDialogActionRejectTypeCombobox.get_active_text() rule.action = rich.Rich_Reject(_type, limit) elif combolabel == _("drop"): rule.action = rich.Rich_Drop(limit) elif combolabel == _("mark"): _set = self.richRuleDialogActionMarkChooser.get_text() rule.action = rich.Rich_Mark(_set, limit) # source if self.richRuleDialogSourceChooser.is_sensitive() \ and (self.richRuleDialogSourceChooser.get_text() != "" \ or self.richRuleDialogSourceInvertCheck.get_active()): txt = self.richRuleDialogSourceTypeCombobox.get_active_text() addr = mac = ipset = None if txt == "IP": addr = self.richRuleDialogSourceChooser.get_text() if txt == "MAC": mac = self.richRuleDialogSourceChooser.get_text() if txt == "ipset": ipset = self.richRuleDialogSourceChooser.get_text() rule.source = rich.Rich_Source( addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()) # destination if self.richRuleDialogDestinationBox.is_sensitive() \ and (self.richRuleDialogDestinationChooser.get_text() != "" \ or self.richRuleDialogDestinationInvertCheck.get_active()): rule.destination = rich.Rich_Destination( self.richRuleDialogDestinationChooser.get_text(), self.richRuleDialogDestinationInvertCheck.get_active()) # log if self.richRuleDialogLogCheck.is_sensitive() and \ self.richRuleDialogLogCheck.get_active(): limit = None if self.richRuleDialogLogLimitCheck.get_active(): value = self.richRuleDialogLogLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogLogLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) level = self.richRuleDialogLogLevelCombobox.get_active_text() rule.log = rich.Rich_Log( self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit) # audit if self.richRuleDialogAuditCheck.is_sensitive() and \ self.richRuleDialogAuditCheck.get_active(): limit = None if self.richRuleDialogAuditLimitCheck.get_active(): value = self.richRuleDialogAuditLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogAuditLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) rule.audit = rich.Rich_Audit(limit) return rule def on_richRuleDialogFamilyCombobox_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None self.richRuleDialogActionRejectTypeCombobox.remove_all() if family is not None: for icmp in REJECT_TYPES[family]: self.richRuleDialogActionRejectTypeCombobox.append(icmp, icmp) old_obj = self.richRuleDialog.old_obj if old_obj and old_obj.family == family and \ hasattr(old_obj.action, 'type') and old_obj.action.type: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[family][0]) def on_richRuleDialogElementCombobox_changed(self, *args): self.richRuleDialogElementChooser.set_text("") def on_richRuleDialogActionMarkChooser_clicked(self, *args): old_value = self.richRuleDialogActionMarkChooser.get_text() if "/" in old_value: try: (old_mark, old_mask) = old_value.split("/") except: return else: old_mark = old_value old_mask = "" _value = self.mark_select_dialog(old_mark, old_mask) if _value is None: return (mark, mask) = _value if mask != "": value = "%s/%s" % (mark, mask) else: value = mark self.richRuleDialogActionMarkChooser.set_text(value) def on_richRuleDialog_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None v4v6_source = (self.richRuleDialogSourceTypeCombobox.get_active_text() == "MAC" or \ self.richRuleDialogSourceTypeCombobox.get_active_text() == "ipset") if family is None: self.richRuleDialogSourceChooser.set_sensitive(v4v6_source) self.richRuleDialogSourceInvertCheck.set_sensitive(v4v6_source) self.richRuleDialogDestinationLabel.set_sensitive(False) self.richRuleDialogDestinationBox.set_sensitive(False) else: self.richRuleDialogSourceChooser.set_sensitive(True) self.richRuleDialogSourceInvertCheck.set_sensitive(True) self.richRuleDialogDestinationLabel.set_sensitive(True) self.richRuleDialogDestinationBox.set_sensitive(True) self.richRuleDialogActionCheck.set_sensitive(True) self.richRuleDialogActionBox.set_sensitive( self.richRuleDialogActionCheck.get_active()) self.richRuleDialogElementChooser.set_sensitive(True) self.richRuleDialogElementBox.set_sensitive( self.richRuleDialogElementCheck.get_active()) self.richRuleDialogLogCheck.set_sensitive(True) self.richRuleDialogAuditCheck.set_sensitive(True) self.richRuleDialogActionLimitBox.set_sensitive( self.richRuleDialogActionLimitCheck.get_active()) self.richRuleDialogActionRejectTypeCombobox.set_sensitive( self.richRuleDialogActionRejectTypeCheck.get_active()) self.richRuleDialogActionRejectBox.set_sensitive(family is not None and \ self.richRuleDialogActionCombobox.get_active_text() == _("reject")) self.richRuleDialogActionMarkBox.set_sensitive(self.richRuleDialogActionCombobox.get_active_text() == _("mark")) self.richRuleDialogLogGrid.set_sensitive( self.richRuleDialogLogCheck.get_active()) self.richRuleDialogLogLimitBox.set_sensitive( self.richRuleDialogLogLimitCheck.get_active()) self.richRuleDialogAuditBox.set_sensitive( self.richRuleDialogAuditCheck.get_active()) self.richRuleDialogAuditLimitBox.set_sensitive( self.richRuleDialogAuditLimitCheck.get_active()) if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("masquerade"): self.richRuleDialogElementChooser.set_sensitive(False) self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("forward-port"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("icmp-block"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) rule = self.richRuleDialog_getRule() try: rule.check() except Exception as msg: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text(str(msg)) else: if str(self.richRuleDialog.old_obj) != str(rule): self.richRuleDialogOkButton.set_sensitive(True) else: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text("") def onAddInterface(self, *args): self.add_edit_interface(True) def onEditInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] if selected_zone == self.default_zone: selected_zone = nm_get_zone_of_connection(connection) editor = ZoneConnectionEditor(self.fw, connection, connection_name, selected_zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) editor.show_all() try: editor.run() except Exception: text = _("Failed to set zone {zone} " "for connection {connection_name}") self._warning(text.format(zone=editor.get_zone(), connection_name=editor.connection_name)) editor.hide() else: self.add_edit_interface(False) self.changes_applied() def onInterfaceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onEditInterface() def onRemoveInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeInterface(selected_zone, interface) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeInterface(interface) self.changes_applied() def change_interface_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editInterfaceButton.set_sensitive(True) interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: self.removeInterfaceButton.set_sensitive(False) else: self.removeInterfaceButton.set_sensitive(True) else: self.editInterfaceButton.set_sensitive(False) self.removeInterfaceButton.set_sensitive(False) def add_edit_interface(self, add): selected_zone = self.get_selected_zone() old_interface = None if add: self.interfaceDialogInterfaceEntry.set_text("") else: selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_interface = self.interfaceStore.get_value(iter, 0) self.interfaceDialogInterfaceEntry.set_text(old_interface) self.interfaceDialogOkButton.set_sensitive(False) self.interfaceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.interfaceDialog.set_transient_for(self.mainWindow) self.interfaceDialog.show_all() self.add_visible_dialog(self.interfaceDialog) result = self.interfaceDialog.run() self.interfaceDialog.hide() self.remove_visible_dialog(self.interfaceDialog) if result != 1: return interface = self.interfaceDialogInterfaceEntry.get_text() if old_interface == interface: # nothing to change return if self.runtime_view: if not self.fw.queryInterface(selected_zone, interface): self.fw.addInterface(selected_zone, interface) if not add: self.fw.removeInterface(selected_zone, old_interface) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryInterface(interface): if not add: zone.removeInterface(old_interface) zone.addInterface(interface) self.changes_applied() def onInterfaceChanged(self, *args): text = self.interfaceDialogInterfaceEntry.get_text() if text != "" and functions.checkInterface(text): self.interfaceDialogOkButton.set_sensitive(True) else: self.interfaceDialogOkButton.set_sensitive(False) def onAddSource(self, *args): self.add_edit_source(True) def onEditSource(self, *args): self.add_edit_source(False) def onSourceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source(False) def onRemoveSource(self, *args): selected_zone = self.get_selected_zone() selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return source = self.sourceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeSource(selected_zone, source) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSource(source) self.changes_applied() def change_source_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourceButton.set_sensitive(True) self.removeSourceButton.set_sensitive(True) else: self.editSourceButton.set_sensitive(False) self.removeSourceButton.set_sensitive(False) def add_edit_source(self, add): selected_zone = self.get_selected_zone() old_source = "" if not add: selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_source = self.sourceStore.get_value(iter, 0) #source = self.address_select_dialog(None, old_source, True, True) source = self.source_select_dialog(old_source) if not source: return if self.runtime_view: if not self.fw.querySource(selected_zone, source): self.fw.addSource(selected_zone, source) if not add: self.fw.removeSource(selected_zone, old_source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySource(source): if not add: zone.removeSource(old_source) zone.addSource(source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) def on_markDialog_changed(self, entry, old_mark, old_mask): mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if not functions.checkUINT32(mark): self.markDialogOkButton.set_sensitive(False) else: if mask != "" and not functions.checkUINT32(mask): self.markDialogOkButton.set_sensitive(False) else: if old_mark != mark or old_mask != mask: self.markDialogOkButton.set_sensitive(True) def mark_select_dialog(self, old_mark, old_mask): self.markDialogMarkEntry.set_text(old_mark) self.markDialogMaskEntry.set_text(old_mask) handler_id1 = self.markDialogMarkEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) handler_id2 = self.markDialogMaskEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) self.markDialogOkButton.set_sensitive(False) self.markDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.markDialog.set_transient_for(self.mainWindow) self.markDialog.show_all() self.add_visible_dialog(self.markDialog) result = self.markDialog.run() self.markDialog.hide() self.remove_visible_dialog(self.markDialog) self.markDialogMarkEntry.disconnect(handler_id1) self.markDialogMaskEntry.disconnect(handler_id2) mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if result != 1 or (old_mark == mark and old_mask == mask): return None return (mark, mask) def on_macDialog_changed(self, entry, old_mac): text = entry.get_text() if text == "": self.macDialogOkButton.set_sensitive(True) return self.macDialogOkButton.set_sensitive(False) if functions.check_mac(text) and text != old_mac: self.macDialogOkButton.set_sensitive(True) def mac_select_dialog(self, old_mac): self.macDialogMacEntry.set_text(old_mac) handler_id = self.macDialogMacEntry.connect("changed", self.on_macDialog_changed, old_mac) self.macDialogOkButton.set_sensitive(False) self.macDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.macDialog.set_transient_for(self.mainWindow) self.macDialog.show_all() self.add_visible_dialog(self.macDialog) result = self.macDialog.run() self.macDialog.hide() self.remove_visible_dialog(self.macDialog) self.macDialogMacEntry.disconnect(handler_id) mac = self.macDialogMacEntry.get_text() if result != 1 or old_mac == mac: return None return mac.upper() def change_ipset_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetDialogOkButton.set_sensitive(True) else: self.ipsetDialogOkButton.set_sensitive(False) def ipset_select_dialog(self, old_ipset="", ipv=None): self.ipsetDialogIPSetStore.clear() ipsets = { } if self.runtime_view: for x in self.fw.getIPSets(): self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(x) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: continue raise self.activate_exception_handler() if settings.getType() not in ZONE_SOURCE_IPSET_TYPES: continue ipsets[x] = settings else: for i in self.fw.config().listIPSets(): obj = self.fw.config().getIPSet(i) ipsets[obj.get_property("name")] = obj.getSettings() for i in sorted(ipsets.keys()): # for all hash:ip and hash:net types, ipv has to match the family # of the set ipset_type = ipsets[i].getType() if ipset_type.startswith("hash:ip") or \ ipset_type.startswith("hash:net"): opts = ipsets[i].getOptions() if "family" in opts: if opts["family"] == "inet6" and \ (ipv != "ipv6" and ipv != "all"): continue else: if ipv == "ipv6" or ipv is None: continue self.ipsetDialogIPSetStore.append([i, ipset_type]) selection = self.ipsetDialogIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) #selection.select_path(0) iter = self.ipsetDialogIPSetStore.get_iter_first() while iter: if self.ipsetDialogIPSetStore.get_value(iter, 0) == old_ipset: selection.select_iter(iter) iter = self.ipsetDialogIPSetStore.iter_next(iter) self.ipsetDialogOkButton.set_sensitive(False) self.ipsetDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetDialog.set_transient_for(self.mainWindow) self.ipsetDialog.show_all() self.add_visible_dialog(self.ipsetDialog) result = self.ipsetDialog.run() self.ipsetDialog.hide() self.remove_visible_dialog(self.ipsetDialog) #self.ipsetDialogIPSetEntry.disconnect(handler_id) #ipset = self.ipsetDialogIPSetEntry.get_text() if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None ipset = self.ipsetDialogIPSetStore.get_value(iter, 0) if old_ipset == ipset: return None return ipset def change_helper_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperDialogOkButton.set_sensitive(True) else: self.helperDialogOkButton.set_sensitive(False) def on_sourceDialog_changed(self, arg, old_type, old_source): _type = self.sourceDialogSourceTypeCombobox.get_active_text() _source = self.sourceDialogSourceChooser.get_text() self.sourceDialogOkButton.set_sensitive(False) if old_source != _source: if _type == "MAC" and functions.check_mac(_source): self.sourceDialogOkButton.set_sensitive(True) elif _type == "IP" and (functions.checkIPnMask(_source) or \ functions.checkIP6nMask(_source)): self.sourceDialogOkButton.set_sensitive(True) elif _type == "ipset": self.sourceDialogOkButton.set_sensitive(True) def on_sourceDialogSourceChooser_clicked(self, *args): old_address = self.sourceDialogSourceChooser.get_text() _type = self.sourceDialogSourceTypeCombobox.get_active_text() if _type == "IP": address = self.address_select_dialog(None, old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, "all") if address is not None: self.sourceDialogSourceChooser.set_text(address) def source_select_dialog(self, old_source): if old_source: if old_source.startswith("ipset:"): old_type = "ipset" old_source = old_source[6:] elif functions.check_mac(old_source): old_type = "MAC" else: old_type = "IP" combobox_select_text(self.sourceDialogSourceTypeCombobox, old_type) else: old_type = None self.sourceDialogSourceTypeCombobox.set_active(0) self.sourceDialogSourceChooser.set_text(old_source) h_type_id = self.sourceDialogSourceTypeCombobox.connect( "changed", self.on_sourceDialog_changed, old_type, old_source) h_addr_id = self.sourceDialogSourceChooser.connect( "clicked", self.on_sourceDialog_changed, old_type, old_source) self.sourceDialogOkButton.set_sensitive(False) self.sourceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.sourceDialog.set_transient_for(self.mainWindow) self.sourceDialog.show_all() self.add_visible_dialog(self.sourceDialog) result = self.sourceDialog.run() self.sourceDialog.hide() self.remove_visible_dialog(self.sourceDialog) self.sourceDialogSourceTypeCombobox.disconnect(h_type_id) self.sourceDialogSourceChooser.disconnect(h_addr_id) source = self.sourceDialogSourceChooser.get_text() if self.sourceDialogSourceTypeCombobox.get_active_text() == "ipset": source = "ipset:%s" % source if result != 1 or old_source == source: return None return source def onAddPort(self, *args): self.add_edit_port(True) def onEditPort(self, *args): self.add_edit_port(False) def onPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_port(False) def onRemovePort(self, *args): selected_zone = self.get_selected_zone() selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.portStore.get_value(iter, 0) proto = self.portStore.get_value(iter, 1) if self.runtime_view: self.fw.removePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removePort(port, proto) self.changes_applied() def onPortChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def add_edit_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.portStore.get_value(iter, 0) old_proto = self.portStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryPort(selected_zone, port, proto): self.fw.addPort(selected_zone, port, proto) if not add: self.fw.removePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryPort(port, proto): if not add: zone.removePort(old_port, old_proto) zone.addPort(port, proto) self.changes_applied() def onPortProtoChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def onPortProtoDialogOtherProtoCheckToggled(self, check, *args): self.portDialogPortEntry.set_sensitive(not check.get_active()) self.portDialogProtoCombobox.set_sensitive(not check.get_active()) def service_conf_add_edit_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfPortStore.get_value(iter, 0) old_proto = self.serviceConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryPort(port, proto): if not add: service.removePort(old_port, old_proto) service.addPort(port, proto) self.changes_applied() def port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: # already there return iter = self.portStore.iter_next(iter) # nothing found, so add it self.portStore.append([port, protocol]) def port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: self.portStore.remove(iter) break iter = self.portStore.iter_next(iter) def onAddSourcePort(self, *args): self.add_edit_source_port(True) def onEditSourcePort(self, *args): self.add_edit_source_port(False) def onSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source_port(False) def onRemoveSourcePort(self, *args): selected_zone = self.get_selected_zone() selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.sourcePortStore.get_value(iter, 0) proto = self.sourcePortStore.get_value(iter, 1) if self.runtime_view: self.fw.removeSourcePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSourcePort(port, proto) self.changes_applied() def add_edit_source_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.sourcePortStore.get_value(iter, 0) old_proto = self.sourcePortStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.querySourcePort(selected_zone, port, proto): self.fw.addSourcePort(selected_zone, port, proto) if not add: self.fw.removeSourcePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySourcePort(port, proto): if not add: zone.removeSourcePort(old_port, old_proto) zone.addSourcePort(port, proto) self.changes_applied() def service_conf_add_edit_source_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfSourcePortStore.get_value(iter, 0) old_proto = self.serviceConfSourcePortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.querySourcePort(port, proto): if not add: service.removeSourcePort(old_port, old_proto) service.addSourcePort(port, proto) self.changes_applied() def source_port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: # already there return iter = self.sourcePortStore.iter_next(iter) # nothing found, so add it self.sourcePortStore.append([port, protocol]) def source_port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: self.sourcePortStore.remove(iter) break iter = self.sourcePortStore.iter_next(iter) def onAddProtocol(self, *args): self.add_edit_protocol(True) def onEditProtocol(self, *args): self.add_edit_protocol(False) def onProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_protocol(False) def onRemoveProtocol(self, *args): selected_zone = self.get_selected_zone() selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.protocolStore.get_value(iter, 0) if self.runtime_view: self.fw.removeProtocol(selected_zone, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeProtocol(proto) self.changes_applied() def add_edit_protocol(self, add): selected_zone = self.get_selected_zone() old_proto = None if not add: selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.protocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryProtocol(selected_zone, proto): self.fw.addProtocol(selected_zone, proto) if not add: self.fw.removeProtocol(selected_zone, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryProtocol(proto): if not add: zone.removeProtocol(old_proto) zone.addProtocol(proto) self.changes_applied() def service_conf_add_edit_protocol(self, add): active_service = self.get_active_service() old_proto = None if not add: selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.serviceConfProtocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryProtocol(proto): if not add: service.removeProtocol(old_proto) service.addProtocol(proto) self.changes_applied() def protocol_added_cb(self, zone, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: # already there return iter = self.protocolStore.iter_next(iter) # nothing found, so add it self.protocolStore.append([protocol]) def protocol_removed_cb(self, zone, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: self.protocolStore.remove(iter) break iter = self.protocolStore.iter_next(iter) def onForwardDialogChecksToggled(self, check, *args): val1 = self.forwardDialogLocalCheck.get_active() val2 = self.forwardDialogToPortCheck.get_active() self.forwardDialogToAddrLabel.set_sensitive(not val1) self.forwardDialogToAddrEntry.set_sensitive(not val1) self.forwardDialogToPortCheck.set_sensitive(not val1) self.forwardDialogToPortLabel.set_sensitive(val1 or val2) self.forwardDialogToPortEntry.set_sensitive(val1 or val2) self.onForwardChanged(None) def onForwardDialogToPortCheckToggled(self, check, *args): toport = check.get_active() self.forwardDialogToPortLabel.set_sensitive(toport) self.forwardDialogToPortEntry.set_sensitive(toport) self.onForwardChanged(None) def _check_forward(self): ports = self.forwardDialogPortEntry.get_text() to_ports = self.forwardDialogToPortEntry.get_text() to_addr = self.forwardDialogToAddrEntry.get_text() local_check = self.forwardDialogLocalCheck.get_active() to_port_check = self.forwardDialogToPortCheck.get_active() ports = functions.getPortRange(ports) to_ports = functions.getPortRange(to_ports) ports_ok = False if ports and (isinstance(ports, list) or \ isinstance(ports, tuple)): ports_ok = True to_ports_ok = False if to_ports and (isinstance(to_ports, list) or \ isinstance(to_ports, tuple)): to_ports_ok = True to_addr_ok = False if to_addr != "": if self.forwardDialog.family == "ipv4" and \ functions.checkIP(to_addr): to_addr_ok = True if self.forwardDialog.family == "ipv6" and \ functions.checkIP6(to_addr): to_addr_ok = True if self.forwardDialog.family is None and \ (functions.checkIP(to_addr) or functions.checkIP6(to_addr)): to_addr_ok = True ok = False if ports_ok: if local_check: if to_ports_ok and ports != to_ports: ok = True elif to_addr_ok: if to_port_check: if to_ports_ok: ok = True else: ok = True return ok def onForwardChanged(self, arg): ok = False if arg == self.forwardDialogProtoCombobox: if self._check_forward(): ok = True else: ok = self._check_forward() self.forwardDialogOkButton.set_sensitive(ok) def onAddForwardPort(self, *args): self.add_edit_forward_port(True) def onEditForwardPort(self, *args): self.add_edit_forward_port(False) def onForwardPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_forward_port(False) def forwardport_select_dialog(self, family, old_value=None): self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = family (old_port, old_proto, old_to_port, old_to_addr) = \ self.split_fwp_string(old_value) self.forwardDialogPortEntry.set_text("") if old_port is not None: self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text("") if old_to_port is not None: self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text("") if old_to_addr is not None: self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return None port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" value = self.create_fwp_string(port, proto, to_port, to_addr) if old_value == value: return None return value def add_edit_forward_port(self, add): selected_zone = self.get_selected_zone() self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = None old_port = None old_proto = None old_to_port = None old_to_addr = None iter = None if add: self.forwardDialogPortEntry.set_text("") self.forwardDialogProtoCombobox.set_active(0) self.forwardDialogToPortEntry.set_text("") self.forwardDialogToAddrEntry.set_text("") else: selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.forwardStore.get_value(iter, 0) old_proto = self.forwardStore.get_value(iter, 1) old_to_port = self.forwardStore.get_value(iter, 2) old_to_addr = self.forwardStore.get_value(iter, 3) self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" if not add and (old_port == port and old_proto == proto and \ old_to_port == to_port and old_to_addr == to_addr): # nothing to change return if self.runtime_view: if not self.fw.queryForwardPort(selected_zone, port, proto, to_port, to_addr): self.fw.addForwardPort(selected_zone, port, proto, to_port, to_addr) if not add: self.fw.removeForwardPort(selected_zone, old_port, old_proto, old_to_port, old_to_addr) if add and to_addr and not self.fw.queryMasquerade(selected_zone): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: self.fw.addMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryForwardPort(port, proto, to_port, to_addr): if not add: zone.removeForwardPort(old_port, old_proto, old_to_port, old_to_addr) zone.addForwardPort(port, proto, to_port, to_addr) if add and to_addr and not zone.getMasquerade(): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: zone.setMasquerade(True) self.changes_applied() def masqueradeQueryDialog(self): text = _("Forwarding to another system is only useful if the interface is masqueraded.\nDo you want to masquerade this zone ?") return self._dialog(text=text, buttons=((Gtk.STOCK_YES, Gtk.ResponseType.YES), (Gtk.STOCK_NO, Gtk.ResponseType.NO))) def forward_port_added_cb(self, zone, port, protocol, to_port, to_address, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_added_cb(zone, port, protocol, to_port, to_address) def forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_removed_cb(zone, port, protocol, to_port, to_address) def _forward_port_added_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: # already there return iter = self.forwardStore.iter_next(iter) # nothing found, so add it self.forwardStore.append([port, protocol, to_port, to_address]) def _forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: self.forwardStore.remove(iter) break iter = self.forwardStore.iter_next(iter) def onRemoveForwardPort(self, *args): selected_zone = self.get_selected_zone() selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.forwardStore.get_value(iter, 0) proto = self.forwardStore.get_value(iter, 1) to_port = self.forwardStore.get_value(iter, 2) to_addr = self.forwardStore.get_value(iter, 3) if self.runtime_view: self.fw.removeForwardPort(selected_zone, port, proto, to_port, to_addr) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeForwardPort(port, proto, to_port, to_addr) self.changes_applied() def onChangeService(self, *args): active_service = self.get_active_service() ### load service settings self.serviceConfPortStore.clear() self.serviceConfProtocolStore.clear() self.serviceConfSourcePortStore.clear() self.serviceConfModuleStore.clear() self.serviceConfDestIpv4Chooser.set_text("") self.serviceConfDestIpv6Chooser.set_text("") self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_service: self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) return self.serviceConfEditServiceButton.set_sensitive(True) self.serviceConfServiceNotebook.set_sensitive(True) ports = [ ] protocols = [ ] source_ports = [ ] modules = [ ] destination = { } if self.runtime_view: # load runtime configuration settings = self.fw.getServiceSettings(active_service) ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() default = False builtin = False else: try: service = self.fw.config().getServiceByName(active_service) except: return # load permanent configuration settings = service.getSettings() ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() props = service.get_properties() default = props["default"] builtin = props["builtin"] self.serviceConfRemoveServiceButton.set_sensitive(not builtin and default) self.serviceConfLoadDefaultsServiceButton.set_sensitive(not default) # set ports for item in ports: self.serviceConfPortStore.append(item) # set protocols for item in protocols: self.serviceConfProtocolStore.append([item]) # set ports for item in source_ports: self.serviceConfSourcePortStore.append(item) # set modules for item in modules: self.serviceConfModuleStore.append([item]) # set destination if "ipv4" in destination: self.serviceConfDestIpv4Chooser.set_text(destination["ipv4"]) if "ipv6" in destination: self.serviceConfDestIpv6Chooser.set_text(destination["ipv6"]) self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) def conf_service_added_cb(self, service): if self.runtime_view: return # check if service is in store iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: return iter = self.serviceConfServiceStore.iter_next(iter) # not in list, append self.serviceConfServiceStore.append([service]) def conf_service_updated_cb(self, service): self.onChangeService() def conf_service_removed_cb(self, service): if self.runtime_view: return iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: self.serviceConfServiceStore.remove(iter) break iter = self.serviceConfServiceStore.iter_next(iter) def conf_service_renamed_cb(self, service): if self.runtime_view: return # Get all services, renamed the one that is missing. # If more or less than one is missing, update service store. services = self.fw.config().getServiceNames() use_iter = None iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) not in services: if use_iter is not None: return self.load_services() use_iter = iter iter = self.serviceConfServiceStore.iter_next(iter) if use_iter is None: return self.load_services() self.serviceConfServiceStore.set_value(use_iter, 0, service) def onServiceConfAddService(self, *args): self.add_edit_service(True) def onServiceConfRemoveService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.remove() self.changes_applied() self.load_services() self.onChangeService() def onServiceConfEditService(self, *args): self.add_edit_service(False) def onServiceBaseDialogChanged(self, *args): if args and (args[0] == self.serviceBaseDialogNameEntry): additional_chars = "".join(Service.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.serviceBaseDialogOkButton.set_sensitive(True) def onServiceConfAddPort(self, *args): self.service_conf_add_edit_port(True) def onServiceConfEditPort(self, *args): self.service_conf_add_edit_port(False) def onServiceConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_port(False) def onServiceConfRemovePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfPortStore.get_value(iter, 0) proto = self.serviceConfPortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removePort(port, proto) self.changes_applied() def change_service_dialog_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditPortButton.set_sensitive(True) self.serviceConfRemovePortButton.set_sensitive(True) else: self.serviceConfEditPortButton.set_sensitive(False) self.serviceConfRemovePortButton.set_sensitive(False) def onServiceConfAddProtocol(self, *args): self.service_conf_add_edit_protocol(True) def onServiceConfEditProtocol(self, *args): self.service_conf_add_edit_protocol(False) def onServiceConfProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_protocol(False) def onServiceConfRemoveProtocol(self, *args): active_service = self.get_active_service() selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.serviceConfProtocolStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeProtocol(proto) self.changes_applied() def change_service_dialog_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditProtocolButton.set_sensitive(True) self.serviceConfRemoveProtocolButton.set_sensitive(True) else: self.serviceConfEditProtocolButton.set_sensitive(False) self.serviceConfRemoveProtocolButton.set_sensitive(False) def onServiceConfAddSourcePort(self, *args): self.service_conf_add_edit_source_port(True) def onServiceConfEditSourcePort(self, *args): self.service_conf_add_edit_source_port(False) def onServiceConfSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_source_port(False) def onServiceConfRemoveSourcePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfSourcePortStore.get_value(iter, 0) proto = self.serviceConfSourcePortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removeSourcePort(port, proto) self.changes_applied() def change_service_dialog_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditSourcePortButton.set_sensitive(True) self.serviceConfRemoveSourcePortButton.set_sensitive(True) else: self.serviceConfEditSourcePortButton.set_sensitive(False) self.serviceConfRemoveSourcePortButton.set_sensitive(False) def add_edit_service(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.serviceBaseDialogNameEntry.set_text("") self.serviceBaseDialogVersionEntry.set_text("") self.serviceBaseDialogShortEntry.set_text("") self.serviceBaseDialogDescText.get_buffer().set_text("") else: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() props = service.get_properties() default = props["default"] builtin = props["builtin"] old_name = service.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.serviceBaseDialogNameEntry.set_text(old_name) self.serviceBaseDialogVersionEntry.set_text(old_version) self.serviceBaseDialogShortEntry.set_text(old_short) self.serviceBaseDialogDescText.get_buffer().set_text(old_desc) self.serviceBaseDialogOkButton.set_sensitive(False) if builtin: self.serviceBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in service, rename not supported.")) else: self.serviceBaseDialogNameEntry.set_tooltip_markup("") self.serviceBaseDialogNameEntry.set_sensitive(not builtin and default) self.serviceBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceBaseDialog.set_transient_for(self.mainWindow) self.serviceBaseDialog.show_all() self.add_visible_dialog(self.serviceBaseDialog) result = self.serviceBaseDialog.run() self.serviceBaseDialog.hide() self.remove_visible_dialog(self.serviceBaseDialog) if result != 1: return name = self.serviceBaseDialogNameEntry.get_text() version = self.serviceBaseDialogVersionEntry.get_text() short = self.serviceBaseDialogShortEntry.get_text() buffer = self.serviceBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() else: settings = client.FirewallClientServiceSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: service.update(settings) if not add: if old_name == name: return service.rename(name) else: self.fw.config().addService(name, settings) self.changes_applied() def onServiceConfLoadDefaultsService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.loadDefaults() self.changes_applied() self.onChangeService() def onServiceConfAddModule(self, *args): self.add_edit_module(True) def onServiceConfEditModule(self, *args): self.add_edit_module(False) def onServiceConfModuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_module(False) def onServiceConfRemoveModule(self, *args): active_service = self.get_active_service() selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return module = self.serviceConfModuleStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeModule(module) self.changes_applied() def change_service_dialog_module_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditModuleButton.set_sensitive(True) self.serviceConfRemoveModuleButton.set_sensitive(True) else: self.serviceConfEditModuleButton.set_sensitive(False) self.serviceConfRemoveModuleButton.set_sensitive(False) def helper_select_dialog(self, old_helper=""): self.helperDialogHelperStore.clear() helpers = [ ] if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() for helper in sorted(helpers): self.helperDialogHelperStore.append([helper]) selection = self.helperDialogHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperDialogHelperStore.get_iter_first() while iter: if self.helperDialogHelperStore.get_value(iter, 0) == old_helper: selection.select_iter(iter) iter = self.helperDialogHelperStore.iter_next(iter) self.helperDialogOkButton.set_sensitive(False) self.helperDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperDialog.set_transient_for(self.mainWindow) self.helperDialog.show_all() self.add_visible_dialog(self.helperDialog) result = self.helperDialog.run() self.helperDialog.hide() self.remove_visible_dialog(self.helperDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None helper = self.helperDialogHelperStore.get_value(iter, 0) if old_helper == helper: return None return helper def add_edit_module(self, add): active_service = self.get_active_service() old_helper = None if not add: selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_helper = self.serviceConfModuleStore.get_value(iter, 0) helper = self.helper_select_dialog(old_helper) if helper is None: return if old_helper == helper: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryModule(helper): if not add: service.removeModule(old_helper) service.addModule(helper) self.changes_applied() def onChangeServiceConfDestIpv4(self, *args): old_addr = self.serviceConfDestIpv4Chooser.get_text() addr = self.address_select_dialog("ipv4", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv4", addr): if addr != "": service.setDestination("ipv4", addr) else: service.removeDestination("ipv4") self.changes_applied() def onChangeServiceConfDestIpv6(self, *args): old_addr = self.serviceConfDestIpv6Chooser.get_text() addr = self.address_select_dialog("ipv6", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv6", addr): if addr != "": service.setDestination("ipv6", addr) else: service.removeDestination("ipv6") self.changes_applied() def onAddressChanged(self, entry, addr_type, old_address): text = entry.get_text() if text == "": self.addressDialogOkButton.set_sensitive(True) return self.addressDialogOkButton.set_sensitive(False) if addr_type == "ipv4": if functions.checkIPnMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) elif addr_type == "ipv6": if functions.checkIP6nMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) else: if (functions.checkIPnMask(text) or functions.checkIP6nMask(text)) \ and text != old_address: self.addressDialogOkButton.set_sensitive(True) def address_select_dialog(self, addr_type, old_address): if addr_type == "ipv4": label1 = _("Please enter an ipv4 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number.") elif addr_type == "ipv6": label1 = _("Please enter an ipv6 address with the form address[/mask].") label2 = _("The mask is a number.") else: label1 = _("Please enter an ipv4 or ipv6 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number for ipv4.\nThe mask is a number for ipv6.") self.addressDialogLabel.set_markup(label1) self.addressDialogLabel2.set_markup(label2) self.addressDialogAddressEntry.set_text(old_address) handler_id = self.addressDialogAddressEntry.connect( "changed", self.onAddressChanged, addr_type, old_address) self.addressDialogOkButton.set_sensitive(False) self.addressDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.addressDialog.set_transient_for(self.mainWindow) self.addressDialog.show_all() self.add_visible_dialog(self.addressDialog) result = self.addressDialog.run() self.addressDialog.hide() self.remove_visible_dialog(self.addressDialog) self.addressDialogAddressEntry.disconnect(handler_id) address = self.addressDialogAddressEntry.get_text() if functions.check_mac(address): address = address.upper() if result != 1 or old_address == address: return None return address def get_active_ipset(self): selection = self.ipsetConfIPSetView.get_selection() (model, iter) = selection.get_selected() if iter: return self.ipsetConfIPSetStore.get_value(iter, 0) return None def load_ipsets(self): if not self.show_ipsets: return active_ipset = self.get_active_ipset() if self.runtime_view: ipsets = self.fw.getIPSets() else: ipsets = self.fw.config().getIPSetNames() selection = self.ipsetConfIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.ipsetConfIPSetStore.clear() # ipsets for ipset in ipsets: self.ipsetConfIPSetStore.append([ipset]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == \ active_ipset: selection.select_iter(iter) return iter = self.ipsetConfIPSetStore.iter_next(iter) selection.select_path(0) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) if not self.get_active_ipset(): self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) def onIPSetConfAddIPSet(self, *args): self.add_edit_ipset(True) def onIPSetConfRemoveIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.remove() self.changes_applied() self.load_ipsets() self.onChangeIPSet() def onIPSetConfEditIPSet(self, *args): self.add_edit_ipset(False) def onIPSetConfLoadDefaultsIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.loadDefaults() self.changes_applied() self.onChangeIPSet() def onIPSetBaseDialogChanged(self, *args): def check_ipset_name(ipset): return (len(ipset) <= IPSET_MAXNAMELEN, ipset) OK=True if args and (args[0] == self.ipsetBaseDialogNameEntry): additional_chars = "".join(IPSet.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_ipset_name) self.ipsetBaseDialogOkButton.set_sensitive(OK) def add_edit_ipset(self, add): self.ipsetBaseDialogTypeCombobox.remove_all() ipset_types = self.fw.get_property("IPSetTypes") for x in ipset_types: self.ipsetBaseDialogTypeCombobox.append_text(x) self.ipsetBaseDialogBadTypeLabel.set_text("") if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_ipset_type = None old_options = { } self.ipsetBaseDialogNameEntry.set_text("") self.ipsetBaseDialogVersionEntry.set_text("") self.ipsetBaseDialogShortEntry.set_text("") self.ipsetBaseDialogDescText.get_buffer().set_text("") combobox_select_text(self.ipsetBaseDialogTypeCombobox, "hash:ip") self.ipsetBaseDialogFamilyCombobox.set_active(0) self.ipsetBaseDialogTimeoutEntry.set_text("") self.ipsetBaseDialogHashsizeEntry.set_text("") self.ipsetBaseDialogMaxelemEntry.set_text("") else: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] old_name = ipset.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_ipset_type = settings.getType() old_options = settings.getOptions() self.ipsetBaseDialogNameEntry.set_text(old_name) self.ipsetBaseDialogVersionEntry.set_text(old_version) self.ipsetBaseDialogShortEntry.set_text(old_short) self.ipsetBaseDialogDescText.get_buffer().set_text(old_desc) if old_ipset_type not in ipset_types: self.ipsetBaseDialogBadTypeLabel.set_text(old_ipset_type) else: combobox_select_text(self.ipsetBaseDialogTypeCombobox, old_ipset_type) if "family" in old_options and \ old_options["family"] in [ "inet", "inet6" ]: combobox_select_text(self.ipsetBaseDialogFamilyCombobox, old_options["family"]) else: self.ipsetBaseDialogFamilyCombobox.set_active(0) if "timeout" in old_options: self.ipsetBaseDialogTimeoutEntry.set_text( old_options["timeout"]) else: self.ipsetBaseDialogTimeoutEntry.set_text("") if "hashsize" in old_options: self.ipsetBaseDialogHashsizeEntry.set_text( old_options["hashsize"]) else: self.ipsetBaseDialogHashsizeEntry.set_text("") if "maxelem" in old_options: self.ipsetBaseDialogMaxelemEntry.set_text( old_options["maxelem"]) else: self.ipsetBaseDialogMaxelemEntry.set_text("") self.ipsetBaseDialogOkButton.set_sensitive(False) if builtin: self.ipsetBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in ipset, rename not supported.")) else: self.ipsetBaseDialogNameEntry.set_tooltip_markup("") self.ipsetBaseDialogNameEntry.set_sensitive(not builtin and default) self.ipsetBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetBaseDialog.set_transient_for(self.mainWindow) self.ipsetBaseDialog.show_all() self.add_visible_dialog(self.ipsetBaseDialog) result = self.ipsetBaseDialog.run() self.ipsetBaseDialog.hide() self.remove_visible_dialog(self.ipsetBaseDialog) if result != 1: return name = self.ipsetBaseDialogNameEntry.get_text() version = self.ipsetBaseDialogVersionEntry.get_text() short = self.ipsetBaseDialogShortEntry.get_text() buffer = self.ipsetBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) ipset_type = self.ipsetBaseDialogBadTypeLabel.get_text() ipset_type = self.ipsetBaseDialogTypeCombobox.get_active_text() options = { } if self.ipsetBaseDialogFamilyCombobox.is_sensitive(): x = self.ipsetBaseDialogFamilyCombobox.get_active_text() if x != "inet": options["family"] = x if self.ipsetBaseDialogTimeoutEntry.is_sensitive(): x = self.ipsetBaseDialogTimeoutEntry.get_text() if x != "": options["timeout"] = x x = self.ipsetBaseDialogHashsizeEntry.get_text() if x != "": options["hashsize"] = x x = self.ipsetBaseDialogMaxelemEntry.get_text() if x != "": options["maxelem"] = x if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_ipset_type == ipset_type and \ old_options == options: # no changes return if not add: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() else: settings = client.FirewallClientIPSetSettings() if old_version != version or old_short != short or \ old_desc != desc or old_ipset_type != ipset_type or \ old_options != options: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setType(ipset_type) settings.setOptions(options) if not add: ipset.update(settings) if not add: if old_name == name: return ipset.rename(name) else: self.fw.config().addIPSet(name, settings) self.changes_applied() def onIPSetChanged(self, *args): if self.ipsetBaseDialogTypeCombobox.get_active_text() is None: # unsupported ipset type return if self.ipsetBaseDialogTypeCombobox.get_active_text() == "hash:mac": self.ipsetBaseDialogFamilyLabel.set_sensitive(False) self.ipsetBaseDialogFamilyCombobox.set_sensitive(False) else: self.ipsetBaseDialogFamilyLabel.set_sensitive(True) self.ipsetBaseDialogFamilyCombobox.set_sensitive(True) self.ipsetBaseDialogOkButton.set_sensitive(True) def onIPSetConfAddEntry(self, *args): self.add_edit_ipset_entry(True) def onIPSetConfAddEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry not in old_entries: old_entries.append(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if not settings.queryEntry(entry): settings.addEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfEditEntry(self, *args): self.add_edit_ipset_entry(False) def onIPSetConfEntryClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_ipset_entry(False) def onIPSetConfRemoveEntry(self, *args): active_ipset = self.get_active_ipset() selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return entry = self.ipsetConfEntryStore.get_value(iter, 0) if self.runtime_view: if self.fw.queryEntry(active_ipset, entry): self.fw.removeEntry(active_ipset, entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.removeEntry(entry) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetConfRemoveEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry in old_entries: old_entries.remove(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if settings.queryEntry(entry): settings.removeEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfRemoveAllEntries(self, *args): active_ipset = self.get_active_ipset() if self.runtime_view: self.fw.setEntries(active_ipset, [ ]) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.setEntries([ ]) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetEntryChanged(self, *args): settings = self.active_ipset_settings entry = self.ipsetEntryDialogEntryEntry.get_text() try: IPSet.check_entry(entry, settings.getOptions(), settings.getType()) except Exception: self.ipsetEntryDialogOkButton.set_sensitive(False) else: self.ipsetEntryDialogOkButton.set_sensitive(True) def change_ipset_conf_entry_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetConfEditEntryButton.set_sensitive(True) self.ipsetConfRemoveEntryMenuitem.set_sensitive(True) else: self.ipsetConfEditEntryButton.set_sensitive(False) self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) def add_edit_ipset_entry(self, add): active_ipset = self.get_active_ipset() if self.runtime_view: settings = self.fw.getIPSetSettings(active_ipset) else: settings = self.fw.config().getIPSetByName(active_ipset).getSettings() self.active_ipset_settings = settings self.ipsetEntryDialogTypeLabel.set_text(settings.getType()) self.ipsetEntryDialogEntryEntry.set_text("") old_entry = None if not add: selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_entry = self.ipsetConfEntryStore.get_value(iter, 0) if old_entry: self.ipsetEntryDialogEntryEntry.set_text(old_entry) self.ipsetEntryDialogOkButton.set_sensitive(False) self.ipsetEntryDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetEntryDialog.set_transient_for(self.mainWindow) self.ipsetEntryDialog.show_all() self.add_visible_dialog(self.ipsetEntryDialog) result = self.ipsetEntryDialog.run() self.ipsetEntryDialog.hide() self.active_ipset_settings = None self.remove_visible_dialog(self.ipsetEntryDialog) if result != 1: return entry = self.ipsetEntryDialogEntryEntry.get_text() if old_entry == entry: # nothing to change return if self.runtime_view: if not self.fw.queryEntry(active_ipset, entry): self.fw.addEntry(active_ipset, entry) if not add: self.fw.removeEntry(active_ipset, old_entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) if not ipset.queryEntry(entry): if not add: ipset.removeEntry(old_entry) ipset.addEntry(entry) self.changes_applied() def ipset_entry_added_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: # already there return iter = self.ipsetConfEntryStore.iter_next(iter) # nothing found, so add it self.ipsetConfEntryStore.append([entry]) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def ipset_entry_removed_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: self.ipsetConfEntryStore.remove(iter) break iter = self.ipsetConfEntryStore.iter_next(iter) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def conf_ipset_added_cb(self, ipset): if self.runtime_view: return # check if ipset is in store iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: return iter = self.ipsetConfIPSetStore.iter_next(iter) # not in list, append self.ipsetConfIPSetStore.append([ipset]) selection = self.ipsetConfIPSetView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_ipset_updated_cb(self, ipset): if self.runtime_view or ipset != self.get_active_ipset(): return self.onChangeIPSet() def conf_ipset_removed_cb(self, ipset): if self.runtime_view: return iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: self.ipsetConfIPSetStore.remove(iter) break iter = self.ipsetConfIPSetStore.iter_next(iter) def conf_ipset_renamed_cb(self, ipset): if self.runtime_view: return # Get all ipsets, renamed the one that is missing. # If more or less than one is missing, update ipset store. ipsets = self.fw.config().getIPSetNames() use_iter = None iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) not in ipsets: if use_iter is not None: return self.load_ipsets() use_iter = iter iter = self.ipsetConfIPSetStore.iter_next(iter) if use_iter is None: return self.load_ipsets() self.ipsetConfIPSetStore.set_value(use_iter, 0, ipset) def onChangeIPSet(self, *args): active_ipset = self.get_active_ipset() self.ipsetConfEntryStore.clear() self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_ipset: self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) return self.ipsetConfEditIPSetButton.set_sensitive(True) self.ipsetConfEntryBox.set_sensitive(True) entries = [ ] if self.runtime_view: # load runtime configuration self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(active_ipset) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: self.ipsetConfNotebook.set_sensitive(False) return raise else: self.ipsetConfNotebook.set_sensitive(True) self.activate_exception_handler() entries = settings.getEntries() options = settings.getOptions() default = False builtin = False else: try: ipset = self.fw.config().getIPSetByName(active_ipset) except: return # load permanent configuration settings = ipset.getSettings() entries = settings.getEntries() options = settings.getOptions() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] if "timeout" in options: self.ipsetConfEntrySW.hide() self.ipsetConfEntryBox.hide() self.ipsetConfEntryLabel.hide() self.ipsetConfTimeoutLabel.show() else: self.ipsetConfEntrySW.show() self.ipsetConfEntryBox.show() self.ipsetConfEntryLabel.show() self.ipsetConfTimeoutLabel.hide() # set entries for item in entries: self.ipsetConfEntryStore.append([item]) self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.ipsetConfRemoveIPSetButton.set_sensitive(not builtin and default) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(not default) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def get_active_helper(self): selection = self.helperConfHelperView.get_selection() (model, iter) = selection.get_selected() if iter: return self.helperConfHelperStore.get_value(iter, 0) return None def load_helpers(self): if not self.show_helpers: return active_helper = self.get_active_helper() if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() selection = self.helperConfHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.helperConfHelperStore.clear() # helpers for helper in helpers: self.helperConfHelperStore.append([helper]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == \ active_helper: selection.select_iter(iter) return iter = self.helperConfHelperStore.iter_next(iter) selection.select_path(0) if not self.get_active_helper(): self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) def onHelperConfAddHelper(self, *args): self.add_edit_helper(True) def onHelperConfRemoveHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.remove() self.changes_applied() self.load_helpers() self.onChangeHelper() def onHelperConfEditHelper(self, *args): self.add_edit_helper(False) def onHelperConfLoadDefaultsHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.loadDefaults() self.changes_applied() self.onChangeHelper() def onHelperBaseDialogModuleChooserClicked(self, *args): old_module = self.helperBaseDialogModuleChooser.get_text() module = self.module_select_dialog(old_module) if module is not None: self.helperBaseDialogModuleChooser.set_text(module) def onHelperBaseDialogChanged(self, *args): def check_helper_name(helper): return (len(helper) <= HELPER_MAXNAMELEN, helper) OK=True if args and (args[0] == self.helperBaseDialogNameEntry): additional_chars = "".join(Helper.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_helper_name) module = self.helperBaseDialogModuleChooser.get_text() if module is None or not module.startswith("nf_conntrack_") or \ len(module.replace("nf_conntrack_", "")) < 1: OK = False self.helperBaseDialogOkButton.set_sensitive(OK) def add_edit_helper(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_module = None old_family = None self.helperBaseDialogNameEntry.set_text("") self.helperBaseDialogVersionEntry.set_text("") self.helperBaseDialogShortEntry.set_text("") self.helperBaseDialogDescText.get_buffer().set_text("") self.helperBaseDialogModuleChooser.set_text("") self.helperBaseDialogFamilyCombobox.set_active(0) else: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() props = helper.get_properties() default = props["default"] builtin = props["builtin"] old_name = helper.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_module = settings.getModule() old_family = settings.getFamily() self.helperBaseDialogNameEntry.set_text(old_name) self.helperBaseDialogVersionEntry.set_text(old_version) self.helperBaseDialogShortEntry.set_text(old_short) self.helperBaseDialogDescText.get_buffer().set_text(old_desc) self.helperBaseDialogModuleChooser.set_text(old_module) self.helperBaseDialogFamilyCombobox.set_active(0) combobox_select_text(self.helperBaseDialogFamilyCombobox, { "": _("All") , "ipv4": _("IPv4"), "ipv6" : _("IPv6") }[old_family]) self.helperBaseDialogOkButton.set_sensitive(False) if builtin: self.helperBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in helper, rename not supported.")) else: self.helperBaseDialogNameEntry.set_tooltip_markup("") self.helperBaseDialogNameEntry.set_sensitive(not builtin and default) self.helperBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperBaseDialog.set_transient_for(self.mainWindow) self.helperBaseDialog.show_all() self.add_visible_dialog(self.helperBaseDialog) result = self.helperBaseDialog.run() self.helperBaseDialog.hide() self.remove_visible_dialog(self.helperBaseDialog) if result != 1: return name = self.helperBaseDialogNameEntry.get_text() version = self.helperBaseDialogVersionEntry.get_text() short = self.helperBaseDialogShortEntry.get_text() buffer = self.helperBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) module = self.helperBaseDialogModuleChooser.get_text() family = { _("All") : "", _("IPv4") : "ipv4", _("IPv6") : "ipv6" } \ [self.helperBaseDialogFamilyCombobox.get_active_text()] if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_module == module and \ old_family == family: # no changes return if not add: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() else: settings = client.FirewallClientHelperSettings() if old_version != version or old_short != short or \ old_desc != desc or old_family != family: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setModule(module) settings.setFamily(family) if not add: helper.update(settings) if not add: if old_name == name: return helper.rename(name) else: self.fw.config().addHelper(name, settings) self.changes_applied() def onHelperChanged(self, *args): self.helperBaseDialogOkButton.set_sensitive(True) def onHelperConfAddPort(self, *args): self.add_edit_helper_port(True) def onHelperConfEditPort(self, *args): self.add_edit_helper_port(False) def onHelperConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_helper_port(False) def onHelperConfRemovePort(self, *args): active_helper = self.get_active_helper() selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.helperConfPortStore.get_value(iter, 0) proto = self.helperConfPortStore.get_value(iter, 1) if self.runtime_view: if self.fw.queryPort(active_helper, port, proto): self.fw.removePort(active_helper, port, proto) self.changes_applied() else: helper = self.fw.config().getHelperByName(active_helper) helper.removePort(port, proto) self.changes_applied() def change_helper_conf_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperConfEditPortButton.set_sensitive(True) self.helperConfRemovePortButton.set_sensitive(True) else: self.helperConfEditPortButton.set_sensitive(False) self.helperConfRemovePortButton.set_sensitive(False) def add_edit_helper_port(self, add): active_helper = self.get_active_helper() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.helperConfPortStore.get_value(iter, 0) old_proto = self.helperConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return helper = self.fw.config().getHelperByName(active_helper) if not helper.queryPort(port, proto): if not add: helper.removePort(old_port, old_proto) helper.addPort(port, proto) self.changes_applied() def helper_port_added_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: # already there return iter = self.helperConfPortStore.iter_next(iter) # nothing found, so add it self.helperConfPortStore.append([entry]) def helper_port_removed_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: self.helperConfPortStore.remove(iter) break iter = self.helperConfPortStore.iter_next(iter) def conf_helper_added_cb(self, helper): if self.runtime_view: return # check if helper is in store iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: return iter = self.helperConfHelperStore.iter_next(iter) # not in list, append self.helperConfHelperStore.append([helper]) selection = self.helperConfHelperView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_helper_updated_cb(self, helper): if self.runtime_view or helper != self.get_active_helper(): return self.onChangeHelper() def conf_helper_removed_cb(self, helper): if self.runtime_view: return iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: self.helperConfHelperStore.remove(iter) break iter = self.helperConfHelperStore.iter_next(iter) def conf_helper_renamed_cb(self, helper): if self.runtime_view: return # Get all helpers, renamed the one that is missing. # If more or less than one is missing, update helper store. helpers = self.fw.config().getHelperNames() use_iter = None iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) not in helpers: if use_iter is not None: return self.load_helpers() use_iter = iter iter = self.helperConfHelperStore.iter_next(iter) if use_iter is None: return self.load_helpers() self.helperConfHelperStore.set_value(use_iter, 0, helper) def onChangeHelper(self, *args): active_helper = self.get_active_helper() self.helperConfPortStore.clear() self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_helper: self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) return self.helperConfEditHelperButton.set_sensitive(True) self.helperConfHelperNotebook.set_sensitive(True) ports = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getHelperSettings(active_helper) ports = settings.getPorts() default = False builtin = False else: try: helper = self.fw.config().getHelperByName(active_helper) except: return # load permanent configuration settings = helper.getSettings() ports = settings.getPorts() props = helper.get_properties() default = props["default"] builtin = props["builtin"] # set entries for item in ports: self.helperConfPortStore.append(item) self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.helperConfRemoveHelperButton.set_sensitive(not builtin and default) self.helperConfLoadDefaultsHelperButton.set_sensitive(not default) def onModuleChanged(self, *args): if self.moduleDialogOtherModuleCheck.get_active(): self.moduleDialogModuleLabel.set_sensitive(False) self.moduleDialogModuleCombobox.set_sensitive(False) self.moduleDialogOtherModuleEntry.set_sensitive(True) module = self.moduleDialogOtherModuleEntry.get_text() else: self.moduleDialogModuleLabel.set_sensitive(True) self.moduleDialogModuleCombobox.set_sensitive(True) self.moduleDialogOtherModuleEntry.set_sensitive(False) module = self.moduleDialogModuleCombobox.get_active_text() if module is not None and module.startswith("nf_conntrack_") and \ len(module.replace("nf_conntrack_", "")) > 1: self.moduleDialogOkButton.set_sensitive(True) else: self.moduleDialogOkButton.set_sensitive(False) def module_select_dialog(self, old_module): self.moduleDialogModuleCombobox.set_active(0) self.moduleDialogOtherModuleCheck.set_active(False) self.moduleDialogOtherModuleEntry.set_text("") if old_module: if not combobox_select_text(self.moduleDialogModuleCombobox, old_module): self.moduleDialogOtherModuleCheck.set_active(True) self.moduleDialogOtherModuleEntry.set_text(old_module) self.moduleDialogOkButton.set_sensitive(False) self.moduleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.moduleDialog.set_transient_for(self.mainWindow) self.moduleDialog.show_all() self.add_visible_dialog(self.moduleDialog) result = self.moduleDialog.run() self.moduleDialog.hide() self.remove_visible_dialog(self.moduleDialog) if result != 1: return None if self.moduleDialogOtherModuleCheck.get_active(): module = self.moduleDialogOtherModuleEntry.get_text() else: module = self.moduleDialogModuleCombobox.get_active_text() if old_module == module: # nothing to change return None return module def get_active_icmp(self): selection = self.icmpDialogIcmpView.get_selection() (model, iter) = selection.get_selected() if iter: return self.icmpDialogIcmpStore.get_value(iter, 0) return None def load_icmps(self): if not self.show_icmp_types: return active_icmp = self.get_active_icmp() if self.runtime_view: icmps = self.fw.listIcmpTypes() else: icmps = self.fw.config().getIcmpTypeNames() selection = self.icmpDialogIcmpView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.icmpDialogIcmpStore.clear() # icmps for icmp in icmps: self.icmpDialogIcmpStore.append([icmp]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == \ active_icmp: selection.select_iter(iter) return iter = self.icmpDialogIcmpStore.iter_next(iter) selection.select_path(0) if not self.get_active_icmp(): self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) def onChangeIcmp(self, *args): active_icmp = self.get_active_icmp() ### load service settings self.icmpDialogDestIpv4Check.set_active(True) self.icmpDialogDestIpv6Check.set_active(True) if not active_icmp: self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) return self.icmpDialogEditIcmpButton.set_sensitive(True) self.icmpDialogIcmpNotebook.set_sensitive(True) destination = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getIcmpTypeSettings(active_icmp) destination = settings.getDestinations() default = False builtin = False else: try: icmp = self.fw.config().getIcmpTypeByName(active_icmp) except: return # load permanent configuration settings = icmp.getSettings() destination = settings.getDestinations() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] self.icmpDialogRemoveIcmpButton.set_sensitive(not builtin and default) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(not default) ipv4 = "ipv4" in destination ipv6 = "ipv6" in destination # set destination if ipv4 != ipv6: if not ipv4: self.icmpDialogDestIpv4Check.set_active(False) if not ipv6: self.icmpDialogDestIpv6Check.set_active(False) def onIcmpDialogAddIcmp(self, *args): self.add_edit_icmp(True) def onIcmpDialogRemoveIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.remove() self.load_icmps() self.onChangeIcmp() def onIcmpDialogEditIcmp(self, *args): self.add_edit_icmp(False) def onIcmpBaseDialogChanged(self, *args): if args and (args[0] == self.icmpBaseDialogNameEntry): additional_chars = "".join(IcmpType.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.icmpBaseDialogOkButton.set_sensitive(True) def add_edit_icmp(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.icmpBaseDialogNameEntry.set_text("") self.icmpBaseDialogVersionEntry.set_text("") self.icmpBaseDialogShortEntry.set_text("") self.icmpBaseDialogDescText.get_buffer().set_text("") else: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] old_name = icmp.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.icmpBaseDialogNameEntry.set_text(old_name) self.icmpBaseDialogVersionEntry.set_text(old_version) self.icmpBaseDialogShortEntry.set_text(old_short) self.icmpBaseDialogDescText.get_buffer().set_text(old_desc) self.icmpBaseDialogOkButton.set_sensitive(False) if builtin: self.icmpBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in icmp, rename not supported.")) else: self.icmpBaseDialogNameEntry.set_tooltip_markup("") self.icmpBaseDialogNameEntry.set_sensitive(not builtin and default) self.icmpBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmpBaseDialog.set_transient_for(self.mainWindow) self.icmpBaseDialog.show_all() self.add_visible_dialog(self.icmpBaseDialog) result = self.icmpBaseDialog.run() self.icmpBaseDialog.hide() self.remove_visible_dialog(self.icmpBaseDialog) if result != 1: return name = self.icmpBaseDialogNameEntry.get_text() version = self.icmpBaseDialogVersionEntry.get_text() short = self.icmpBaseDialogShortEntry.get_text() buffer = self.icmpBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() else: settings = client.FirewallClientIcmpTypeSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: icmp.update(settings) if not add: if old_name == name: return icmp.rename(name) else: self.fw.config().addIcmpType(name, settings) self.changes_applied() def onIcmpDialogLoadDefaultsIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.loadDefaults() self.changes_applied() self.onChangeIcmp() def icmp_dialog_dest_ipv4_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv4Check.get_active(): if icmp.queryDestination("ipv4"): icmp.removeDestination("ipv4") self.changes_applied() elif not icmp.queryDestination("ipv4"): icmp.addDestination("ipv4") self.changes_applied() def icmp_dialog_dest_ipv6_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv6Check.get_active(): if icmp.queryDestination("ipv6"): icmp.removeDestination("ipv6") self.changes_applied() elif not icmp.queryDestination("ipv6"): icmp.addDestination("ipv6") self.changes_applied() def conf_icmp_added_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return # check if icmp is in store iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: return iter = self.icmpDialogIcmpStore.iter_next(iter) # not in list, append self.icmpDialogIcmpStore.append([icmp]) selection = self.icmpDialogIcmpView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_icmp_updated_cb(self, zone): if self.runtime_view: return if not self.show_icmp_types: return self.onChangeIcmp() def conf_icmp_removed_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: self.icmpDialogIcmpStore.remove(iter) break iter = self.icmpDialogIcmpStore.iter_next(iter) def conf_icmp_renamed_cb(self, icmp): if self.runtime_view: return # Get all icmps, renamed the one that is missing. # If more or less than one is missing, update icmp store. icmps = self.fw.config().getIcmpTypeNames() use_iter = None iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) not in icmps: if use_iter is not None: return self.load_icmps() use_iter = iter iter = self.icmpDialogIcmpStore.iter_next(iter) if use_iter is None: return self.load_icmps() self.icmpDialogIcmpStore.set_value(use_iter, 0, icmp) def lockdown_check_cb(self, *args): if self.fw.queryLockdown(): self.fw.config().set_property("Lockdown", "no") # permanent self.fw.disableLockdown() # runtime else: self.fw.config().set_property("Lockdown", "yes") # permanent self.fw.enableLockdown() # runtime self.changes_applied() def panic_check_cb(self, *args): if self.fw.queryPanicMode(): self.fw.disablePanicMode() else: self.fw.enablePanicMode() self.changes_applied() def load_direct(self): if not self.show_direct: return if self.runtime_view: chains = self.fw.getAllChains() rules = self.fw.getAllRules() passthroughs = self.fw.getAllPassthroughs() else: direct = self.fw.config().direct() settings = direct.getSettings() chains = settings.getAllChains() rules = settings.getAllRules() passthroughs = settings.getAllPassthroughs() self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() for x in chains: self.directChainStore.append(x) for (ipv, table, chain, priority, args) in rules: self.directRuleStore.append((ipv, table, chain, priority, functions.joinArgs(args))) for (ipv, args) in passthroughs: self.directPassthroughStore.append((ipv, functions.joinArgs(args))) def load_lockdown_whitelist(self): if not self.show_lockdown_whitelist: return if self.runtime_view: contexts = self.fw.getLockdownWhitelistContexts() commands = self.fw.getLockdownWhitelistCommands() users = self.fw.getLockdownWhitelistUsers() uids = self.fw.getLockdownWhitelistUids() else: whitelist = self.fw.config().policies().getLockdownWhitelist() contexts = whitelist.getContexts() commands = whitelist.getCommands() users = whitelist.getUsers() uids = whitelist.getUids() self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() for context in contexts: self.lockdownContextStore.append([context]) self.lockdownContextView.get_selection().select_path(0) for command in commands: self.lockdownCommandStore.append([command]) self.lockdownCommandView.get_selection().select_path(0) for user in users: self.lockdownUserStore.append([user]) self.lockdownUserView.get_selection().select_path(0) for uid in uids: self.lockdownUidStore.append([uid]) self.lockdownUidView.get_selection().select_path(0) def lockdown_enabled_cb(self): self.lockdownLabel.set_text(self.enabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(True) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def lockdown_disabled_cb(self): self.lockdownLabel.set_text(self.disabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(False) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def change_lockdown_context_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownContextButton.set_sensitive(True) self.removeLockdownContextButton.set_sensitive(True) else: self.editLockdownContextButton.set_sensitive(False) self.removeLockdownContextButton.set_sensitive(False) def change_lockdown_command_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownCommandButton.set_sensitive(True) self.removeLockdownCommandButton.set_sensitive(True) else: self.editLockdownCommandButton.set_sensitive(False) self.removeLockdownCommandButton.set_sensitive(False) def change_lockdown_user_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUserButton.set_sensitive(True) self.removeLockdownUserButton.set_sensitive(True) else: self.editLockdownUserButton.set_sensitive(False) self.removeLockdownUserButton.set_sensitive(False) def change_lockdown_uid_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUidButton.set_sensitive(True) self.removeLockdownUidButton.set_sensitive(True) else: self.editLockdownUidButton.set_sensitive(False) self.removeLockdownUidButton.set_sensitive(False) def onAddContext(self, button): self.add_edit_context(True) def onEditContext(self, button): self.add_edit_context(False) def onContextClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_context(False) def onRemoveContext(self, button): selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return context = self.lockdownContextStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistContext(context) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_context_added_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: return iter = self.lockdownContextStore.iter_next(iter) self.lockdownContextStore.append([context]) def lockdown_whitelist_context_removed_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: self.lockdownContextStore.remove(iter) break iter = self.lockdownContextStore.iter_next(iter) def add_edit_context(self, add): if add: old_context = "" else: selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_context = self.lockdownContextStore.get_value(iter, 0) self.contextDialogContextEntry.set_text(old_context) self.contextDialogOkButton.set_sensitive(False) self.contextDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.contextDialog.set_transient_for(self.mainWindow) self.contextDialog.show_all() self.add_visible_dialog(self.contextDialog) result = self.contextDialog.run() self.contextDialog.hide() self.remove_visible_dialog(self.contextDialog) if result != 1: return context = self.contextDialogContextEntry.get_text() if old_context == context: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistContext(context): self.fw.addLockdownWhitelistContext(context) if not add: self.fw.removeLockdownWhitelistContext(old_context) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryContext(context): if not add: whitelist.removeContext(old_context) whitelist.addContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onContextChanged(self, *args): text = self.contextDialogContextEntry.get_text() if text != "" and functions.checkContext(text): self.contextDialogOkButton.set_sensitive(True) else: self.contextDialogOkButton.set_sensitive(False) def onAddCommand(self, button): self.add_edit_command(True) def onEditCommand(self, button): self.add_edit_command(False) def onCommandClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_command(False) def onRemoveCommand(self, button): selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return command = self.lockdownCommandStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistCommand(command) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_command_added_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: return iter = self.lockdownCommandStore.iter_next(iter) self.lockdownCommandStore.append([command]) def lockdown_whitelist_command_removed_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: self.lockdownCommandStore.remove(iter) break iter = self.lockdownCommandStore.iter_next(iter) def add_edit_command(self, add): if add: old_command = "" else: selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_command = self.lockdownCommandStore.get_value(iter, 0) self.commandDialogCommandEntry.set_text(old_command) self.commandDialogOkButton.set_sensitive(False) self.commandDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.commandDialog.set_transient_for(self.mainWindow) self.commandDialog.show_all() self.add_visible_dialog(self.commandDialog) result = self.commandDialog.run() self.commandDialog.hide() self.remove_visible_dialog(self.commandDialog) if result != 1: return command = self.commandDialogCommandEntry.get_text() if old_command == command: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistCommand(command): self.fw.addLockdownWhitelistCommand(command) if not add: self.fw.removeLockdownWhitelistCommand(old_command) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryCommand(command): if not add: whitelist.removeCommand(old_command) whitelist.addCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onCommandChanged(self, *args): text = self.commandDialogCommandEntry.get_text() if functions.checkCommand(text): self.commandDialogOkButton.set_sensitive(True) else: self.commandDialogOkButton.set_sensitive(False) def onAddUser(self, button): self.add_edit_user(True) def onEditUser(self, button): self.add_edit_user(False) def onUserClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_user(False) def onRemoveUser(self, button): selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return user = self.lockdownUserStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUser(user) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_user_added_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: return iter = self.lockdownUserStore.iter_next(iter) self.lockdownUserStore.append([user]) def lockdown_whitelist_user_removed_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: self.lockdownUserStore.remove(iter) break iter = self.lockdownUserStore.iter_next(iter) def add_edit_user(self, add): if add: old_user = "" else: selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_user = self.lockdownUserStore.get_value(iter, 0) self.userDialogUserEntry.set_text(old_user) self.userDialogOkButton.set_sensitive(False) self.userDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.userDialog.set_transient_for(self.mainWindow) self.userDialog.show_all() self.add_visible_dialog(self.userDialog) result = self.userDialog.run() self.userDialog.hide() self.remove_visible_dialog(self.userDialog) if result != 1: return user = self.userDialogUserEntry.get_text() if old_user == user: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUser(user): self.fw.addLockdownWhitelistUser(user) if not add: self.fw.removeLockdownWhitelistUser(old_user) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUser(user): if not add: whitelist.removeUser(old_user) whitelist.addUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUserChanged(self, *args): text = self.userDialogUserEntry.get_text() if text != "" and functions.checkUser(text): self.userDialogOkButton.set_sensitive(True) else: self.userDialogOkButton.set_sensitive(False) def onAddUid(self, button): self.add_edit_uid(True) def onEditUid(self, button): self.add_edit_uid(False) def onUidClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_uid(False) def onRemoveUid(self, button): selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return uid = self.lockdownUidStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUid(uid) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_uid_added_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: return iter = self.lockdownUidStore.iter_next(iter) self.lockdownUidStore.append([uid]) def lockdown_whitelist_uid_removed_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: self.lockdownUidStore.remove(iter) break iter = self.lockdownUidStore.iter_next(iter) def add_edit_uid(self, add): if add: old_uid = "" else: selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_uid = self.lockdownUidStore.get_value(iter, 0) self.uidDialogUidEntry.set_text("%s" % old_uid) self.uidDialogOkButton.set_sensitive(False) self.uidDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.uidDialog.set_transient_for(self.mainWindow) self.uidDialog.show_all() self.add_visible_dialog(self.uidDialog) result = self.uidDialog.run() self.uidDialog.hide() self.remove_visible_dialog(self.uidDialog) if result != 1: return uid = int(self.uidDialogUidEntry.get_text()) if old_uid == uid: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUid(uid): self.fw.addLockdownWhitelistUid(uid) if not add: self.fw.removeLockdownWhitelistUid(old_uid) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUid(uid): if not add: whitelist.removeUid(old_uid) whitelist.addUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUidChanged(self, *args): text = self.uidDialogUidEntry.get_text() if text != "" and functions.checkUid(text): self.uidDialogOkButton.set_sensitive(True) else: self.uidDialogOkButton.set_sensitive(False) def lockdown_whitelist_updated_cb(self): self.load_lockdown_whitelist() def change_chain_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectChainButton.set_sensitive(True) self.removeDirectChainButton.set_sensitive(True) else: self.editDirectChainButton.set_sensitive(False) self.removeDirectChainButton.set_sensitive(False) def onAddChain(self, button): self.add_edit_direct_chain(True) def onEditChain(self, button): self.add_edit_direct_chain(False) def onChainClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_chain(False) def onRemoveChain(self, button): selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directChainStore.get_value(iter, 0) table = self.directChainStore.get_value(iter, 1) chain = self.directChainStore.get_value(iter, 2) if self.runtime_view: self.fw.removeChain(ipv, table, chain) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryChain(ipv, table, chain): direct.removeChain(ipv, table, chain) self.changes_applied() def direct_updated_cb(self): if not self.show_direct: return if self.runtime_view: return self.load_direct() def direct_chain_added_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: return iter = self.directChainStore.iter_next(iter) self.directChainStore.append([ipv, table, chain]) def direct_chain_removed_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: self.directChainStore.remove(iter) break iter = self.directChainStore.iter_next(iter) def add_edit_direct_chain(self, add): if add: old_ipv = "" old_table = "" old_chain = "" else: selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directChainStore.get_value(iter, 0) old_table = self.directChainStore.get_value(iter, 1) old_chain = self.directChainStore.get_value(iter, 2) self.directChainDialogIPVCombobox.set_active(0) combobox_select_text(self.directChainDialogIPVCombobox, old_ipv) combobox_select_text(self.directChainDialogTableCombobox, old_table) self.directChainDialogChainEntry.set_text("%s" % old_chain) self.directChainDialogOkButton.set_sensitive(False) self.directChainDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directChainDialog.set_transient_for(self.mainWindow) self.directChainDialog.show_all() self.add_visible_dialog(self.directChainDialog) result = self.directChainDialog.run() self.directChainDialog.hide() self.remove_visible_dialog(self.directChainDialog) if result != 1: return ipv = self.directChainDialogIPVCombobox.get_active_text() table = self.directChainDialogTableCombobox.get_active_text() chain = self.directChainDialogChainEntry.get_text() if self.runtime_view: if not self.fw.queryChain(ipv, table, chain): self.fw.addChain(ipv, table, chain) if not add: self.fw.removeChain(old_ipv, old_table, old_chain) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryChain(ipv, table, chain): if not add: direct.removeChain(old_ipv, old_table, old_chain) direct.addChain(ipv, table, chain) self.changes_applied() def onDirectChainDialogChanged(self, *args): self.directChainDialogOkButton.set_sensitive(True) def onDirectChainDialogIPVChanged(self, *args): old_table = self.directChainDialogTableCombobox.get_active_text() ipv = self.directChainDialogIPVCombobox.get_active_text() self.directChainDialogTableCombobox.remove_all() self.directChainDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directChainDialogTableCombobox.append_text("nat") self.directChainDialogTableCombobox.append_text("mangle") self.directChainDialogTableCombobox.append_text("raw") self.directChainDialogTableCombobox.append_text("security") else: self.directChainDialogTableCombobox.append_text("broute") combobox_select_text(self.directChainDialogTableCombobox, old_table) def change_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectRuleButton.set_sensitive(True) self.removeDirectRuleButton.set_sensitive(True) else: self.editDirectRuleButton.set_sensitive(False) self.removeDirectRuleButton.set_sensitive(False) def onAddRule(self, button): self.add_edit_direct_rule(True) def onEditRule(self, button): self.add_edit_direct_rule(False) def onRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_rule(False) def onRemoveRule(self, button): selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directRuleStore.get_value(iter, 0) table = self.directRuleStore.get_value(iter, 1) chain = self.directRuleStore.get_value(iter, 2) priority = self.directRuleStore.get_value(iter, 3) args = self.directRuleStore.get_value(iter, 4) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryRule(ipv, table, chain, priority, split_args): direct.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() def direct_rule_added_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: return iter = self.directRuleStore.iter_next(iter) self.directRuleStore.append([ipv, table, chain, priority, joined_args]) def direct_rule_removed_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: self.directRuleStore.remove(iter) break iter = self.directRuleStore.iter_next(iter) def add_edit_direct_rule(self, add): if add: old_ipv = "" old_table = "" old_chain = "" old_priority = 0 old_args = "" else: selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directRuleStore.get_value(iter, 0) old_table = self.directRuleStore.get_value(iter, 1) old_chain = self.directRuleStore.get_value(iter, 2) old_priority = self.directRuleStore.get_value(iter, 3) old_args = self.directRuleStore.get_value(iter, 4) self.directRuleDialogIPVCombobox.set_active(0) combobox_select_text(self.directRuleDialogIPVCombobox, old_ipv) combobox_select_text(self.directRuleDialogTableCombobox, old_table) self.directRuleDialogChainEntry.set_text("%s" % old_chain) self.directRuleDialogPrioritySpinbutton.set_value(old_priority) self.directRuleDialogArgsEntry.set_text("%s" % old_args) self.directRuleDialogOkButton.set_sensitive(False) self.directRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directRuleDialog.set_transient_for(self.mainWindow) self.directRuleDialog.show_all() self.add_visible_dialog(self.directRuleDialog) result = self.directRuleDialog.run() self.directRuleDialog.hide() self.remove_visible_dialog(self.directRuleDialog) if result != 1: return ipv = self.directRuleDialogIPVCombobox.get_active_text() table = self.directRuleDialogTableCombobox.get_active_text() chain = self.directRuleDialogChainEntry.get_text() priority = self.directRuleDialogPrioritySpinbutton.get_value_as_int() args = self.directRuleDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryRule(ipv, table, chain, priority, split_args): self.fw.addRule(ipv, table, chain, priority, split_args) if not add: self.fw.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryRule(ipv, table, chain, priority, split_args): if not add: direct.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) direct.addRule(ipv, table, chain, priority, split_args) self.changes_applied() def onDirectRuleDialogChanged(self, *args): self.directRuleDialogOkButton.set_sensitive(True) def onDirectRuleDialogIPVChanged(self, *args): old_table = self.directRuleDialogTableCombobox.get_active_text() ipv = self.directRuleDialogIPVCombobox.get_active_text() self.directRuleDialogTableCombobox.remove_all() self.directRuleDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directRuleDialogTableCombobox.append_text("nat") self.directRuleDialogTableCombobox.append_text("mangle") self.directRuleDialogTableCombobox.append_text("raw") self.directRuleDialogTableCombobox.append_text("security") else: self.directRuleDialogTableCombobox.append_text("broute") combobox_select_text(self.directRuleDialogTableCombobox, old_table) def change_passthrough_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectPassthroughButton.set_sensitive(True) self.removeDirectPassthroughButton.set_sensitive(True) else: self.editDirectPassthroughButton.set_sensitive(False) self.removeDirectPassthroughButton.set_sensitive(False) def onAddPassthrough(self, button): self.add_edit_direct_passthrough(True) def onEditPassthrough(self, button): self.add_edit_direct_passthrough(False) def onPassthroughClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_passthrough(False) def onRemovePassthrough(self, button): selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directPassthroughStore.get_value(iter, 0) args = self.directPassthroughStore.get_value(iter, 1) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removePassthrough(ipv, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryPassthrough(ipv, split_args): direct.removePassthrough(ipv, split_args) self.changes_applied() def direct_passthrough_added_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: return iter = self.directPassthroughStore.iter_next(iter) self.directPassthroughStore.append([ipv, joined_args]) def direct_passthrough_removed_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: self.directPassthroughStore.remove(iter) break iter = self.directPassthroughStore.iter_next(iter) def add_edit_direct_passthrough(self, add): if add: old_ipv = "" old_args = "" else: selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directPassthroughStore.get_value(iter, 0) old_args = self.directPassthroughStore.get_value(iter, 1) self.directPassthroughDialogIPVCombobox.set_active(0) combobox_select_text(self.directPassthroughDialogIPVCombobox, old_ipv) self.directPassthroughDialogArgsEntry.set_text("%s" % old_args) self.directPassthroughDialogOkButton.set_sensitive(False) self.directPassthroughDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directPassthroughDialog.set_transient_for(self.mainWindow) self.directPassthroughDialog.show_all() self.add_visible_dialog(self.directPassthroughDialog) result = self.directPassthroughDialog.run() self.directPassthroughDialog.hide() self.remove_visible_dialog(self.directPassthroughDialog) if result != 1: return ipv = self.directPassthroughDialogIPVCombobox.get_active_text() args = self.directPassthroughDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryPassthrough(ipv, split_args): self.fw.addPassthrough(ipv, split_args) if not add: self.fw.removePassthrough(old_ipv, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryPassthrough(ipv, split_args): if not add: direct.removePassthrough(old_ipv, split_old_args) direct.addPassthrough(ipv, split_args) self.changes_applied() def onDirectPassthroughDialogChanged(self, *args): self.directPassthroughDialogOkButton.set_sensitive(True) def get_ipset_entries_from_file(self, filename): entries = [ ] try: f = open(filename) except Exception as ex: self._error(_("Failed to read file '%s': %s") % (filename, ex)) else: for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue if line not in entries: entries.append(line) f.close() return entries def combobox_select_text(combobox, value, insensitive=False): model = combobox.get_model() iter = model.get_iter_first() while iter: if (not insensitive and model.get_value(iter, 0) == value) or \ (insensitive and \ model.get_value(iter, 0).lower() == value.lower()): combobox.set_active_iter(iter) return True iter = model.iter_next(iter) combobox.set_active(0) return False class ZoneInterfaceEditor(Gtk.Dialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def create_ui(self, zone): self.set_property("width-request", 100) self.resize_to_geometry(100, 50) self.set_resizable(True) self.add_button("gtk-close", 1) self.ok_button = self.add_button("gtk-ok", 2) self.ok_button.set_sensitive(False) vbox = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=6) vbox.set_border_width(12) vbox.set_homogeneous(False) label = Gtk.Label() label.set_text(self.title) label.set_line_wrap(True) label.set_justify(Gtk.Justification.LEFT) label.set_alignment(0, 0.5) vbox.pack_start(label, True, True, 0) self.combo = Gtk.ComboBoxText() self.fill_zone_combo() vbox.pack_start(self.combo, True, True, 0) box = self.get_content_area() box.set_border_width(6) box.set_homogeneous(False) box.pack_start(vbox, False, True, 0) self.combo.connect("changed", self.combo_changed) self.set_zone(zone) def combo_changed(self, combo): self.ok_button.set_sensitive(self.get_zone() != self.zone) def set_zone(self, zone): old_zone = self.zone self.zone = zone if self.get_zone() == old_zone: if zone == "": combobox_select_text(self.combo, _("Default Zone")) else: combobox_select_text(self.combo, self.zone) else: self.combo_changed(None) def get_zone(self): text = self.combo.get_active_text() if text == _("Default Zone"): text = "" return text def fill_zone_combo(self): self.combo.remove_all() for zone in self.fw.getZones(): self.combo.append_text(zone) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfInterface(self.get_zone(), self.interface) class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def fill_zone_combo(self): self.combo.remove_all() self.combo.append_text(_("Default Zone")) for zone in self.fw.getZones(): self.combo.append_text(zone) def run(self): if Gtk.Dialog.run(self) != 2: return nm_set_zone_of_connection(self.get_zone(), self.connection) class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source %s") % self.source Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfSource(self.get_zone(), self.source) # MAIN if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) app = FirewallConfig() sys.exit(0) firewalld-0.8.2/src/tests/0000775007115300711530000000000013641123257016611 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/features/0000775007115300711530000000000013641123257020427 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/features/rfc3964_ipv4.at0000664007115300711530000001105213630022170023004 0ustar00egarveregarver00000000000000FWD_START_TEST([RFC3964_IPv4]) AT_KEYWORDS(rfc3964_ipv4) AT_CHECK([sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf]) AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl table inet firewalld { chain filter_OUTPUT { oifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable } } ]) IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 0, [dnl LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:e000::/19 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:a9fe::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:c0a8::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:ac10::/28 reject-with icmp6-addr-unreachable LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:7f00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:a00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002::/24 reject-with icmp6-addr-unreachable LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 ::ffff:0.0.0.0/96 reject-with icmp6-addr-unreachable LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 ::/96 reject-with icmp6-addr-unreachable ]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 ]) AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl table inet firewalld { chain filter_OUTPUT { oifname "lo" accept } } ]) IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 1, [ignore], [ignore]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 ]) FWD_END_TEST firewalld-0.8.2/src/tests/features/service_include.at0000664007115300711530000001177613641105304024125 0ustar00egarveregarver00000000000000FWD_START_TEST([service include]) AT_KEYWORDS(service xml gh273 rhbz1720300) AT_CHECK([mkdir -p ./services]) AT_CHECK([cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ]) AT_CHECK([cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ]) FWD_RELOAD FWD_CHECK([-q --zone=drop --add-interface=foobar0]) FWD_CHECK([-q --zone=drop --add-service=my-service-with-include]) FWD_CHECK([--zone=drop --list-services], 0, [dnl my-service-with-include ]) dnl check recursive includes FWD_CHECK([-q --zone=drop --add-service=recursive-service]) FWD_CHECK([-q --zone=drop --remove-service=recursive-service]) NFT_LIST_RULES([inet], [filter_IN_drop_allow], 0, [dnl table inet firewalld { chain filter_IN_drop_allow { ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept ip6 daddr ff02::c udp dport 1900 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept tcp dport 12345 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_drop_allow], 0, [dnl ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_drop_allow], 0, [dnl ACCEPT udp ::/0 ff02::c udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:12345 ctstate NEW,UNTRACKED ]) dnl firewall-cmd FWD_CHECK([--permanent --service=my-service-with-include --query-include=recursive-service], 0, [ignore], [ignore]) FWD_CHECK([-q --permanent --service=my-service-with-include --add-include=ssh]) FWD_CHECK([--permanent --service=my-service-with-include --query-include=ssh], 0, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 0, [ignore], [ignore]) FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=ssh]) FWD_CHECK([--permanent --service=my-service-with-include --query-include=ssh], 1, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 1, [ignore], [ignore]) FWD_CHECK([--permanent --service=my-service-with-include --get-includes], 0, [dnl mdns recursive-service ssdp ]) FWD_CHECK([--permanent --info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: ])]) FWD_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: ])]) dnl firewall-offline-cmd FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=recursive-service], 0, [ignore], [ignore]) FWD_OFFLINE_CHECK([-q --service=my-service-with-include --add-include=ssh]) FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=ssh], 0, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 0, [ignore], [ignore]) FWD_OFFLINE_CHECK([-q --service=my-service-with-include --remove-include=ssh]) FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=ssh], 1, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 1, [ignore], [ignore]) FWD_OFFLINE_CHECK([--service=my-service-with-include --get-includes], 0, [dnl mdns recursive-service ssdp ]) FWD_OFFLINE_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: ])]) dnl negative test for including service that doesn't exist FWD_CHECK([-q --permanent --zone=drop --add-interface=foobar0]) FWD_CHECK([-q --permanent --zone=drop --add-service=my-service-with-include]) FWD_CHECK([-q --permanent --service=my-service-with-include --add-include=does-not-exist]) FWD_RELOAD(101, [ignore], [ignore], 251) FWD_CHECK([--zone=drop --list-services], 0, [dnl ]) FWD_CHECK([--zone=public --list-services], 0, [dnl dhcpv6-client ssh ]) FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist]) FWD_RELOAD FWD_END_TEST([-e '/ERROR: INVALID_SERVICE: does-not-exist/d']) firewalld-0.8.2/src/tests/features/features.at0000664007115300711530000000024313626005156022572 0ustar00egarveregarver00000000000000AT_BANNER([features (FIREWALL_BACKEND)]) m4_include([features/rfc3964_ipv4.at]) m4_include([features/service_include.at]) m4_include([features/helpers_custom.at]) firewalld-0.8.2/src/tests/features/helpers_custom.at0000664007115300711530000001271413630022170024004 0ustar00egarveregarver00000000000000FWD_START_TEST([customer helpers]) AT_KEYWORDS(helpers rhbz1733066 gh514 rhbz1769520) FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"]) FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"]) FWD_CHECK([-q --permanent --new-service="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"]) FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: ])]) FWD_RELOAD FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: ])]) FWD_CHECK([-q --add-service=ftptest]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set "helper-ftptest-tcp" tcp dport 2121 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) dnl Same thing as above, but with the new "helper" in service. FWD_CHECK([-q --permanent --service=ftptest --remove-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"], 1) FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftptest"]) FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest ])]) FWD_RELOAD FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest ])]) FWD_CHECK([-q --add-service=ftptest]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set "helper-ftptest-tcp" tcp dport 2121 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) dnl again, but with both "module" and "helper" FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --remove-helper="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftp"]) FWD_CHECK([-q --permanent --service=ftptest --add-port="21/tcp"]) FWD_RELOAD FWD_CHECK([-q --add-service=ftptest]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 2121 ct helper set "helper-ftptest-tcp" tcp dport 2121 ct state new,untracked accept tcp dport 21 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED ]) FWD_END_TEST firewalld-0.8.2/src/tests/integration/0000775007115300711530000000000013641123257021134 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/integration/rhbz1773809.at0000664007115300711530000000156513626005156023221 0ustar00egarveregarver00000000000000FWD_START_TEST([NM overrides interface on reload]) AT_KEYWORDS(zone reload rhbz1773809) START_NETWORKMANAGER NMCLI_CHECK([connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1], 0, [ignore]) echo NS_CMD([nmcli connection delete dummy0]) >> ./cleanup NMCLI_CHECK([connection show dummy0], 0, [ignore]) NMCLI_CHECK([connection up dummy0], 0, [ignore]) dnl Use firewall-offline-cmd otherwise the request will be forwarded to dnl NetworkManager. FWD_OFFLINE_CHECK([-q --zone internal --add-interface dummy0]) FWD_RELOAD dnl firewall-cmd should forward the request to NetworkManager. FWD_CHECK([-q --permanent --zone trusted --change-interface dummy0]) NMCLI_CHECK([-f connection.zone connection show dummy0], 0, [dnl connection.zone: trusted ]) FWD_RELOAD FWD_CHECK([--get-zone-of-interface dummy0], 0, [dnl trusted ]) FWD_END_TEST firewalld-0.8.2/src/tests/integration/testsuite.at0000664007115300711530000000042713626005156023516 0ustar00egarveregarver00000000000000AT_INIT AT_COLOR_TESTS dnl Override m4_include to avoid warning about inclusion dnl m4_define([m4_include], [m4_builtin([include], [$1])]) m4_include([functions.at]) m4_foreach([FIREWALL_BACKEND], [[nftables], [iptables]], [ m4_include([integration/networkmanager.at]) ]) firewalld-0.8.2/src/tests/integration/testsuite0000775007115300711530000032065413641123231023115 0ustar00egarveregarver00000000000000#! /bin/sh # Generated from integration/testsuite.at by GNU Autoconf 2.69. # # Copyright (C) 2009-2012 Free Software Foundation, Inc. # # This test suite is free software; the Free Software Foundation gives # unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} # How were we run? at_cli_args="$@" # Not all shells have the 'times' builtin; the subshell is needed to make # sure we discard the 'times: not found' message from the shell. at_times_p=false (times) >/dev/null 2>&1 && at_times_p=: # CLI Arguments to pass to the debugging scripts. at_debug_args= # -e sets to true at_errexit_p=false # Shall we be verbose? ':' means no, empty means yes. at_verbose=: at_quiet= # Running several jobs in parallel, 0 means as many as test groups. at_jobs=1 at_traceon=: at_trace_echo=: at_check_filter_trace=: # Shall we keep the debug scripts? Must be `:' when the suite is # run by a debug script, so that the script doesn't remove itself. at_debug_p=false # Display help message? at_help_p=false # Display the version message? at_version_p=false # List test groups? at_list_p=false # --clean at_clean=false # Test groups to run at_groups= # Whether to rerun failed tests. at_recheck= # Whether a write failure occurred at_write_fail=0 # The directory we run the suite in. Default to . if no -C option. at_dir=`pwd` # An absolute reference to this testsuite script. case $as_myself in [\\/]* | ?:[\\/]* ) at_myself=$as_myself ;; * ) at_myself=$at_dir/$as_myself ;; esac # Whether -C is in effect. at_change_dir=false # Whether to enable colored test results. at_color=auto # List of the tested programs. at_tested='' # As many question marks as there are digits in the last test group number. # Used to normalize the test group numbers so that `ls' lists them in # numerical order. at_format='?' # Description of all the test groups. at_help_all="1;rhbz1773809.at:1;NM overrides interface on reload;nftables zone reload rhbz1773809; 2;rhbz1773809.at:1;NM overrides interface on reload;iptables zone reload rhbz1773809; " # List of the all the test groups. at_groups_all=`$as_echo "$at_help_all" | sed 's/;.*//'` # at_fn_validate_ranges NAME... # ----------------------------- # Validate and normalize the test group number contained in each variable # NAME. Leading zeroes are treated as decimal. at_fn_validate_ranges () { for at_grp do eval at_value=\$$at_grp if test $at_value -lt 1 || test $at_value -gt 2; then $as_echo "invalid test group: $at_value" >&2 exit 1 fi case $at_value in 0*) # We want to treat leading 0 as decimal, like expr and test, but # AS_VAR_ARITH treats it as octal if it uses $(( )). # With XSI shells, ${at_value#${at_value%%[1-9]*}} avoids the # expr fork, but it is not worth the effort to determine if the # shell supports XSI when the user can just avoid leading 0. eval $at_grp='`expr $at_value + 0`' ;; esac done } at_prev= for at_option do # If the previous option needs an argument, assign it. if test -n "$at_prev"; then at_option=$at_prev=$at_option at_prev= fi case $at_option in *=?*) at_optarg=`expr "X$at_option" : '[^=]*=\(.*\)'` ;; *) at_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $at_option in --help | -h ) at_help_p=: ;; --list | -l ) at_list_p=: ;; --version | -V ) at_version_p=: ;; --clean | -c ) at_clean=: ;; --color ) at_color=always ;; --color=* ) case $at_optarg in no | never | none) at_color=never ;; auto | tty | if-tty) at_color=auto ;; always | yes | force) at_color=always ;; *) at_optname=`echo " $at_option" | sed 's/^ //; s/=.*//'` as_fn_error $? "unrecognized argument to $at_optname: $at_optarg" ;; esac ;; --debug | -d ) at_debug_p=: ;; --errexit | -e ) at_debug_p=: at_errexit_p=: ;; --verbose | -v ) at_verbose=; at_quiet=: ;; --trace | -x ) at_traceon='set -x' at_trace_echo=echo at_check_filter_trace=at_fn_filter_trace ;; [0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9]) at_fn_validate_ranges at_option as_fn_append at_groups "$at_option$as_nl" ;; # Ranges [0-9]- | [0-9][0-9]- | [0-9][0-9][0-9]- | [0-9][0-9][0-9][0-9]-) at_range_start=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_start at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,$p'` as_fn_append at_groups "$at_range$as_nl" ;; -[0-9] | -[0-9][0-9] | -[0-9][0-9][0-9] | -[0-9][0-9][0-9][0-9]) at_range_end=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '1,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; [0-9]-[0-9] | [0-9]-[0-9][0-9] | [0-9]-[0-9][0-9][0-9] | \ [0-9]-[0-9][0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9] | \ [0-9][0-9]-[0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] ) at_range_start=`expr $at_option : '\(.*\)-'` at_range_end=`expr $at_option : '.*-\(.*\)'` if test $at_range_start -gt $at_range_end; then at_tmp=$at_range_end at_range_end=$at_range_start at_range_start=$at_tmp fi at_fn_validate_ranges at_range_start at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; # Directory selection. --directory | -C ) at_prev=--directory ;; --directory=* ) at_change_dir=: at_dir=$at_optarg if test x- = "x$at_dir" ; then at_dir=./- fi ;; # Parallel execution. --jobs | -j ) at_jobs=0 ;; --jobs=* | -j[0-9]* ) if test -n "$at_optarg"; then at_jobs=$at_optarg else at_jobs=`expr X$at_option : 'X-j\(.*\)'` fi case $at_jobs in *[!0-9]*) at_optname=`echo " $at_option" | sed 's/^ //; s/[0-9=].*//'` as_fn_error $? "non-numeric argument to $at_optname: $at_jobs" ;; esac ;; # Keywords. --keywords | -k ) at_prev=--keywords ;; --keywords=* ) at_groups_selected=$at_help_all at_save_IFS=$IFS IFS=, set X $at_optarg shift IFS=$at_save_IFS for at_keyword do at_invert= case $at_keyword in '!'*) at_invert="-v" at_keyword=`expr "X$at_keyword" : 'X!\(.*\)'` ;; esac # It is on purpose that we match the test group titles too. at_groups_selected=`$as_echo "$at_groups_selected" | grep -i $at_invert "^[1-9][^;]*;.*[; ]$at_keyword[ ;]"` done # Smash the keywords. at_groups_selected=`$as_echo "$at_groups_selected" | sed 's/;.*//'` as_fn_append at_groups "$at_groups_selected$as_nl" ;; --recheck) at_recheck=: ;; *=*) at_envvar=`expr "x$at_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $at_envvar in '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$at_envvar'" ;; esac at_value=`$as_echo "$at_optarg" | sed "s/'/'\\\\\\\\''/g"` # Export now, but save eval for later and for debug scripts. export $at_envvar as_fn_append at_debug_args " $at_envvar='$at_value'" ;; *) $as_echo "$as_me: invalid option: $at_option" >&2 $as_echo "Try \`$0 --help' for more information." >&2 exit 1 ;; esac done # Verify our last option didn't require an argument if test -n "$at_prev"; then : as_fn_error $? "\`$at_prev' requires an argument" fi # The file containing the suite. at_suite_log=$at_dir/$as_me.log # Selected test groups. if test -z "$at_groups$at_recheck"; then at_groups=$at_groups_all else if test -n "$at_recheck" && test -r "$at_suite_log"; then at_oldfails=`sed -n ' /^Failed tests:$/,/^Skipped tests:$/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^Unexpected passes:$/,/^## Detailed failed tests/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^## Detailed failed tests/q ' "$at_suite_log"` as_fn_append at_groups "$at_oldfails$as_nl" fi # Sort the tests, removing duplicates. at_groups=`$as_echo "$at_groups" | sort -nu | sed '/^$/d'` fi if test x"$at_color" = xalways \ || { test x"$at_color" = xauto && test -t 1; }; then at_red=`printf '\033[0;31m'` at_grn=`printf '\033[0;32m'` at_lgn=`printf '\033[1;32m'` at_blu=`printf '\033[1;34m'` at_std=`printf '\033[m'` else at_red= at_grn= at_lgn= at_blu= at_std= fi # Help message. if $at_help_p; then cat <<_ATEOF || at_write_fail=1 Usage: $0 [OPTION]... [VARIABLE=VALUE]... [TESTS] Run all the tests, or the selected TESTS, given by numeric ranges, and save a detailed log file. Upon failure, create debugging scripts. Do not change environment variables directly. Instead, set them via command line arguments. Set \`AUTOTEST_PATH' to select the executables to exercise. Each relative directory is expanded as build and source directories relative to the top level of this distribution. E.g., from within the build directory /tmp/foo-1.0, invoking this: $ $0 AUTOTEST_PATH=bin is equivalent to the following, assuming the source directory is /src/foo-1.0: PATH=/tmp/foo-1.0/bin:/src/foo-1.0/bin:\$PATH $0 _ATEOF cat <<_ATEOF || at_write_fail=1 Operation modes: -h, --help print the help message, then exit -V, --version print version number, then exit -c, --clean remove all the files this test suite might create and exit -l, --list describes all the tests, or the selected TESTS _ATEOF cat <<_ATEOF || at_write_fail=1 Execution tuning: -C, --directory=DIR change to directory DIR before starting --color[=never|auto|always] disable colored test results, or enable even without terminal -j, --jobs[=N] Allow N jobs at once; infinite jobs with no arg (default 1) -k, --keywords=KEYWORDS select the tests matching all the comma-separated KEYWORDS multiple \`-k' accumulate; prefixed \`!' negates a KEYWORD --recheck select all tests that failed or passed unexpectedly last time -e, --errexit abort as soon as a test fails; implies --debug -v, --verbose force more detailed output default for debugging scripts -d, --debug inhibit clean up and top-level logging default for debugging scripts -x, --trace enable tests shell tracing _ATEOF cat <<_ATEOF || at_write_fail=1 Report bugs to . firewalld home page: . _ATEOF exit $at_write_fail fi # List of tests. if $at_list_p; then cat <<_ATEOF || at_write_fail=1 firewalld 0.8.2 test suite test groups: NUM: FILE-NAME:LINE TEST-GROUP-NAME KEYWORDS _ATEOF # Pass an empty line as separator between selected groups and help. $as_echo "$at_groups$as_nl$as_nl$at_help_all" | awk 'NF == 1 && FS != ";" { selected[$ 1] = 1 next } /^$/ { FS = ";" } NF > 0 { if (selected[$ 1]) { printf " %3d: %-18s %s\n", $ 1, $ 2, $ 3 if ($ 4) { lmax = 79 indent = " " line = indent len = length (line) n = split ($ 4, a, " ") for (i = 1; i <= n; i++) { l = length (a[i]) + 1 if (i > 1 && len + l > lmax) { print line line = indent " " a[i] len = length (line) } else { line = line " " a[i] len += l } } if (n) print line } } }' || at_write_fail=1 exit $at_write_fail fi if $at_version_p; then $as_echo "$as_me (firewalld 0.8.2)" && cat <<\_ATEOF || at_write_fail=1 Copyright (C) 2012 Free Software Foundation, Inc. This test suite is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ATEOF exit $at_write_fail fi # Should we print banners? Yes if more than one test is run. case $at_groups in #( *$as_nl* ) at_print_banners=: ;; #( * ) at_print_banners=false ;; esac # Text for banner N, set to a single space once printed. # Banner 1. networkmanager.at:1 # Category starts at test group 1. at_banner_text_1="NetworkManager (nftables)" # Banner 2. networkmanager.at:1 # Category starts at test group 2. at_banner_text_2="NetworkManager (iptables)" # Take any -C into account. if $at_change_dir ; then test x != "x$at_dir" && cd "$at_dir" \ || as_fn_error $? "unable to change directory" at_dir=`pwd` fi # Load the config files for any default variable assignments. for at_file in atconfig atlocal do test -r $at_file || continue . ./$at_file || as_fn_error $? "invalid content: $at_file" done # Autoconf <=2.59b set at_top_builddir instead of at_top_build_prefix: : "${at_top_build_prefix=$at_top_builddir}" # Perform any assignments requested during argument parsing. eval "$at_debug_args" # atconfig delivers names relative to the directory the test suite is # in, but the groups themselves are run in testsuite-dir/group-dir. if test -n "$at_top_srcdir"; then builddir=../.. for at_dir_var in srcdir top_srcdir top_build_prefix do eval at_val=\$at_$at_dir_var case $at_val in [\\/$]* | ?:[\\/]* ) at_prefix= ;; *) at_prefix=../../ ;; esac eval "$at_dir_var=\$at_prefix\$at_val" done fi ## -------------------- ## ## Directory structure. ## ## -------------------- ## # This is the set of directories and files used by this script # (non-literals are capitalized): # # TESTSUITE - the testsuite # TESTSUITE.log - summarizes the complete testsuite run # TESTSUITE.dir/ - created during a run, remains after -d or failed test # + at-groups/ - during a run: status of all groups in run # | + NNN/ - during a run: meta-data about test group NNN # | | + check-line - location (source file and line) of current AT_CHECK # | | + status - exit status of current AT_CHECK # | | + stdout - stdout of current AT_CHECK # | | + stder1 - stderr, including trace # | | + stderr - stderr, with trace filtered out # | | + test-source - portion of testsuite that defines group # | | + times - timestamps for computing duration # | | + pass - created if group passed # | | + xpass - created if group xpassed # | | + fail - created if group failed # | | + xfail - created if group xfailed # | | + skip - created if group skipped # + at-stop - during a run: end the run if this file exists # + at-source-lines - during a run: cache of TESTSUITE line numbers for extraction # + 0..NNN/ - created for each group NNN, remains after -d or failed test # | + TESTSUITE.log - summarizes the group results # | + ... - files created during the group # The directory the whole suite works in. # Should be absolute to let the user `cd' at will. at_suite_dir=$at_dir/$as_me.dir # The file containing the suite ($at_dir might have changed since earlier). at_suite_log=$at_dir/$as_me.log # The directory containing helper files per test group. at_helper_dir=$at_suite_dir/at-groups # Stop file: if it exists, do not start new jobs. at_stop_file=$at_suite_dir/at-stop # The fifo used for the job dispatcher. at_job_fifo=$at_suite_dir/at-job-fifo if $at_clean; then test -d "$at_suite_dir" && find "$at_suite_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -f -r "$at_suite_dir" "$at_suite_log" exit $? fi # Don't take risks: use only absolute directories in PATH. # # For stand-alone test suites (ie. atconfig was not found), # AUTOTEST_PATH is relative to `.'. # # For embedded test suites, AUTOTEST_PATH is relative to the top level # of the package. Then expand it into build/src parts, since users # may create executables in both places. AUTOTEST_PATH=`$as_echo "$AUTOTEST_PATH" | sed "s|:|$PATH_SEPARATOR|g"` at_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $AUTOTEST_PATH $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -n "$at_path" && as_fn_append at_path $PATH_SEPARATOR case $as_dir in [\\/]* | ?:[\\/]* ) as_fn_append at_path "$as_dir" ;; * ) if test -z "$at_top_build_prefix"; then # Stand-alone test suite. as_fn_append at_path "$as_dir" else # Embedded test suite. as_fn_append at_path "$at_top_build_prefix$as_dir$PATH_SEPARATOR" as_fn_append at_path "$at_top_srcdir/$as_dir" fi ;; esac done IFS=$as_save_IFS # Now build and simplify PATH. # # There might be directories that don't exist, but don't redirect # builtins' (eg., cd) stderr directly: Ultrix's sh hates that. at_new_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $at_path do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -d "$as_dir" || continue case $as_dir in [\\/]* | ?:[\\/]* ) ;; * ) as_dir=`(cd "$as_dir" && pwd) 2>/dev/null` ;; esac case $PATH_SEPARATOR$at_new_path$PATH_SEPARATOR in *$PATH_SEPARATOR$as_dir$PATH_SEPARATOR*) ;; $PATH_SEPARATOR$PATH_SEPARATOR) at_new_path=$as_dir ;; *) as_fn_append at_new_path "$PATH_SEPARATOR$as_dir" ;; esac done IFS=$as_save_IFS PATH=$at_new_path export PATH # Setting up the FDs. # 5 is the log file. Not to be overwritten if `-d'. if $at_debug_p; then at_suite_log=/dev/null else : >"$at_suite_log" fi exec 5>>"$at_suite_log" # Banners and logs. $as_echo "## --------------------------- ## ## firewalld 0.8.2 test suite. ## ## --------------------------- ##" { $as_echo "## --------------------------- ## ## firewalld 0.8.2 test suite. ## ## --------------------------- ##" echo $as_echo "$as_me: command line was:" $as_echo " \$ $0 $at_cli_args" echo # If ChangeLog exists, list a few lines in case it might help determining # the exact version. if test -n "$at_top_srcdir" && test -f "$at_top_srcdir/ChangeLog"; then $as_echo "## ---------- ## ## ChangeLog. ## ## ---------- ##" echo sed 's/^/| /;10q' "$at_top_srcdir/ChangeLog" echo fi { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } echo # Contents of the config files. for at_file in atconfig atlocal do test -r $at_file || continue $as_echo "$as_me: $at_file:" sed 's/^/| /' $at_file echo done } >&5 ## ------------------------- ## ## Autotest shell functions. ## ## ------------------------- ## # at_fn_banner NUMBER # ------------------- # Output banner NUMBER, provided the testsuite is running multiple groups and # this particular banner has not yet been printed. at_fn_banner () { $at_print_banners || return 0 eval at_banner_text=\$at_banner_text_$1 test "x$at_banner_text" = "x " && return 0 eval "at_banner_text_$1=\" \"" if test -z "$at_banner_text"; then $at_first || echo else $as_echo "$as_nl$at_banner_text$as_nl" fi } # at_fn_banner # at_fn_check_prepare_notrace REASON LINE # --------------------------------------- # Perform AT_CHECK preparations for the command at LINE for an untraceable # command; REASON is the reason for disabling tracing. at_fn_check_prepare_notrace () { $at_trace_echo "Not enabling shell tracing (command contains $1)" $as_echo "$2" >"$at_check_line_file" at_check_trace=: at_check_filter=: : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_trace LINE # ------------------------------ # Perform AT_CHECK preparations for the command at LINE for a traceable # command. at_fn_check_prepare_trace () { $as_echo "$1" >"$at_check_line_file" at_check_trace=$at_traceon at_check_filter=$at_check_filter_trace : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_dynamic COMMAND LINE # ---------------------------------------- # Decide if COMMAND at LINE is traceable at runtime, and call the appropriate # preparation function. at_fn_check_prepare_dynamic () { case $1 in *$as_nl*) at_fn_check_prepare_notrace 'an embedded newline' "$2" ;; *) at_fn_check_prepare_trace "$2" ;; esac } # at_fn_filter_trace # ------------------ # Remove the lines in the file "$at_stderr" generated by "set -x" and print # them to stderr. at_fn_filter_trace () { mv "$at_stderr" "$at_stder1" grep '^ *+' "$at_stder1" >&2 grep -v '^ *+' "$at_stder1" >"$at_stderr" } # at_fn_log_failure FILE-LIST # --------------------------- # Copy the files in the list on stdout with a "> " prefix, and exit the shell # with a failure exit code. at_fn_log_failure () { for file do $as_echo "$file:"; sed 's/^/> /' "$file"; done echo 1 > "$at_status_file" exit 1 } # at_fn_check_skip EXIT-CODE LINE # ------------------------------- # Check whether EXIT-CODE is a special exit code (77 or 99), and if so exit # the test group subshell with that same exit code. Use LINE in any report # about test failure. at_fn_check_skip () { case $1 in 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$2: hard failure"; exit 99;; 77) echo 77 > "$at_status_file"; exit 77;; esac } # at_fn_check_status EXPECTED EXIT-CODE LINE # ------------------------------------------ # Check whether EXIT-CODE is the EXPECTED exit code, and if so do nothing. # Otherwise, if it is 77 or 99, exit the test group subshell with that same # exit code; if it is anything else print an error message referring to LINE, # and fail the test. at_fn_check_status () { case $2 in $1 ) ;; 77) echo 77 > "$at_status_file"; exit 77;; 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$3: hard failure"; exit 99;; *) $as_echo "$3: exit code was $2, expected $1" at_failed=:;; esac } # at_fn_diff_devnull FILE # ----------------------- # Emit a diff between /dev/null and FILE. Uses "test -s" to avoid useless diff # invocations. at_fn_diff_devnull () { test -s "$1" || return 0 $at_diff "$at_devnull" "$1" } # at_fn_test NUMBER # ----------------- # Parse out test NUMBER from the tail of this file. at_fn_test () { eval at_sed=\$at_sed$1 sed "$at_sed" "$at_myself" > "$at_test_source" } # at_fn_create_debugging_script # ----------------------------- # Create the debugging script $at_group_dir/run which will reproduce the # current test group. at_fn_create_debugging_script () { { echo "#! /bin/sh" && echo 'test "${ZSH_VERSION+set}" = set && alias -g '\''${1+"$@"}'\''='\''"$@"'\''' && $as_echo "cd '$at_dir'" && $as_echo "exec \${CONFIG_SHELL-$SHELL} \"$at_myself\" -v -d $at_debug_args $at_group \${1+\"\$@\"}" && echo 'exit 1' } >"$at_group_dir/run" && chmod +x "$at_group_dir/run" } ## -------------------------------- ## ## End of autotest shell functions. ## ## -------------------------------- ## { $as_echo "## ---------------- ## ## Tested programs. ## ## ---------------- ##" echo } >&5 # Report what programs are being tested. for at_program in : $at_tested do test "$at_program" = : && continue case $at_program in [\\/]* | ?:[\\/]* ) $at_program_=$at_program ;; * ) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -f "$as_dir/$at_program" && break done IFS=$as_save_IFS at_program_=$as_dir/$at_program ;; esac if test -f "$at_program_"; then { $as_echo "$at_srcdir/testsuite.at:1: $at_program_ --version" "$at_program_" --version &5 2>&1 else as_fn_error $? "cannot find $at_program" "$LINENO" 5 fi done { $as_echo "## ------------------ ## ## Running the tests. ## ## ------------------ ##" } >&5 at_start_date=`date` at_start_time=`date +%s 2>/dev/null` $as_echo "$as_me: starting at: $at_start_date" >&5 # Create the master directory if it doesn't already exist. as_dir="$at_suite_dir"; as_fn_mkdir_p || as_fn_error $? "cannot create \`$at_suite_dir'" "$LINENO" 5 # Can we diff with `/dev/null'? DU 5.0 refuses. if diff /dev/null /dev/null >/dev/null 2>&1; then at_devnull=/dev/null else at_devnull=$at_suite_dir/devnull >"$at_devnull" fi # Use `diff -u' when possible. if at_diff=`diff -u "$at_devnull" "$at_devnull" 2>&1` && test -z "$at_diff" then at_diff='diff -u' else at_diff=diff fi # Get the last needed group. for at_group in : $at_groups; do :; done # Extract the start and end lines of each test group at the tail # of this file awk ' BEGIN { FS="" } /^#AT_START_/ { start = NR } /^#AT_STOP_/ { test = substr ($ 0, 10) print "at_sed" test "=\"1," start "d;" (NR-1) "q\"" if (test == "'"$at_group"'") exit }' "$at_myself" > "$at_suite_dir/at-source-lines" && . "$at_suite_dir/at-source-lines" || as_fn_error $? "cannot create test line number cache" "$LINENO" 5 rm -f "$at_suite_dir/at-source-lines" # Set number of jobs for `-j'; avoid more jobs than test groups. set X $at_groups; shift; at_max_jobs=$# if test $at_max_jobs -eq 0; then at_jobs=1 fi if test $at_jobs -ne 1 && { test $at_jobs -eq 0 || test $at_jobs -gt $at_max_jobs; }; then at_jobs=$at_max_jobs fi # If parallel mode, don't output banners, don't split summary lines. if test $at_jobs -ne 1; then at_print_banners=false at_quiet=: fi # Set up helper dirs. rm -rf "$at_helper_dir" && mkdir "$at_helper_dir" && cd "$at_helper_dir" && { test -z "$at_groups" || mkdir $at_groups; } || as_fn_error $? "testsuite directory setup failed" "$LINENO" 5 # Functions for running a test group. We leave the actual # test group execution outside of a shell function in order # to avoid hitting zsh 4.x exit status bugs. # at_fn_group_prepare # ------------------- # Prepare for running a test group. at_fn_group_prepare () { # The directory for additional per-group helper files. at_job_dir=$at_helper_dir/$at_group # The file containing the location of the last AT_CHECK. at_check_line_file=$at_job_dir/check-line # The file containing the exit status of the last command. at_status_file=$at_job_dir/status # The files containing the output of the tested commands. at_stdout=$at_job_dir/stdout at_stder1=$at_job_dir/stder1 at_stderr=$at_job_dir/stderr # The file containing the code for a test group. at_test_source=$at_job_dir/test-source # The file containing dates. at_times_file=$at_job_dir/times # Be sure to come back to the top test directory. cd "$at_suite_dir" # Clearly separate the test groups when verbose. $at_first || $at_verbose echo at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' # Create a fresh directory for the next test group, and enter. # If one already exists, the user may have invoked ./run from # within that directory; we remove the contents, but not the # directory itself, so that we aren't pulling the rug out from # under the shell's notion of the current directory. at_group_dir=$at_suite_dir/$at_group_normalized at_group_log=$at_group_dir/$as_me.log if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx {} \; rm -fr "$at_group_dir"/* "$at_group_dir"/.[!.] "$at_group_dir"/.??* fi || { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: test directory for $at_group_normalized could not be cleaned" >&5 $as_echo "$as_me: WARNING: test directory for $at_group_normalized could not be cleaned" >&2;} # Be tolerant if the above `rm' was not able to remove the directory. as_dir="$at_group_dir"; as_fn_mkdir_p echo 0 > "$at_status_file" # In verbose mode, append to the log file *and* show on # the standard output; in quiet mode only write to the log. if test -z "$at_verbose"; then at_tee_pipe='tee -a "$at_group_log"' else at_tee_pipe='cat >> "$at_group_log"' fi } # at_fn_group_banner ORDINAL LINE DESC PAD [BANNER] # ------------------------------------------------- # Declare the test group ORDINAL, located at LINE with group description DESC, # and residing under BANNER. Use PAD to align the status column. at_fn_group_banner () { at_setup_line="$2" test -n "$5" && at_fn_banner $5 at_desc="$3" case $1 in [0-9]) at_desc_line=" $1: ";; [0-9][0-9]) at_desc_line=" $1: " ;; *) at_desc_line="$1: " ;; esac as_fn_append at_desc_line "$3$4" $at_quiet $as_echo_n "$at_desc_line" echo "# -*- compilation -*-" >> "$at_group_log" } # at_fn_group_postprocess # ----------------------- # Perform cleanup after running a test group. at_fn_group_postprocess () { # Be sure to come back to the suite directory, in particular # since below we might `rm' the group directory we are in currently. cd "$at_suite_dir" if test ! -f "$at_check_line_file"; then sed "s/^ */$as_me: WARNING: /" <<_ATEOF A failure happened in a test group before any test could be run. This means that test suite is improperly designed. Please report this failure to . _ATEOF $as_echo "$at_setup_line" >"$at_check_line_file" at_status=99 fi $at_verbose $as_echo_n "$at_group. $at_setup_line: " $as_echo_n "$at_group. $at_setup_line: " >> "$at_group_log" case $at_xfail:$at_status in yes:0) at_msg="UNEXPECTED PASS" at_res=xpass at_errexit=$at_errexit_p at_color=$at_red ;; no:0) at_msg="ok" at_res=pass at_errexit=false at_color=$at_grn ;; *:77) at_msg='skipped ('`cat "$at_check_line_file"`')' at_res=skip at_errexit=false at_color=$at_blu ;; no:* | *:99) at_msg='FAILED ('`cat "$at_check_line_file"`')' at_res=fail at_errexit=$at_errexit_p at_color=$at_red ;; yes:*) at_msg='expected failure ('`cat "$at_check_line_file"`')' at_res=xfail at_errexit=false at_color=$at_lgn ;; esac echo "$at_res" > "$at_job_dir/$at_res" # In parallel mode, output the summary line only afterwards. if test $at_jobs -ne 1 && test -n "$at_verbose"; then $as_echo "$at_desc_line $at_color$at_msg$at_std" else # Make sure there is a separator even with long titles. $as_echo " $at_color$at_msg$at_std" fi at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg" case $at_status in 0|77) # $at_times_file is only available if the group succeeded. # We're not including the group log, so the success message # is written in the global log separately. But we also # write to the group log in case they're using -d. if test -f "$at_times_file"; then at_log_msg="$at_log_msg ("`sed 1d "$at_times_file"`')' rm -f "$at_times_file" fi $as_echo "$at_log_msg" >> "$at_group_log" $as_echo "$at_log_msg" >&5 # Cleanup the group directory, unless the user wants the files # or the success was unexpected. if $at_debug_p || test $at_res = xpass; then at_fn_create_debugging_script if test $at_res = xpass && $at_errexit; then echo stop > "$at_stop_file" fi else if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -fr "$at_group_dir" fi rm -f "$at_test_source" fi ;; *) # Upon failure, include the log into the testsuite's global # log. The failure message is written in the group log. It # is later included in the global log. $as_echo "$at_log_msg" >> "$at_group_log" # Upon failure, keep the group directory for autopsy, and create # the debugging script. With -e, do not start any further tests. at_fn_create_debugging_script if $at_errexit; then echo stop > "$at_stop_file" fi ;; esac } ## ------------ ## ## Driver loop. ## ## ------------ ## if (set -m && set +m && set +b) >/dev/null 2>&1; then set +b at_job_control_on='set -m' at_job_control_off='set +m' at_job_group=- else at_job_control_on=: at_job_control_off=: at_job_group= fi for at_signal in 1 2 15; do trap 'set +x; set +e $at_job_control_off at_signal='"$at_signal"' echo stop > "$at_stop_file" trap "" $at_signal at_pgids= for at_pgid in `jobs -p 2>/dev/null`; do at_pgids="$at_pgids $at_job_group$at_pgid" done test -z "$at_pgids" || kill -$at_signal $at_pgids 2>/dev/null wait if test "$at_jobs" -eq 1 || test -z "$at_verbose"; then echo >&2 fi at_signame=`kill -l $at_signal 2>&1 || echo $at_signal` set x $at_signame test 0 -gt 2 && at_signame=$at_signal { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: caught signal $at_signame, bailing out" >&5 $as_echo "$as_me: WARNING: caught signal $at_signame, bailing out" >&2;} as_fn_arith 128 + $at_signal && exit_status=$as_val as_fn_exit $exit_status' $at_signal done rm -f "$at_stop_file" at_first=: if test $at_jobs -ne 1 && rm -f "$at_job_fifo" && test -n "$at_job_group" && ( mkfifo "$at_job_fifo" && trap 'exit 1' PIPE STOP TSTP ) 2>/dev/null then # FIFO job dispatcher. trap 'at_pids= for at_pid in `jobs -p`; do at_pids="$at_pids $at_job_group$at_pid" done if test -n "$at_pids"; then at_sig=TSTP test "${TMOUT+set}" = set && at_sig=STOP kill -$at_sig $at_pids 2>/dev/null fi kill -STOP $$ test -z "$at_pids" || kill -CONT $at_pids 2>/dev/null' TSTP echo # Turn jobs into a list of numbers, starting from 1. at_joblist=`$as_echo "$at_groups" | sed -n 1,${at_jobs}p` set X $at_joblist shift for at_group in $at_groups; do $at_job_control_on 2>/dev/null ( # Start one test group. $at_job_control_off if $at_first; then exec 7>"$at_job_fifo" else exec 6<&- fi trap 'set +x; set +e trap "" PIPE echo stop > "$at_stop_file" echo >&7 as_fn_exit 141' PIPE at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source" then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess echo >&7 ) & $at_job_control_off if $at_first; then at_first=false exec 6<"$at_job_fifo" 7>"$at_job_fifo" fi shift # Consume one token. if test $# -gt 0; then :; else read at_token <&6 || break set x $* fi test -f "$at_stop_file" && break done exec 7>&- # Read back the remaining ($at_jobs - 1) tokens. set X $at_joblist shift if test $# -gt 0; then shift for at_job do read at_token done <&6 fi exec 6<&- wait else # Run serially, avoid forks and other potential surprises. for at_group in $at_groups; do at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source"; then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess test -f "$at_stop_file" && break at_first=false done fi # Wrap up the test suite with summary statistics. cd "$at_helper_dir" # Use ?..???? when the list must remain sorted, the faster * otherwise. at_pass_list=`for f in */pass; do echo $f; done | sed '/\*/d; s,/pass,,'` at_skip_list=`for f in */skip; do echo $f; done | sed '/\*/d; s,/skip,,'` at_xfail_list=`for f in */xfail; do echo $f; done | sed '/\*/d; s,/xfail,,'` at_xpass_list=`for f in ?/xpass ??/xpass ???/xpass ????/xpass; do echo $f; done | sed '/?/d; s,/xpass,,'` at_fail_list=`for f in ?/fail ??/fail ???/fail ????/fail; do echo $f; done | sed '/?/d; s,/fail,,'` set X $at_pass_list $at_xpass_list $at_xfail_list $at_fail_list $at_skip_list shift; at_group_count=$# set X $at_xpass_list; shift; at_xpass_count=$#; at_xpass_list=$* set X $at_xfail_list; shift; at_xfail_count=$# set X $at_fail_list; shift; at_fail_count=$#; at_fail_list=$* set X $at_skip_list; shift; at_skip_count=$# as_fn_arith $at_group_count - $at_skip_count && at_run_count=$as_val as_fn_arith $at_xpass_count + $at_fail_count && at_unexpected_count=$as_val as_fn_arith $at_xfail_count + $at_fail_count && at_total_fail_count=$as_val # Back to the top directory. cd "$at_dir" rm -rf "$at_helper_dir" # Compute the duration of the suite. at_stop_date=`date` at_stop_time=`date +%s 2>/dev/null` $as_echo "$as_me: ending at: $at_stop_date" >&5 case $at_start_time,$at_stop_time in [0-9]*,[0-9]*) as_fn_arith $at_stop_time - $at_start_time && at_duration_s=$as_val as_fn_arith $at_duration_s / 60 && at_duration_m=$as_val as_fn_arith $at_duration_m / 60 && at_duration_h=$as_val as_fn_arith $at_duration_s % 60 && at_duration_s=$as_val as_fn_arith $at_duration_m % 60 && at_duration_m=$as_val at_duration="${at_duration_h}h ${at_duration_m}m ${at_duration_s}s" $as_echo "$as_me: test suite duration: $at_duration" >&5 ;; esac echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo { echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo } >&5 if test $at_run_count = 1; then at_result="1 test" at_were=was else at_result="$at_run_count tests" at_were=were fi if $at_errexit_p && test $at_unexpected_count != 0; then if test $at_xpass_count = 1; then at_result="$at_result $at_were run, one passed" else at_result="$at_result $at_were run, one failed" fi at_result="$at_result unexpectedly and inhibited subsequent tests." at_color=$at_red else # Don't you just love exponential explosion of the number of cases? at_color=$at_red case $at_xpass_count:$at_fail_count:$at_xfail_count in # So far, so good. 0:0:0) at_result="$at_result $at_were successful." at_color=$at_grn ;; 0:0:*) at_result="$at_result behaved as expected." at_color=$at_lgn ;; # Some unexpected failures 0:*:0) at_result="$at_result $at_were run, $at_fail_count failed unexpectedly." ;; # Some failures, both expected and unexpected 0:*:1) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; 0:*:*) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; # No unexpected failures, but some xpasses *:0:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly." ;; # No expected failures, but failures and xpasses *:1:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failure)." ;; *:*:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failures)." ;; # All of them. *:*:1) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; *:*:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; esac if test $at_skip_count = 0 && test $at_run_count -gt 1; then at_result="All $at_result" fi fi # Now put skips in the mix. case $at_skip_count in 0) ;; 1) at_result="$at_result 1 test was skipped." ;; *) at_result="$at_result $at_skip_count tests were skipped." ;; esac if test $at_unexpected_count = 0; then echo "$at_color$at_result$at_std" echo "$at_result" >&5 else echo "${at_color}ERROR: $at_result$at_std" >&2 echo "ERROR: $at_result" >&5 { echo $as_echo "## ------------------------ ## ## Summary of the failures. ## ## ------------------------ ##" # Summary of failed and skipped tests. if test $at_fail_count != 0; then echo "Failed tests:" $SHELL "$at_myself" $at_fail_list --list echo fi if test $at_skip_count != 0; then echo "Skipped tests:" $SHELL "$at_myself" $at_skip_list --list echo fi if test $at_xpass_count != 0; then echo "Unexpected passes:" $SHELL "$at_myself" $at_xpass_list --list echo fi if test $at_fail_count != 0; then $as_echo "## ---------------------- ## ## Detailed failed tests. ## ## ---------------------- ##" echo for at_group in $at_fail_list do at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' cat "$at_suite_dir/$at_group_normalized/$as_me.log" echo done echo fi if test -n "$at_top_srcdir"; then sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## ${at_top_build_prefix}config.log ## _ASBOX sed 's/^/| /' ${at_top_build_prefix}config.log echo fi } >&5 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## $as_me.log was created. ## _ASBOX echo if $at_debug_p; then at_msg='per-test log files' else at_msg="\`${at_testdir+${at_testdir}/}$as_me.log'" fi $as_echo "Please send $at_msg and all information you think might help: To: Subject: [firewalld 0.8.2] $as_me: $at_fail_list${at_fail_list:+ failed${at_xpass_list:+, }}$at_xpass_list${at_xpass_list:+ passed unexpectedly} You may investigate any problem if you feel able to do so, in which case the test suite provides a good starting point. Its output may be found below \`${at_testdir+${at_testdir}/}$as_me.dir'. " exit 1 fi exit 0 ## ------------- ## ## Actual tests. ## ## ------------- ## #AT_START_1 at_fn_group_banner 1 'rhbz1773809.at:1' \ "NM overrides interface on reload" " " 1 at_xfail=no ( $as_echo "1. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1773809.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1773809.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1773809.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which NetworkManager >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which nmcli >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" cat >./NetworkManager.conf <<'_ATEOF' [main] plugins= [logging] #level=DEBUG #domains=ALL _ATEOF NM_ARGS="--no-daemon --config ./NetworkManager.conf" env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} NetworkManager $NM_ARGS & if test $? -ne 0; then $as_echo "rhbz1773809.at:4" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:4" fi echo "$!" > networkmanager.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli general status >/dev/null 2>&1 ; then up=1 break fi sleep 1 done $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:6" { set +x $as_echo "$at_srcdir/rhbz1773809.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:6" $at_failed && at_fn_log_failure $at_traceon; } echo env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection delete dummy0 >> ./cleanup $as_echo "rhbz1773809.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:8" { set +x $as_echo "$at_srcdir/rhbz1773809.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection show dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection show dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1773809.at:9" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:9" { set +x $as_echo "$at_srcdir/rhbz1773809.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection up dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection up dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0" "rhbz1773809.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone trusted --change-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone trusted --change-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:17" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1773809.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:18" { set +x $as_echo "$at_srcdir/rhbz1773809.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli -f connection.zone connection show dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli -f connection.zone connection show dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "connection.zone: trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:23" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1773809.at:27" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:27" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_1 #AT_START_2 at_fn_group_banner 2 'rhbz1773809.at:1' \ "NM overrides interface on reload" " " 2 at_xfail=no ( $as_echo "2. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1773809.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1773809.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1773809.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which NetworkManager >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which nmcli >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" cat >./NetworkManager.conf <<'_ATEOF' [main] plugins= [logging] #level=DEBUG #domains=ALL _ATEOF NM_ARGS="--no-daemon --config ./NetworkManager.conf" env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} NetworkManager $NM_ARGS & if test $? -ne 0; then $as_echo "rhbz1773809.at:4" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:4" fi echo "$!" > networkmanager.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli general status >/dev/null 2>&1 ; then up=1 break fi sleep 1 done $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:6" { set +x $as_echo "$at_srcdir/rhbz1773809.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:6" $at_failed && at_fn_log_failure $at_traceon; } echo env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection delete dummy0 >> ./cleanup $as_echo "rhbz1773809.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:8" { set +x $as_echo "$at_srcdir/rhbz1773809.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection show dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection show dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1773809.at:9" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:9" { set +x $as_echo "$at_srcdir/rhbz1773809.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection up dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection up dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0" "rhbz1773809.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone trusted --change-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone trusted --change-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:17" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1773809.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:18" { set +x $as_echo "$at_srcdir/rhbz1773809.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli -f connection.zone connection show dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli -f connection.zone connection show dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "connection.zone: trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:23" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1773809.at:27" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:27" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_2 firewalld-0.8.2/src/tests/integration/networkmanager.at0000664007115300711530000000013013626005156024500 0ustar00egarveregarver00000000000000AT_BANNER([NetworkManager (FIREWALL_BACKEND)]) m4_include([integration/rhbz1773809.at]) firewalld-0.8.2/src/tests/cli/0000775007115300711530000000000013641123257017360 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/cli/firewall-offline-cmd.at0000664007115300711530000000610113626005156023672 0ustar00egarveregarver00000000000000AT_BANNER([firewall-offline-cmd]) dnl !!! DO NOT ADD TESTS HERE !!! dnl dnl Most tests are common and should be added to firewall-cmd.at dnl See FWD_CHECK() and related macros for the magic. dnl dnl !!! DO NOT ADD TESTS HERE !!! m4_define([TESTING_FIREWALL_OFFLINE_CMD]) m4_include([cli/firewall-cmd.at]) m4_include([features/features.at]) dnl Now begin the tests explicitly for firewall-offline-cmd dnl m4_define([TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH]) FWD_START_TEST([lokkit migration]) AT_KEYWORDS(lokkit) dnl from command line FWD_CHECK([--addmodule=abc --addmodule=efg --removemodule=xyz dnl --trust=eth+ --trust=em0 dnl --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp dnl --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config dnl --service=dns --service=ftp --remove-service=dhcpv6-client dnl --block-icmp=router-advertisement --block-icmp=router-solicitation dnl --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 dnl --forward-port=if=ippp+:port=333:proto=udp:toport=444], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=eth+], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=em0], 0, ignore) FWD_CHECK([--query-service dns], 0, ignore) FWD_CHECK([--query-service ftp], 0, ignore) FWD_CHECK([--query-service dhcpv6-client], 1, ignore) FWD_CHECK([--query-icmp-block router-advertisement], 0, ignore) FWD_CHECK([--query-icmp-block router-solicitation], 0, ignore) FWD_CHECK([--query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4], 0, ignore) FWD_CHECK([--query-forward-port port=333:proto=udp:toport=444], 0, ignore) dnl from file AT_CHECK([cat << EOF > ./system-config-firewall --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 EOF ], 0, ignore) FWD_CHECK([--migrate-system-config-firewall=./system-config-firewall], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=eth+], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=em0], 0, ignore) FWD_CHECK([--query-service dns], 0, ignore) FWD_CHECK([--query-service ftp], 0, ignore) FWD_CHECK([--query-service dhcpv6-client], 1, ignore) FWD_CHECK([--query-icmp-block router-advertisement], 0, ignore) FWD_CHECK([--query-icmp-block router-solicitation], 0, ignore) FWD_CHECK([--query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4], 0, ignore) FWD_CHECK([--query-forward-port port=333:proto=udp:toport=444], 0, ignore) FWD_END_TEST m4_undefine([TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH]) m4_undefine([TESTING_FIREWALL_OFFLINE_CMD]) firewalld-0.8.2/src/tests/cli/firewall-cmd.at0000664007115300711530000031012513641106145022253 0ustar00egarveregarver00000000000000m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ AT_BANNER([firewall-cmd (FIREWALL_BACKEND)]) ]) FWD_START_TEST([basic options]) AT_KEYWORDS(panic reload) FWD_CHECK([-h], 0, ignore) FWD_CHECK([--help], 0, ignore) FWD_CHECK([-V], 0, ignore) FWD_CHECK([--reload], 0, ignore) dnl Don't test --complete-reload, it causes modules to unload and we don't dnl want to do that to the testing host. The module unload _should_ be dnl denied, but lets be safe and avoid it all together. dnl dnl FWD_CHECK([--complete-reload], 0, ignore) FWD_CHECK([--permanent --complete-reload], 2, ignore, ignore) FWD_CHECK([--panic-on], 0, ignore) FWD_RELOAD FWD_CHECK([--query-panic], 0, [yes ]) FWD_CHECK([--panic-off], 0, ignore) FWD_CHECK([--query-panic], 1, [no ]) FWD_END_TEST FWD_START_TEST([get/list options]) AT_KEYWORDS(zone service icmp) FWD_CHECK([--get-zones], 0, ignore) FWD_CHECK([--get-services], 0, ignore) FWD_CHECK([--get-icmptypes], 0, ignore) FWD_CHECK([--permanent --get-zones], 0, ignore) FWD_CHECK([--permanent --get-services], 0, ignore) FWD_CHECK([--permanent --get-icmptypes], 0, ignore) FWD_CHECK([--list-all-zones], 0, ignore) FWD_CHECK([--list-all], 0, ignore) FWD_CHECK([--permanent --list-all-zones], 0, ignore) FWD_CHECK([--permanent --list-all], 0, ignore) FWD_END_TEST FWD_START_TEST([default zone]) AT_KEYWORDS(zone) FWD_CHECK([--get-default-zone], 0, [public ]) FWD_CHECK([--set-default-zone="home"], 0, ignore) FWD_CHECK([--get-default-zone], 0, [home ]) FWD_CHECK([--set-default-zone="public"], 0, ignore) FWD_CHECK([--set-default-zone], 2, ignore, ignore) FWD_END_TEST FWD_START_TEST([user zone]) AT_KEYWORDS(zone) FWD_CHECK([--new-zone=foobar], 2, ignore, ignore) dnl no --permanent FWD_CHECK([--permanent --new-zone=foobar], 0, ignore) FWD_CHECK([--permanent --get-zones | grep foobar], 0, ignore) FWD_CHECK([--permanent --zone=foobar --get-target | grep default], 0, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=BAD], 110, ignore, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=%%REJECT%%], 0, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=DROP], 0, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=ACCEPT], 0, ignore) FWD_CHECK([--permanent --zone=foobar --get-target | grep ACCEPT], 0, ignore) FWD_CHECK([--permanent --zone=foobar --add-service=ssh], 0, ignore) dnl verify zone name limits (currently 17) FWD_CHECK([-q --permanent --new-zone=123456789abcefghi]) FWD_CHECK([-q --permanent --new-zone=123456789abcefghij], 116, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_TARGET: BAD/d'dnl -e '/ERROR: INVALID_NAME: Zone of/d']) FWD_START_TEST([zone interfaces]) AT_KEYWORDS(zone) FWD_CHECK([--zone=work --add-interface=dummy], 0, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 0, [work ]) FWD_CHECK([--get-active-zones], 0, ignore) FWD_CHECK([--zone work --query-interface=dummy], 0, ignore) FWD_CHECK([--zone=public --change-interface=dummy], 0, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 0, [public ]) FWD_CHECK([--zone=block --add-interface=dummy1], 0, ignore) FWD_CHECK([--zone=block --remove-interface=dummy1], 0, ignore) FWD_CHECK([--zone=dmz --change-zone=dummy], 0, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 0, [dmz ]) FWD_CHECK([--zone=dmz --list-interfaces], 0, [dummy ]) FWD_CHECK([--zone=dmz --remove-interface=dummy], 0, ignore) FWD_CHECK([--zone=dmz --query-interface dummy], 1, ignore, ignore) FWD_CHECK([--zone=dmz --change-interface=dummy], 0, ignore) dnl functions as an add FWD_CHECK([--zone=dmz --query-interface dummy], 0, ignore) FWD_CHECK([--zone=dmz --remove-interface=dummy], 0, ignore) FWD_CHECK([--zone=dmz --query-interface dummy], 1, ignore, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 2, ignore, ignore) FWD_CHECK([--get-zone-of-interface], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-zones], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-services], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-default-zone], 2, ignore, ignore) FWD_CHECK([--zone=dmz --set-default-zone], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-zone-of-interface], 2, ignore, ignore) FWD_CHECK([--permanent --zone=work --add-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=trusted --add-interface=perm_dummy2], 0, ignore) FWD_RELOAD FWD_CHECK([--permanent --get-zone-of-interface=perm_dummy], 0, [work ]) FWD_CHECK([--permanent --zone work --query-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=work --list-interfaces], 0, [perm_dummy ]) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--permanent --zone=public --add-interface=perm_dummy], 18, ignore, ignore) ]) FWD_CHECK([--permanent --zone=public --change-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --get-zone-of-interface=perm_dummy], 0, [public ]) FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore) FWD_CHECK([--permanent --zone=public --change-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --get-zone-of-interface=perm_dummy], 0, [public ]) FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore) FWD_CHECK([--permanent --zone=trusted --remove-interface=perm_dummy2], 0, ignore) FWD_RELOAD FWD_CHECK([--add-interface=foo], 0, ignore) FWD_CHECK([--add-interface=bar --zone=public], 0, ignore) FWD_CHECK([--set-default-zone=trusted], 0, ignore) FWD_CHECK([--get-default-zone], 0, [trusted ]) dnl check that changing default zone moves interfaces in that zone FWD_CHECK([--query-interface foo --zone=trusted], 0, ignore) dnl check that *only* iface1 was moved to new default zone FWD_CHECK([--query-interface bar --zone=public], 0, ignore) FWD_CHECK([--set-default-zone=public], 0, ignore) FWD_CHECK([--remove-interface=foo], 0, ignore) FWD_CHECK([--remove-interface=bar], 0, ignore) dnl exercise wildcards, rhbz 1644025 dnl Note: This feature is undocumented, because it's a possible security dnl risk. FWD_CHECK([--zone=trusted --add-interface=+], 0, ignore) FWD_CHECK([--add-interface=foobar+++], 0, ignore) FWD_CHECK([--add-interface=foobar+], 0, ignore) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { iifname "foobar*" goto filter_IN_public iifname "foobar++*" goto filter_IN_public goto filter_IN_trusted goto filter_IN_public } } ]) FWD_CHECK([--zone=trusted --remove-interface=+], 0, ignore) FWD_CHECK([--remove-interface=foobar+++], 0, ignore) FWD_CHECK([--remove-interface=foobar+], 0, ignore) FWD_CHECK([--permanent --add-interface=foobar+], 0, ignore) FWD_CHECK([--permanent --remove-interface=foobar+], 0, ignore) FWD_RELOAD FWD_END_TEST([-e '/ERROR: ZONE_CONFLICT: perm_dummy/d']) FWD_START_TEST([zone sources]) AT_KEYWORDS(zone) m4_define([check_zone_source], [ FWD_CHECK([--zone=public --add-source=$1], 0, ignore) FWD_CHECK([--get-zone-of-source=$1], 0, [public ]) FWD_CHECK([--zone=public --list-sources], 0, [$1 ]) FWD_CHECK([--zone=public --list-all | TRIM | grep ^sources], 0, [sources: $1 ]) FWD_CHECK([--get-active-zones | TRIM | grep "^\(public\|sources\)"], 0, [public sources: $1 ]) FWD_CHECK([--zone public --query-source=$1], 0, ignore) FWD_CHECK([--zone=work --change-source=$1], 0, ignore) FWD_CHECK([--get-zone-of-source=$1], 0, [work ]) FWD_CHECK([--zone=work --remove-source=$1], 0, ignore) FWD_CHECK([--zone work --query-source=$1], 1, ignore) FWD_CHECK([--get-zone-of-source=$1], 2, ignore, ignore) FWD_CHECK([--get-zone-of-source], 2, ignore, ignore) dnl missing arg FWD_CHECK([--permanent --zone=public --add-source=$1], 0, ignore) FWD_CHECK([--permanent --get-zone-of-source=$1], 0, [public ]) FWD_CHECK([--permanent --zone=public --list-sources], 0, [$1 ]) FWD_CHECK([--permanent --zone=public --list-all | TRIM | grep ^sources], 0, [sources: $1 ]) FWD_CHECK([--permanent --zone public --query-source=$1], 0, ignore) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--permanent --zone=work --add-source=$1], 18, ignore, ignore) ]) FWD_CHECK([--permanent --zone=work --change-source=$1], 0, ignore) FWD_CHECK([--permanent --get-zone-of-source=$1], 0, [work ]) FWD_CHECK([--permanent --zone=work --remove-source=$1], 0, ignore) FWD_CHECK([--permanent --zone work --query-source=$1], 1, ignore) ]) check_zone_source([1.2.3.4]) check_zone_source([192.168.1.0/24]) IF_HOST_SUPPORTS_IPV6_RULES([ check_zone_source([3ffe:501:ffff::/64]) check_zone_source([dead:beef::babe]) ]) m4_undefine([check_zone_source]) FWD_END_TEST([ -e '/ERROR: ZONE_CONFLICT/d']) FWD_START_TEST([services]) AT_KEYWORDS(service) FWD_CHECK([--add-service=dns --timeout 60 --zone=public], 0, ignore) FWD_CHECK([--query-service dns], 0, ignore) FWD_CHECK([--remove-service=dns], 0, ignore) FWD_CHECK([--query-service=dns], 1, ignore) FWD_CHECK([--add-service=smtpssssssss], 101, ignore, ignore) FWD_CHECK([--add-service=dns --timeout], 2, ignore, ignore) dnl missing argument FWD_CHECK([--add-service=dns --add-interface=dummy0], 2, ignore, ignore) dnl impossible combination FWD_CHECK([--permanent --zone=external --add-service=dns --timeout 60], 2, ignore, ignore) dnl impossible combination FWD_CHECK([--permanent --zone=external --add-service dns], 0, ignore) FWD_CHECK([--permanent --zone=external --list-services], 0, [dns ssh ]) FWD_CHECK([--permanent --zone=external --query-service dns], 0, ignore) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ FWD_CHECK([--permanent --zone=external --remove-service-from-zone=dns], 0, ignore) ], [ FWD_CHECK([--permanent --zone=external --remove-service=dns], 0, ignore) ]) FWD_CHECK([--permanent --zone=external --query-service=dns], 1, ignore) FWD_CHECK([--permanent --zone=external --add-service=smtpssssssss], 101, ignore, ignore) FWD_CHECK([--permanent --zone=external --add-service=dns --add-interface=dummy0], 2, ignore, ignore) dnl impossible combination FWD_CHECK([--add-service=http --add-service=nfs --timeout=1h], 0, ignore) FWD_CHECK([--query-service http], 0, ignore) FWD_CHECK([--query-service=nfs --zone=public], 0, ignore) FWD_CHECK([--remove-service=nfs --remove-service=http], 0, ignore) FWD_CHECK([--query-service http], 1, ignore) FWD_CHECK([--query-service nfs], 1, ignore) FWD_CHECK([--permanent --add-service=http --add-service=nfs], 0, ignore) FWD_CHECK([--permanent --query-service http], 0, ignore) FWD_CHECK([--permanent --query-service=nfs --zone=public], 0, ignore) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ FWD_CHECK([--permanent --remove-service-from-zone=nfs --remove-service-from-zone=http], 0, ignore) ], [ FWD_CHECK([--permanent --remove-service=nfs --remove-service=http], 0, ignore) ]) FWD_CHECK([--permanent --query-service http], 1, ignore) FWD_CHECK([--permanent --query-service nfs], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_SERVICE:/d']) FWD_START_TEST([user services]) AT_KEYWORDS(service) FWD_CHECK([--permanent --new-service=ssh], 26, ignore, ignore) dnl already exists FWD_CHECK([--permanent --new-service=foobar], 0, ignore) FWD_CHECK([--permanent --get-services | grep foobar], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--permanent --service=foobar --add-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--permanent --service=foobar --add-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port 111-222/udp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-port=111-222/udp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-port=666/sctp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port=666/sctp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port 666/sctp], 0, ignore, ignore) FWD_CHECK([--permanent --service=foobar --query-port=666/sctp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-port=999/dccp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port=999/dccp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port 999/dccp], 0, ignore, ignore) FWD_CHECK([--permanent --service=foobar --query-port=999/dccp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-port=666/sctp], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-port=999/dccp], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-protocol=ddp --add-protocol gre], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=ddp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=gre], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-protocol ddp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-protocol gre], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=ddp], 1, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=gre], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-module=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-module=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-module=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-module=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-module=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-module=ftp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-helper=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-helper=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-helper=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-helper=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --get-service-helpers], 0, [dnl ftp ]) FWD_CHECK([--permanent --service=foobar --remove-helper=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-helper=ftp], 1, ignore) FWD_CHECK([--permanent --service=foobar --set-destination=ipv4], 121, ignore, ignore) dnl no address FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 1, ignore) ]) FWD_CHECK([--permanent --zone=public --add-service=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore) FWD_CHECK([--permanent --delete-service=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 1, ignore) AT_DATA([./foobar-to-be-renamed], [m4_strip([dnl ]) FWD_CHECK([--permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file"]) FWD_CHECK([--permanent --get-services | grep foobar-from-file], 0, [ignore]) ]) FWD_END_TEST([-e '/ERROR: NAME_CONFLICT: new_service():/d' dnl -e '/ERROR: INVALID_ADDR:/d']) FWD_START_TEST([ports]) AT_KEYWORDS(port) FWD_CHECK([--zone home --list-ports], 0, ignore) FWD_CHECK([--add-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--add-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo], 254, ignore, ignore) FWD_CHECK([--add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar], 254, ignore, ignore) FWD_CHECK([--add-port=666/tcp --zone=public --timeout=30m], 0, ignore) FWD_CHECK([--remove-port=666/tcp], 0, ignore) FWD_CHECK([--add-port=111-222/udp], 0, ignore) FWD_CHECK([--query-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--remove-port 111-222/udp], 0, ignore) FWD_CHECK([--query-port=111-222/udp], 1, ignore) FWD_CHECK([--add-port=5000/sctp], 0, ignore) FWD_CHECK([--query-port=5000/sctp --zone=public], 0, ignore) FWD_CHECK([--remove-port 5000/sctp], 0, ignore) FWD_CHECK([--query-port=5000/sctp], 1, ignore) FWD_CHECK([--add-port=222/dccp], 0, ignore) FWD_CHECK([--query-port=222/dccp --zone=public], 0, ignore) FWD_CHECK([--remove-port 222/dccp], 0, ignore) FWD_CHECK([--query-port=222/dccp], 1, ignore) FWD_CHECK([--permanent --add-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--permanent --add-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--permanent --add-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --remove-port=666/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --add-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --remove-port 111-222/udp], 0, ignore) FWD_CHECK([--permanent --query-port=111-222/udp], 1, ignore) FWD_CHECK([--permanent --add-port=5000/sctp], 0, ignore) FWD_CHECK([--permanent --query-port=5000/sctp --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-port 5000/sctp], 0, ignore) FWD_CHECK([--permanent --query-port=5000/sctp], 1, ignore) FWD_CHECK([--permanent --add-port=222/dccp], 0, ignore) FWD_CHECK([--permanent --query-port=222/dccp --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-port 222/dccp], 0, ignore) FWD_CHECK([--permanent --query-port=222/dccp], 1, ignore) FWD_CHECK([--add-port=80/tcp --add-port 443-444/udp], 0, ignore) FWD_CHECK([--query-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--query-port=443-444/udp], 0, ignore) FWD_CHECK([--remove-port 80/tcp --remove-port=443-444/udp], 0, ignore) FWD_CHECK([--query-port=80/tcp], 1, ignore) FWD_CHECK([--query-port=443-444/udp], 1, ignore) FWD_CHECK([--permanent --add-port=80/tcp --add-port 443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --remove-port 80/tcp --remove-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-port=80/tcp], 1, ignore) FWD_CHECK([--permanent --query-port=443-444/udp], 1, ignore) FWD_END_TEST FWD_START_TEST([source ports]) AT_KEYWORDS(port) FWD_CHECK([--zone home --list-source-ports], 0, ignore) FWD_CHECK([--add-source-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--add-source-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--add-source-port=666/tcp --zone=public --timeout=30m], 0, ignore) FWD_CHECK([--remove-source-port=666/tcp], 0, ignore) FWD_CHECK([--add-source-port=111-222/udp], 0, ignore) FWD_CHECK([--query-source-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--remove-source-port 111-222/udp], 0, ignore) FWD_CHECK([--query-source-port=111-222/udp], 1, ignore) FWD_CHECK([--permanent --add-source-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--permanent --add-source-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--permanent --add-source-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --remove-source-port=666/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --add-source-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-source-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --remove-source-port 111-222/udp], 0, ignore) FWD_CHECK([--permanent --query-source-port=111-222/udp], 1, ignore) FWD_CHECK([--add-source-port=80/tcp --add-source-port 443-444/udp], 0, ignore) FWD_CHECK([--query-source-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--query-source-port=443-444/udp], 0, ignore) FWD_CHECK([--remove-source-port 80/tcp --remove-source-port=443-444/udp], 0, ignore) FWD_CHECK([--query-source-port=80/tcp], 1, ignore) FWD_CHECK([--query-source-port=443-444/udp], 1, ignore) FWD_CHECK([--permanent --add-source-port=80/tcp --add-source-port 443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-source-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-source-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-source-port=80/tcp], 1, ignore) FWD_CHECK([--permanent --query-source-port=443-444/udp], 1, ignore) FWD_END_TEST FWD_START_TEST([protocols]) AT_KEYWORDS(protocol) FWD_CHECK([--add-protocol=dummy], 103, ignore, ignore) FWD_CHECK([--add-protocol=dccp --zone=public], 0, ignore) FWD_CHECK([--query-protocol=dccp], 0, ignore) FWD_CHECK([--remove-protocol dccp], 0, ignore) FWD_CHECK([--query-protocol=dccp], 1, ignore) FWD_CHECK([--permanent --add-protocol=dummy], 103, ignore, ignore) FWD_CHECK([--permanent --add-protocol=dccp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-protocol=dccp], 0, ignore) FWD_CHECK([--permanent --remove-protocol dccp], 0, ignore) FWD_CHECK([--permanent --query-protocol=dccp], 1, ignore) FWD_CHECK([--add-protocol=ddp --add-protocol gre], 0, ignore) FWD_CHECK([--query-protocol=ddp --zone=public], 0, ignore) FWD_CHECK([--query-protocol=gre], 0, ignore) FWD_CHECK([--remove-protocol ddp --remove-protocol=gre], 0, ignore) FWD_CHECK([--query-protocol=ddp], 1, ignore) FWD_CHECK([--query-protocol=gre], 1, ignore) FWD_CHECK([--permanent --add-protocol=ddp --add-protocol gre], 0, ignore) FWD_CHECK([--permanent --query-protocol=ddp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-protocol=gre], 0, ignore) FWD_CHECK([--permanent --remove-protocol ddp --remove-protocol=gre], 0, ignore) FWD_CHECK([--permanent --query-protocol=ddp], 1, ignore) FWD_CHECK([--permanent --query-protocol=gre], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_PROTOCOL: dummy/d']) FWD_START_TEST([masquerade]) AT_KEYWORDS(masquerade nat) FWD_CHECK([--add-masquerade --zone=public], 0, ignore) dnl man page says this should only affect IPv4, so verify that. NFT_LIST_RULES([ip], [nat_POST_public_allow], 0, [dnl table ip firewalld { chain nat_POST_public_allow { oifname != "lo" masquerade } } ]) NFT_LIST_RULES([ip6], [nat_POST_public_allow], 0, [dnl table ip6 firewalld { chain nat_POST_public_allow { } } ]) IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl ]) FWD_CHECK([--query-masquerade], 0, ignore) FWD_CHECK([--remove-masquerade], 0, ignore) FWD_CHECK([--query-masquerade], 1, ignore) FWD_CHECK([--permanent --add-masquerade --zone=public], 0, ignore) FWD_CHECK([--permanent --query-masquerade], 0, ignore) FWD_CHECK([--permanent --remove-masquerade], 0, ignore) FWD_CHECK([--permanent --query-masquerade], 1, ignore) FWD_END_TEST FWD_START_TEST([forward ports]) AT_KEYWORDS(port forward_port) FWD_CHECK([--add-forward-port=666], 106, ignore, ignore) FWD_CHECK([--add-forward-port=port=11:proto=tcp:toport=22], 0, ignore) dnl man page says this should only affect IPv4, so verify that. NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl table ip firewalld { chain nat_PRE_public_allow { tcp dport 11 redirect to :22 } } ]) NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl table ip6 firewalld { chain nat_PRE_public_allow { } } ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11 to::22 ]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ]) FWD_CHECK([--remove-forward-port=port=11:proto=tcp:toport=22 --zone=public], 0, ignore) FWD_CHECK([--add-forward-port=port=33:proto=tcp:toaddr=4444], 105, ignore, ignore) dnl bad address FWD_CHECK([--add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public], 0, ignore) dnl man page says this should only affect IPv4, so verify that. NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl table ip firewalld { chain nat_PRE_public_allow { tcp dport 33 dnat to 4.4.4.4 } } ]) NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl table ip6 firewalld { chain nat_PRE_public_allow { } } ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:4.4.4.4 ]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ]) FWD_CHECK([--remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4], 0, ignore) FWD_CHECK([--add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 1, ignore) FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) dnl this should only affect IPv6, so verify that. NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl table ip firewalld { chain nat_PRE_public_allow { } } ]) NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl table ip6 firewalld { chain nat_PRE_public_allow { sctp dport 66 dnat to [[fd00:dead:beef:ff0::]:66] } } ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT sctp ::/0 ::/0 sctp dpt:66 [to:[fd00:dead:beef:ff0::]:66] ]) FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) ]) FWD_CHECK([--add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99], 0, ignore) FWD_CHECK([--query-forward-port port=100:proto=tcp:toport=200], 1, ignore) FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99], 1, ignore) FWD_CHECK([--list-forward-ports], 0, ignore) FWD_CHECK([--permanent --add-forward-port=666], 106, ignore, ignore) FWD_CHECK([--permanent --add-forward-port=port=11:proto=tcp:toport=22], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public], 0, ignore) FWD_CHECK([--permanent --add-forward-port=port=33:proto=tcp:toaddr=4444], 105, ignore, ignore) dnl bad address FWD_CHECK([--permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4], 0, ignore) FWD_CHECK([--permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 1, ignore) FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) ]) FWD_CHECK([--permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=100:proto=tcp:toport=200], 1, ignore) FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99], 1, ignore) FWD_CHECK([--permanent --list-forward-ports], 0, ignore) FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([ICMP block]) AT_KEYWORDS(icmp) FWD_CHECK([--list-icmp-blocks], 0, ignore) FWD_CHECK([--zone=external --add-icmp-block=dummyblock], 107, ignore, ignore) FWD_CHECK([--zone=external --add-icmp-block=redirect], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=redirect], 0, ignore) FWD_CHECK([--zone=external --remove-icmp-block redirect], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=redirect], 1, ignore) FWD_CHECK([--permanent --zone=external --add-icmp-block=dummyblock], 107, ignore, ignore) FWD_CHECK([--permanent --zone=external --add-icmp-block=redirect], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=redirect], 0, ignore) FWD_CHECK([--permanent --zone=external --remove-icmp-block redirect], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=redirect], 1, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=public], 0, ignore) FWD_CHECK([--query-icmp-block-inversion], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion], 0, ignore) FWD_CHECK([--query-icmp-block-inversion], 1, ignore) FWD_CHECK([--permanent --add-icmp-block-inversion --zone=public], 0, ignore) FWD_CHECK([--permanent --query-icmp-block-inversion], 0, ignore) FWD_CHECK([--permanent --remove-icmp-block-inversion], 0, ignore) FWD_CHECK([--permanent --query-icmp-block-inversion], 1, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=block], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion --zone=block], 0, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=drop], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion --zone=drop], 0, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=trusted], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion --zone=trusted], 0, ignore) FWD_CHECK([--zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=echo-reply], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=echo-reply], 1, ignore) FWD_CHECK([--zone=external --query-icmp-block=router-solicitation], 1, ignore) FWD_CHECK([--permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=echo-reply], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=echo-reply], 1, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=router-solicitation], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_ICMPTYPE:/d']) FWD_START_TEST([user ICMP types]) AT_KEYWORDS(icmp) FWD_CHECK([--permanent --new-icmptype=redirect], 26, ignore, ignore) dnl already exists FWD_CHECK([--permanent --new-icmptype=foobar], 0, ignore) FWD_CHECK([--permanent --get-icmptypes | grep foobar], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --add-destination=ipv5], 111, ignore, ignore) FWD_CHECK([--permanent --icmptype=foobar --add-destination=ipv4], 0, ignore, ignore) FWD_CHECK([--permanent --icmptype=foobar --remove-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --add-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --query-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --remove-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --query-destination=ipv4], 1, ignore) FWD_CHECK([--permanent --zone=public --add-icmp-block=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-icmp-blocks | grep foobar], 0, ignore) FWD_CHECK([--permanent --delete-icmptype=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-icmp-blocks | grep foobar], 1, ignore) FWD_END_TEST([-e '/NAME_CONFLICT: new_icmptype():/d']) FWD_START_TEST([ipset]) AT_KEYWORDS(ipset rhbz1685256) CHECK_IPSET CHECK_IPSET_HASH_MAC FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--ipset=foobar --get-entries], 0, [ ]) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4], 0, ignore) FWD_CHECK([--ipset=foobar --get-entries | grep "1.2.3.4"], 0, ignore) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.400], 136, ignore, ignore) FWD_CHECK([--ipset=foobar --remove-entry=1.2.3.4], 0, ignore) FWD_CHECK([--ipset=foobar --get-entries], 0, [ ]) FWD_CHECK([--zone=public --add-source=ipset:foobar], 0, ignore) FWD_CHECK([--get-zone-of-source=ipset:foobar | grep public], 0, ignore) FWD_CHECK([--zone=public --list-sources | grep "ipset:foobar"], 0, ignore) FWD_CHECK([--zone=public --query-source=ipset:foobar], 0, ignore) FWD_CHECK([--zone=public --remove-source=ipset:foobar], 0, ignore) FWD_CHECK([--zone=public --query-source=ipset:foobar], 1, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_CHECK([--reload], 0, ignore) dnl multi dimensional sets FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,1234], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100], 0, ignore) FWD_RELOAD NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . tcp . 1234, 10.10.10.10 . tcp . 2000-2100 } } } ]) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,8080], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl multi dimensional set with non default protocol FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore) FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . sctp . 1234, 20.20.20.20 . tcp . 8080 } } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr . meta l4proto . th sport @foobar goto filter_IN_internal goto filter_IN_public } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip,port Members: 10.10.10.10,sctp:1234 20.20.20.20,tcp:8080 ]) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl hash:ip,mark FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,mark], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,0x100], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,0x200], 0, ignore) FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . mark elements = { 10.10.10.10 . 0x00000100, 20.20.20.20 . 0x00000200 } } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr . mark @foobar goto filter_IN_internal goto filter_IN_public } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip,mark Members: 10.10.10.10,0x00000100 20.20.20.20,0x00000200 ]) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl multi dimensional set with intervals FWD_CHECK([--permanent --new-ipset=foobar --type=hash:net,port], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,tcp:8080], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl multi dimensional set with intervals (3 dimensions) FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port,net], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service . ipv4_addr flags interval elements = { 10.10.10.10 . sctp . 1234 . 10.10.10.0/24, 1.2.3.4 . tcp . 8080 . 1.6.0.0/16 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip,port,net Members: 1.2.3.4,tcp:8080,1.6.0.0/16 10.10.10.10,sctp:1234,10.10.10.0/24 ]) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl hash:net,iface FWD_CHECK([--permanent --new-ipset=foobar --type=hash:net,iface], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=20.20.20.0/24,raboof0], 0, ignore) FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . ifname flags interval elements = { 10.10.10.0/24 . "foobar0", 20.20.20.0/24 . "raboof0" } } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr . oifname @foobar goto filter_IN_internal goto filter_IN_public } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net,iface Members: 10.10.10.0/24,foobar0 20.20.20.0/24,raboof0 ]) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=12:34:56:78:90:ac], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD ]) FWD_END_TEST([-e '/ERROR: INVALID_ENTRY: invalid address/d']) FWD_START_TEST([user helpers]) AT_KEYWORDS(helper) FWD_CHECK([--permanent --new-helper=foobar --module=foo], 132, ignore, ignore) FWD_CHECK([--permanent --new-helper=foobar --module=nf_conntrack_foo], 0, ignore) FWD_CHECK([--permanent --get-helpers | grep foobar], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-family | grep ipv4], 1, ignore) FWD_CHECK([--permanent --helper=foobar --set-family=ipv5], 111, ignore, ignore) FWD_CHECK([--permanent --helper=foobar --set-family=ipv4], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-family | grep ipv4], 0, ignore) FWD_CHECK([--permanent --helper=foobar --set-family=], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-family], 0, [ ]) FWD_CHECK([--permanent --helper=foobar --get-ports], 0, [ ]) FWD_CHECK([--permanent --helper=foobar --add-port=44/tcp], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-ports | grep 44], 0, ignore) FWD_CHECK([--permanent --helper=foobar --query-port=44/tcp], 0, ignore) FWD_CHECK([--permanent --helper=foobar --remove-port=44/tcp], 0, ignore) FWD_CHECK([--permanent --helper=foobar --query-port=44/tcp], 1, ignore) FWD_CHECK([--permanent --helper=foobar --get-ports], 0, [ ]) FWD_CHECK([--permanent --delete-helper=foobar], 0, ignore) FWD_CHECK([--permanent --get-helpers | grep foobar], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_MODULE:/d']) FWD_START_TEST([direct]) AT_KEYWORDS(direct) FWD_CHECK([--direct --add-chain ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --get-chains ipv4 filter | grep mychain], 0, ignore) FWD_CHECK([--direct --get-all-chains | grep "ipv4 filter mychain"], 0, ignore) FWD_CHECK([--direct --query-chain ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --add-chain ipv5 filter mychain], 111, ignore, ignore) FWD_CHECK([--direct --add-chain ipv4 badtable mychain], 108, ignore, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "3 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-all-rules | grep "ipv4 filter mychain 3 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --remove-rule ipv4 filter mychain 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 3 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --add-rule ipv5 filter mychain 3 -j ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --add-rule ipv4 badtable mychain 3 -j ACCEPT], 108, ignore, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "3 -s 192.168.1.1 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "4 -s 192.168.1.2 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "5 -s 192.168.1.3 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "6 -s 192.168.1.4 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --remove-rules ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --remove-chain ipv5 filter mychain], 111, ignore, ignore) FWD_CHECK([--direct --remove-chain ipv4 badtable mychain], 108, ignore, ignore) FWD_CHECK([--direct --remove-chain ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --query-chain ipv4 filter mychain], 1, ignore) FWD_CHECK([--direct --remove-chain ipv4 filter dummy], 0, ignore, ignore) dnl impossible combinations FWD_CHECK([--direct --reload], 2, ignore, ignore) FWD_CHECK([--direct --list-all], 2, ignore, ignore) FWD_CHECK([--direct --get-services], 2, ignore, ignore) FWD_CHECK([--direct --get-default-zone], 2, ignore, ignore) FWD_CHECK([--direct --zone=home --list-services], 2, ignore, ignore) FWD_CHECK([--direct --permanent --list-all], 2, ignore, ignore) dnl try some non-ascii magic FWD_CHECK([--permanent --direct --add-chain ipv4 filter žluťoučký], 0, ignore) FWD_CHECK([--permanent --direct --get-chains ipv4 filter |grep "žluťoučký"], 0, ignore) FWD_CHECK([--permanent --direct --get-all-chains | grep "ipv4 filter žluťoučký"], 0, ignore) FWD_CHECK([--permanent --direct --query-chain ipv4 filter žluťoučký], 0, ignore) FWD_CHECK([--permanent --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --get-all-rules | grep "ipv4 filter žluťoučký 3 -j ACCEPT"], 0, ignore) FWD_CHECK([--permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT], 1, ignore) FWD_CHECK([--permanent --direct --remove-chain ipv4 filter žluťoučký], 0, ignore) FWD_CHECK([--permanent --direct --query-chain ipv4 filter žluťoučký], 1, ignore) dnl rhbz 1614048 - add rule to chain with _direct suffix FWD_CHECK([--direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT], 0, ignore) FWD_RELOAD FWD_END_TEST([-e '/ERROR: INVALID_TABLE:/d' dnl -e '/WARNING: NOT_ENABLED: chain/d']) FWD_START_TEST([direct nat]) AT_KEYWORDS(direct nat) CHECK_NAT_COEXISTENCE m4_define([direct_rule1], [ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81]) m4_define([direct_rule2], [ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82]) FWD_CHECK([--permanent --direct --add-rule direct_rule1], 0, ignore) FWD_CHECK([--permanent --direct --get-all-rules | grep "direct_rule1"], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--direct --get-all-rules | grep "direct_rule1"], 0, ignore) FWD_CHECK([--permanent --direct --remove-rule direct_rule1], 0, ignore) FWD_CHECK([--permanent --direct --add-rule direct_rule2], 0, ignore) FWD_CHECK([--permanent --direct --get-all-rules | grep "direct_rule2"], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--direct --get-all-rules |grep "direct_rule1"], 1, ignore) FWD_CHECK([--direct --get-all-rules | grep "direct_rule2"], 0, ignore) FWD_CHECK([--permanent --direct --remove-rule direct_rule2], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--direct --get-all-rules | grep "direct_rule2"], 1, ignore) m4_undefine([direct_rule1]) m4_undefine([direct_rule2]) FWD_END_TEST FWD_START_TEST([direct passthrough]) AT_KEYWORDS(direct passthrough) FWD_CHECK([--direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill], 0, ignore) FWD_CHECK([--direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill], 0, ignore) FWD_CHECK([--direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 1, ignore, ignore) IF_HOST_SUPPORTS_IP6TABLES([ FWD_CHECK([--direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64"], 0, ignore) FWD_CHECK([--direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64"], 0, ignore) FWD_CHECK([--direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64"], 0, ignore) FWD_CHECK([--direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore, ignore) ]) FWD_CHECK([--direct --passthrough ipv5 -nvL], 111, ignore, ignore) FWD_CHECK([--direct --passthrough ipv4], 2, ignore, ignore) FWD_CHECK([--direct --passthrough --get-chains ipv4 filter], 111, ignore, ignore) FWD_CHECK([--permanent --direct --add-passthrough ipv4], 2, ignore, ignore) FWD_CHECK([--permanent --direct --add-passthrough ipv5 -nvL], 111, ignore, ignore) FWD_CHECK([--permanent --direct --add-passthrough ipv4 -nvL], 0, ignore) FWD_CHECK([--permanent --direct --get-passthroughs ipv4 | grep "\-nvL"], 0, ignore) FWD_CHECK([--permanent --direct --get-all-passthroughs | grep "ipv4 \-nvL"], 0, ignore) FWD_CHECK([--permanent --direct --query-passthrough ipv4 -nvL], 0, ignore) FWD_CHECK([--permanent --direct --remove-passthrough ipv4 -nvL], 0, ignore) FWD_CHECK([--permanent --direct --query-passthrough ipv4 -nvL], 1, ignore, ignore) FWD_END_TEST([-e '/WARNING: NOT_ENABLED: passthrough/d']) FWD_START_TEST([direct ebtables]) AT_KEYWORDS(direct ebtables) FWD_CHECK([--direct --add-chain eb filter mychain], 0, ignore) FWD_CHECK([--direct --get-chains eb filter | grep mychain], 0, ignore) FWD_CHECK([--direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) FWD_CHECK([--direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP], 0, ignore) EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -p IPv6 -j DROP -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN ]) FWD_CHECK([--direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN ]) FWD_CHECK([--direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP], 0, ignore) FWD_CHECK([--direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP], 0, ignore) m4_if(nftables, FIREWALL_BACKEND, [dnl EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl -p IPv6 -j DROP -p IPv6 -j DROP ])], [dnl EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl -p IPv6 -j DROP -p IPv6 -j DROP -j RETURN ]) ]) FWD_CHECK([--direct --remove-rules eb filter INPUT], 0, ignore) FWD_CHECK([--direct --remove-rules eb filter mychain], 0, ignore) FWD_CHECK([--permanent --direct --add-chain eb filter mychain], 0, ignore) FWD_CHECK([--permanent --direct --get-chains eb filter | grep mychain], 0, ignore) FWD_CHECK([--permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) FWD_RELOAD EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -p IPv6 -j DROP -j RETURN ]) FWD_END_TEST FWD_START_TEST([lockdown]) AT_KEYWORDS(lockdown) FWD_CHECK([--add-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-commands | grep "/usr/bin/command"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-command /usr/bin/command], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-commands | grep "/usr/bin/command"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-command /usr/bin/command], 1, ignore) FWD_CHECK([--add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 1, ignore) FWD_CHECK([--add-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-uids | grep "6666"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-uid 6666], 1, ignore) FWD_CHECK([--add-lockdown-whitelist-uid 6666x], 2, ignore, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-uids | grep "6666"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-uid 6666], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-uid 6666x], 2, ignore, ignore) FWD_CHECK([--add-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-users | grep "theboss"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-user theboss], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-users | grep "theboss"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-user theboss], 1, ignore) AT_SKIP_IF([test `whoami` != 'root']) FWD_CHECK([--add-lockdown-whitelist-user root], 0, ignore) FWD_CHECK([--lockdown-on], 0, ignore) FWD_CHECK([--query-lockdown], 0, ignore) FWD_CHECK([--lockdown-off], 0, ignore) FWD_CHECK([--query-lockdown], 1, ignore) FWD_END_TEST m4_define([rich_rule_test], [ FWD_CHECK([--add-rich-rule='$1'], 0, ignore) FWD_CHECK([--query-rich-rule='$1'], 0, ignore) FWD_CHECK([--remove-rich-rule='$1'], 0, ignore) FWD_CHECK([--query-rich-rule='$1'], 1, ignore) FWD_CHECK([--permanent --add-rich-rule='$1'], 0, ignore) FWD_CHECK([--permanent --query-rich-rule='$1'], 0, ignore) FWD_CHECK([--permanent --remove-rich-rule='$1'], 0, ignore) FWD_CHECK([--permanent --query-rich-rule='$1'], 1, ignore) ]) FWD_START_TEST([rich rules good]) AT_KEYWORDS(rich) rich_rule_test([rule protocol value="ah" reject]) rich_rule_test([rule protocol value="esp" accept]) rich_rule_test([rule protocol value="sctp" log]) rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept]) rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop]) IF_HOST_SUPPORTS_IPV6_RULES([ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"]) rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop]) rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"]) rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"]) rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept]) rich_rule_test([rule family="ipv6" masquerade]) ]) rich_rule_test([rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"]) rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"]) rich_rule_test([rule family="ipv4" source address="192.168.1.0/24" masquerade]) rich_rule_test([rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept]) rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade]) rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"]) rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"]) IF_HOST_SUPPORTS_IPV6_RULES([ rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) ]) rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([rich rules audit]) AT_KEYWORDS(rich) CHECK_LOG_AUDIT rich_rule_test([rule service name="ftp" audit limit value="1/m" accept]) FWD_END_TEST m4_undefine([rich_rule_test]) FWD_START_TEST([rich rules priority]) AT_KEYWORDS(rich) CHECK_LOG_AUDIT dnl Verify generic layout of zone NFT_LIST_RULES([inet], [filter_IN_public], 0, [dnl table inet firewalld { chain filter_IN_public { jump filter_IN_public_pre jump filter_IN_public_log jump filter_IN_public_deny jump filter_IN_public_allow jump filter_IN_public_post meta l4proto { icmp, ipv6-icmp } accept } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public], 0, [dnl table inet firewalld { chain filter_FWDI_public { jump filter_FWDI_public_pre jump filter_FWDI_public_log jump filter_FWDI_public_deny jump filter_FWDI_public_allow jump filter_FWDI_public_post meta l4proto { icmp, ipv6-icmp } accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public], 0, [dnl IN_public_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_public_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [FWDI_public], 0, [dnl FWDI_public_pre all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_public], 0, [dnl IN_public_pre all ::/0 ::/0 IN_public_log all ::/0 ::/0 IN_public_deny all ::/0 ::/0 IN_public_allow all ::/0 ::/0 IN_public_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 ]) IP6TABLES_LIST_RULES([filter], [FWDI_public], 0, [dnl FWDI_public_pre all ::/0 ::/0 FWDI_public_log all ::/0 ::/0 FWDI_public_deny all ::/0 ::/0 FWDI_public_allow all ::/0 ::/0 FWDI_public_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 ]) dnl priority 0 (or not specified) is special: dnl accept goes to _allow chain dnl drop goes to _deny chain dnl log goes to _log chain dnl audit goes to _log chain FWD_CHECK([--add-rich-rule='rule port port="1111" protocol="tcp" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule port port="2222" protocol="tcp" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule port port="3333" protocol="tcp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept'], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_log], 0, [dnl table inet firewalld { chain filter_IN_public_log { tcp dport 1111 ct state new,untracked log tcp dport 1122 ct state new,untracked log level audit } } ]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { tcp dport 2222 ct state new,untracked drop } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 1122 ct state new,untracked accept tcp dport 3333 ct state new,untracked accept tcp dport 4444 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl DROP tcp ::/0 ::/0 tcp dpt:2222 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED ]) FWD_RELOAD dnl verify priority range FWD_CHECK([--add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept'], 139, ignore, ignore) FWD_CHECK([--add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept'], 139, ignore, ignore) FWD_RELOAD dnl Special catch-all rule m4_define([rich_rule_str], ['rule priority=127 drop']) FWD_CHECK([--add-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--query-rich-rule=rich_rule_str], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_post], 0, [dnl table inet firewalld { chain filter_IN_public_post { drop } } ]) IPTABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl DROP all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl DROP all ::/0 ::/0 ]) FWD_CHECK([--remove-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--query-rich-rule=rich_rule_str], 1, ignore) FWD_CHECK([--permanent --add-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--permanent --query-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--permanent --remove-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--permanent --query-rich-rule=rich_rule_str], 1, ignore) m4_undefine([rich_rule_str]) dnl special catch-all should be denied if priority not specified FWD_CHECK([--add-rich-rule='rule drop'], 122, ignore, ignore) FWD_CHECK([--add-rich-rule='rule priority=0 drop'], 122, ignore, ignore) FWD_CHECK([--add-rich-rule='rule log prefix="foobar: "'], 122, ignore, ignore) FWD_RELOAD dnl masquerade and forward-ports are special because they use nat and mangle. FWD_CHECK([--add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop'], 0, ignore) dnl FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"'], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"'], 0, ignore) ]) NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl table inet firewalld { chain filter_IN_public_pre { ip saddr 10.1.0.0/16 drop } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl table inet firewalld { chain filter_FWDI_public_pre { } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl table inet firewalld { chain filter_FWDI_public_allow { } } ]) NFT_LIST_RULES([inet], [filter_FWDO_public_pre], 0, [dnl table inet firewalld { chain filter_FWDO_public_pre { ip saddr 10.1.1.0/24 ct state new,untracked accept } } ]) NFT_LIST_RULES([inet], [filter_FWDO_public_allow], 0, [dnl table inet firewalld { chain filter_FWDO_public_allow { ip saddr 10.10.0.0/16 ct state new,untracked accept } } ]) NFT_LIST_RULES([ip], [nat_PRE_public_pre], 0, [dnl table ip firewalld { chain nat_PRE_public_pre { tcp dport 8888 redirect to :80 tcp dport 8080 dnat to 10.1.1.1:80 } } ]) NFT_LIST_RULES([ip], [nat_PRE_public_allow], 0, [dnl table ip firewalld { chain nat_PRE_public_allow { tcp dport 222 redirect to :22 tcp dport 2222 dnat to 10.1.1.1:22 } } ]) NFT_LIST_RULES([ip], [nat_POST_public_pre], 0, [dnl table ip firewalld { chain nat_POST_public_pre { ip saddr 10.1.1.0/24 oifname != "lo" masquerade } } ]) NFT_LIST_RULES([ip], [nat_POST_public_allow], 0, [dnl table ip firewalld { chain nat_POST_public_allow { ip saddr 10.10.0.0/16 oifname != "lo" masquerade } } ]) NFT_LIST_RULES([ip6], [nat_PRE_public_pre], 0, [[table ip6 firewalld { chain nat_PRE_public_pre { tcp dport 999 redirect to :99 tcp dport 9999 dnat to [1234::4321]:9999 } } ]]) NFT_LIST_RULES([ip6], [nat_PRE_public_allow], 0, [dnl table ip6 firewalld { chain nat_PRE_public_allow { tcp dport 9090 redirect to :90 } } ]) NFT_LIST_RULES([ip6], [nat_POST_public_pre], 0, [dnl table ip6 firewalld { chain nat_POST_public_pre { } } ]) NFT_LIST_RULES([ip6], [nat_POST_public_allow], 0, [dnl table ip6 firewalld { chain nat_POST_public_allow { } } ]) NFT_LIST_RULES([inet], [mangle_PRE_public_pre], 0, [dnl table inet firewalld { chain mangle_PRE_public_pre { } } ]) NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl table inet firewalld { chain mangle_PRE_public_allow { } } ]) IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl DROP all -- 10.1.0.0/16 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [FWDO_public_pre], 0, [dnl ACCEPT all -- 10.1.1.0/24 0.0.0.0/0 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [FWDO_public_allow], 0, [dnl ACCEPT all -- 10.10.0.0/16 0.0.0.0/0 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([nat], [PRE_public_pre], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to::80 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:10.1.1.1:80 ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 to::22 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.1.1.1:22 ]) IPTABLES_LIST_RULES([nat], [POST_public_pre], 0, [dnl MASQUERADE all -- 10.1.1.0/24 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl MASQUERADE all -- 10.10.0.0/16 0.0.0.0/0 ]) IPTABLES_LIST_RULES([mangle], [PRE_public_pre], 0, [dnl ]) IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [PRE_public_pre], 0, [[DNAT tcp ::/0 ::/0 tcp dpt:999 to::99 DNAT tcp ::/0 ::/0 tcp dpt:9999 to:[1234::4321]:9999 ]]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp ::/0 ::/0 tcp dpt:9090 to::90 ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ]) FWD_RELOAD dnl icmp-block and icmp-type coverage FWD_CHECK([--add-rich-rule='rule icmp-block name="destination-unreachable"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"'], 0, ignore) dnl FWD_CHECK([--add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept'], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl table inet firewalld { chain filter_IN_public_pre { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited icmp type echo-request accept icmpv6 type echo-request accept } } ]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp type echo-request accept icmpv6 type echo-request accept } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public_pre], 0, [dnl table inet firewalld { chain filter_FWDI_public_pre { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited icmp type echo-request accept icmpv6 type echo-request accept } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public_deny], 0, [dnl table inet firewalld { chain filter_FWDI_public_deny { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public_allow], 0, [dnl table inet firewalld { chain filter_FWDI_public_allow { icmp type echo-request accept icmpv6 type echo-request accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IPTABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IPTABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_pre], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [FWDI_public_allow], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) FWD_RELOAD dnl add many negative/positive priorities and make sure they're in the right order FWD_CHECK([--add-rich-rule='rule priority=70 service name="smtps" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-111 service name="ntp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=-111 service name="ntp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=127 drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=125 service name="imap" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=126 log prefix="DROPPED: "'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=10 service name="ssh" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=1 service name="http" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=100 service name="https" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=5 service name="https" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=66 service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=66 service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=70 service name="smtps" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=5 service name="https" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl table inet firewalld { chain filter_IN_public_pre { ip saddr 10.0.0.0/8 log tcp dport 1111 ct state new,untracked log tcp dport 1111 ct state new,untracked drop ip saddr 10.10.10.0/24 accept ip saddr 10.0.0.0/8 log ip saddr 10.0.0.0/8 drop } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } ]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { } } ]) NFT_LIST_RULES([inet], [filter_IN_public_log], 0, [dnl table inet firewalld { chain filter_IN_public_log { } } ]) NFT_LIST_RULES([inet], [filter_IN_public_post], 0, [dnl table inet firewalld { chain filter_IN_public_post { tcp dport 80 ct state new,untracked accept tcp dport 22 ct state new,untracked accept tcp dport 443 ct state new,untracked accept tcp dport 143 ct state new,untracked accept log prefix "DROPPED: " drop } } ]) IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED ACCEPT all -- 10.10.10.0/24 0.0.0.0/0 LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 10.0.0.0/8 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "'DROPPED: '" DROP all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "'DROPPED: '" DROP all ::/0 ::/0 ]) FWD_CHECK([-q --runtime-to-permanent]) FWD_RELOAD dnl Verify the rules are displayed in order of priority, not by when they dnl were added. FWD_CHECK([--add-rich-rule='rule priority=0 service name="http" accept'], 0, ignore) FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="-32768" family="ipv4" source address="10.0.0.0/8" log rule priority="-100" port port="1111" protocol="tcp" log rule priority="-10" port port="1111" protocol="tcp" drop rule priority="-5" family="ipv4" source address="10.10.10.0/24" accept rule priority="-2" family="ipv4" source address="10.0.0.0/8" log rule priority="-1" family="ipv4" source address="10.0.0.0/8" drop rule service name="http" accept rule priority="1" service name="http" accept rule priority="10" service name="ssh" accept rule priority="100" service name="https" accept rule priority="125" service name="imap" accept rule priority="126" log prefix="DROPPED: " rule priority="127" drop ])]) FWD_END_TEST([-e '/INVALID_RULE: no element, no source, no destination/d'dnl -e '/INVALID_RULE: no element, no action/d'dnl -e '/ERROR: INVALID_PRIORITY: /d'dnl -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([rich rules bad]) AT_KEYWORDS(rich) m4_define([rich_rule_test], [ FWD_CHECK([--add-rich-rule='$1'], $2, ignore, ignore) FWD_CHECK([--permanent --add-rich-rule='$1'], $2, ignore, ignore) ]) rich_rule_test([], 122) dnl empty rich_rule_test([name="dns" accept], 122) dnl no rule rich_rule_test([protocol value="ah" reject], 122) dnl no rule rich_rule_test([rule protocol value="ah" reject type="icmp-host-prohibited"], 122) dnl reject type needs specific family rich_rule_test([rule family="ipv4" protocol value="ah" reject type="dummy"], 122) dnl dummy reject type rich_rule_test([rule], 122) dnl no element rich_rule_test([rule bad_element], 122) dnl no unknown element rich_rule_test([rule family="ipv5"], 122) dnl bad family rich_rule_test([rule name="dns" accept], 122) dnl name outside of element rich_rule_test([rule protocol="ah" accept], 122) dnl bad protocol usage rich_rule_test([rule protocol value="ah" accept drop], 122) dnl accept && drop rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level IF_HOST_SUPPORTS_IPV6_RULES([ rich_rule_test([family="ipv6" accept], 122) dnl no rule rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit ]) rich_rule_test([rule protocol value="esp"], 122) dnl no action/log/audit rich_rule_test([rule family="ipv4" masquerade drop], 122) dnl masquerade & action rich_rule_test([rule family="ipv4" icmp-block name="redirect" accept], 122) dnl icmp-block & action rich_rule_test([rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept], 122) dnl forward-port & action m4_undefine([rich_rule_test]) FWD_END_TEST([-e '/ERROR: INVALID_RULE:/d' dnl -e '/ERROR: INVALID_LOG_LEVEL: eror/d' dnl -e '/ERROR: MISSING_FAMILY/d' dnl -e '/ERROR: INVALID_LIMIT: 1\/2m/d']) FWD_START_TEST([config validation]) AT_KEYWORDS(check_config) dnl default config FWD_CHECK([--check-config], 0, ignore) dnl The rest of these are negative test cases. dnl firewalld.conf AT_CHECK([cp ./firewalld.conf ./firewalld.conf.orig]) AT_CHECK([echo "SomeBogusField=yes" >> ./firewalld.conf]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl ERROR: Invalid option: 'SomeBogusField=yes' ERROR: Invalid option: 'SomeBogusField=yes' ])]) AT_CHECK([cp ./firewalld.conf.orig ./firewalld.conf]) dnl direct AT_DATA([./direct.xml], [dnl ]) FWD_CHECK([--check-config], 111, ignore, ignore) AT_DATA([./direct.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./direct.xml]) dnl lockdown-whitelist AT_DATA([./lockdown-whitelist.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./lockdown-whitelist.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./lockdown-whitelist.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./lockdown-whitelist.xml]) dnl ipset AT_CHECK([mkdir -p ./ipsets]) AT_DATA([./ipsets/foobar.xml], [dnl 12:34:56:78:90 ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. ])]) AT_DATA([./ipsets/foobar.xml], [dnl 12:34:56:78:90:ab ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./ipsets/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 119, ignore, ignore) AT_CHECK([rm ./ipsets/foobar.xml]) dnl helpers AT_CHECK([mkdir -p ./helpers]) AT_DATA([./helpers/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./helpers/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 111, ignore, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ AT_DATA([./helpers/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) ]) AT_CHECK([rm ./helpers/foobar.xml]) dnl icmptype AT_CHECK([mkdir -p ./icmptypes]) AT_DATA([./icmptypes/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./icmptypes/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./icmptypes/foobar.xml]) dnl services AT_CHECK([mkdir -p ./services]) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 102, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 102, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./services/foobar.xml]) dnl zones AT_CHECK([mkdir -p ./zones]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 112, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 101, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid source: No address no ipset. WARNING: Invalid source: No address no ipset. ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: INVALID_LIMIT: none: rule family="ipv4" source address="10.0.0.1/24" accept limit value="none" WARNING: INVALID_LIMIT: none: rule family="ipv4" source address="10.0.0.1/24" accept limit value="none" ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid rule: Invalid log level WARNING: Invalid rule: Invalid log level ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept ])]) ]) AT_CHECK([rm ./zones/foobar.xml]) FWD_END_TEST([-e '/ERROR:/d'dnl -e '/WARNING:/d']) firewalld-0.8.2/src/tests/package.m40000664007115300711530000000040113641123217020435 0ustar00egarveregarver00000000000000m4_define([AT_PACKAGE_NAME],[firewalld]) m4_define([AT_PACKAGE_VERSION],[0.8.2]) m4_define([AT_PACKAGE_STRING],[firewalld 0.8.2]) m4_define([AT_PACKAGE_URL],[http://firewalld.org/]) m4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld]) firewalld-0.8.2/src/tests/Makefile.in0000664007115300711530000004140313641123177020661 0ustar00egarveregarver00000000000000# Makefile.in generated by automake 1.13.4 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = src/tests DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(srcdir)/atlocal.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = atlocal CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ TESTSUITE = $(srcdir)/testsuite TESTSUITE_INTEGRATION = $(srcdir)/integration/testsuite TESTSUITE_FILES = \ $(wildcard $(srcdir)/*.at) \ $(wildcard $(srcdir)/cli/*.at) \ $(wildcard $(srcdir)/dbus/*.at) \ $(wildcard $(srcdir)/features/*.at) \ $(wildcard $(srcdir)/integration/*.at) \ $(wildcard $(srcdir)/python/*.at) \ $(wildcard $(srcdir)/regression/*.at) EXTRA_DIST = \ $(TESTSUITE) \ $(TESTSUITE_INTEGRATION) \ $(TESTSUITE_FILES) \ $(wildcard $(srcdir)/python/*.py) \ $(srcdir)/package.m4 \ atlocal.in DISTCLEANFILES = atconfig AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te AUTOTEST = $(AUTOM4TE) --language=autotest CONTAINER_TARGETS = check-container-debian-sid check-container-fedora-rawhide all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): atlocal: $(top_builddir)/config.status $(srcdir)/atlocal.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: installcheck-local maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: check-am install-am install-strip .PHONY: all all-am check check-am check-local clean clean-generic \ clean-local cscopelist-am ctags-am distclean distclean-generic \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installcheck-local \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ uninstall uninstall-am $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile :;{ \ echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' ; \ } > "$@" check-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) clean-local: test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean -rm $(srcdir)/package.m4 $(TESTSUITE) $(TESTSUITE_INTEGRATION): $(TESTSUITE_FILES) $(srcdir)/package.m4 $(AUTOTEST) -I '$(srcdir)' -o $@.tmp $@.at mv $@.tmp $@ check-container-debian-sid-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM debian:sid" && \ echo "RUN apt-get update" && \ echo "RUN apt-get install -y autoconf automake pkg-config intltool libglib2.0-dev \ xsltproc docbook-xsl docbook-xml iptables ipset ebtables \ nftables libxml2-utils libdbus-1-dev libgirepository1.0-dev \ python3-dbus python3-gi python3-slip-dbus python3-nftables \ procps network-manager gir1.2-nm-1.0" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-fedora-rawhide-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM fedora:rawhide" && \ echo "RUN dnf -y makecache" && \ echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \ docbook-style-xsl file gettext glib2-devel intltool ipset \ iptables iptables-nft libtool libxml2 libxslt make nftables \ python3-nftables python3-slip-dbus python3-gobject-base \ diffutils procps-ng iproute which dbus-daemon \ NetworkManager" && \ echo "RUN alternatives --set ebtables /usr/sbin/ebtables-nft" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) $(CONTAINER_TARGETS): check-container-%: check-container-%-image $(PODMAN) run -i --rm --privileged firewalld-testsuite-$* bash -c " \ cd /tmp/firewalld && \ ./autogen.sh && \ ./configure PYTHON=/usr/bin/python3 && \ make && \ { make -C src/tests check-local TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" || \ make -C src/tests check-local TESTSUITEFLAGS=\"--recheck --errexit --verbose\" ; } && \ make -C src/tests check-integration TESTSUITEFLAGS=\"$(TESTSUITEFLAGS) -j1\" " $(PODMAN) rmi firewalld-testsuite-$* check-container: $(CONTAINER_TARGETS) .PHONY: check-container .PHONY: $(CONTAINER_TARGETS) $(foreach container,$(CONTAINER_TARGETS),$(container)-image) check-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) .PHONY: check-integration installcheck-integration # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/src/tests/atlocal.in0000664007115300711530000000045313641106102020550 0ustar00egarveregarver00000000000000export PYTHON="@PYTHON@" export IPTABLES="@IPTABLES@" export IPTABLES_RESTORE="@IPTABLES_RESTORE@" export IP6TABLES="@IP6TABLES@" export IP6TABLES_RESTORE="@IP6TABLES_RESTORE@" export NFT_NUMERIC_ARGS="$(nft -h |grep numeric-protocol >/dev/null && echo -n '' || { echo -n '-' && echo -n 'nn'; })" firewalld-0.8.2/src/tests/testsuite.at0000664007115300711530000000071013626005156021166 0ustar00egarveregarver00000000000000AT_INIT AT_COLOR_TESTS dnl Override m4_include to avoid warning about inclusion dnl m4_define([m4_include], [m4_builtin([include], [$1])]) m4_include([functions.at]) m4_include([cli/firewall-offline-cmd.at]) m4_include([dbus/dbus.at]) m4_foreach([FIREWALL_BACKEND], [[nftables], [iptables]], [ m4_include([cli/firewall-cmd.at]) m4_include([regression/regression.at]) m4_include([python/python.at]) m4_include([features/features.at]) ]) firewalld-0.8.2/src/tests/dbus/0000775007115300711530000000000013641123257017546 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/dbus/service.at0000664007115300711530000004535113620317435021544 0ustar00egarveregarver00000000000000FWD_START_TEST([dbus api - services]) AT_KEYWORDS(dbus service rhbz1721414 rhbz1737045 gh514) DBUS_INTROSPECT([config], [[//method[@name="addService"]]], 0, [dnl ]) DBUS_CHECK([config], [config.addService], ["foobar" dnl name '("1.0", dnl version "foobar", dnl short "foobar service is for foobar", dnl description @<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@, dnl ports, deliberate duplicate @<:@"ftp"@:>@, dnl modules {"ipv4": "1.2.3.4"}, dnl destination @<:@"icmp", "igmp"@:>@, dnl protocols @<:@("4321", "tcp"), ("4321", "udp")@:>@ dnl source ports )'dnl ], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSettings"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl [(('1.0', 'foobar', 'foobar service is for foobar', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], {'ipv4': '1.2.3.4'}, ['icmp', 'igmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="update"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update], ['("1.1", dnl version "foobar new", dnl short "foobar new service is for foobar", dnl description @<:@("12345", "udp"), ("2222", "tcp")@:>@, dnl ports @<:@"ftp"@:>@, dnl modules {}, dnl destination @<:@"icmp"@:>@, dnl protocols @<:@("4321", "tcp")@:>@ dnl source ports )'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="loadDefaults"]]], 0, [dnl ]) DBUS_CHECK([config], [config.getServiceByName], ["ssh"], 0, [stdout]) SERVICE_OBJ_TEMP=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ_TEMP DBUS_CHECK([config/service/${SERVICE_OBJ_TEMP}], [config.service.setVersion], ["1.1"], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ_TEMP}], [config.service.loadDefaults], [], 0, [ignore]) DBUS_CHECK([config], [config.getServiceByName], ["ssh"], 0, [stdout]) SERVICE_OBJ_TEMP=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ_TEMP DBUS_CHECK([config/service/${SERVICE_OBJ_TEMP}], [config.service.getVersion], [], 0, [dnl ('',) ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="remove"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="rename"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getVersion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setVersion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getShort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setShort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDescription"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDescription"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSourcePorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setSourcePorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="querySourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getProtocols"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setProtocols"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getModules"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setModules"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addModule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeModule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryModule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDestinations"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDestinations"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getIncludes"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getIncludes], [], 0, [dnl [(@as [],)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setIncludes"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.setIncludes], [['["https", "ssh"]']], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getIncludes], [], 0, [dnl [(['https', 'ssh'],)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addInclude"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.addInclude], ['"http"'], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.queryInclude], ['"http"'], 0, [dnl [(true,)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeInclude"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.removeInclude], ['"http"'], 0, [ignore]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryInclude"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.queryInclude], ['"http"'], 0, [dnl [(false,)] ]) FWD_RELOAD DBUS_INTROSPECT([], [[//method[@name="getServiceSettings"]]], 0, [dnl ]) DBUS_CHECK([], [getServiceSettings], ["foobar"], 0, [dnl [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] ]) dnl =============== dnl New APIs tests dnl =============== dnl modify service with new API that was created with old API dnl Verify old APIs also reflect the change. DBUS_CHECK([config], [config.addService], ["foobar-old" dnl name '("1.0", dnl version "foobar-old", dnl short "foobar-old service is for foobar-old", dnl description @<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@, dnl ports, deliberate duplicate @<:@"ftp"@:>@, dnl modules {}, dnl destination @<:@@:>@, dnl protocols @<:@("4321", "tcp"), ("4321", "udp")@:>@ dnl source ports )'dnl ], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.1">, "includes": <@<:@"https"@:>@>, "protocols": <@<:@"icmp"@:>@> }'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl [(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'>] ]) FWD_RELOAD DBUS_CHECK([], [getServiceSettings], ["foobar-old"], 0, [dnl [(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ]) DBUS_CHECK([], [getServiceSettings2], ["foobar-old"], 0, [dnl ['description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'>] ]) dnl add service with new API DBUS_INTROSPECT([config], [[//method[@name="addService2"]]], 0, [dnl ]) DBUS_CHECK([config], [config.addService2], ["foobar-dict" dnl name '{"version": <"1.0">, "short": <"foobar-dict">, "description": <"foobar-dict service is for foobar-dict">, "ports": <@<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@>, "modules": <@<:@"ftp"@:>@>, "destination": <{"ipv6": "1234::4321"}>, "protocols": <@<:@"icmp", "igmp"@:>@>, "source_ports": <@<:@("4321", "tcp"), ("4321", "udp")@:>@>, "includes": <@<:@"https", "samba"@:>@>, "helpers": <@<:@"ftp"@:>@> }'dnl ], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSettings2"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.0'>] ]) dnl New API allows partial updates to service object DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="update2"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.1">, "includes": <@<:@"https", "samba", "http"@:>@> }'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba', 'http']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'>] ]) dnl To zero a field you have to set it with an empty value DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.2">, "includes": <@as @<:@@:>@> }'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'>] ]) FWD_RELOAD DBUS_INTROSPECT([], [[//method[@name="getServiceSettings2"]]], 0, [dnl ]) DBUS_CHECK([], [getServiceSettings2], ["foobar-dict"], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'>] ]) dnl bogus arguments DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.3">, "thisdoesnotexist": <""> }'dnl ], 1, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_OPTION: service option/d']) firewalld-0.8.2/src/tests/dbus/firewalld.conf.at0000664007115300711530000000440213630022170022757 0ustar00egarveregarver00000000000000FWD_START_TEST([firewalld.conf]) AT_KEYWORDS(dbus) dnl Verify defaults over dbus. Should be inline with default firewalld.conf. IF_HOST_SUPPORTS_NFT_FIB([ DBUS_GETALL([config], [config], 0, [dnl string "AllowZoneDrifting" : variant string "no" string "AutomaticHelpers" : variant string "no" string "CleanupOnExit" : variant string "no" string "DefaultZone" : variant string "public" string "FirewallBackend" : variant string "nftables" string "FlushAllOnReload" : variant string "yes" string "IPv6_rpfilter" : variant string "yes" string "IndividualCalls" : variant string "no" string "Lockdown" : variant string "no" string "LogDenied" : variant string "off" string "MinimalMark" : variant int32 100 string "RFC3964_IPv4" : variant string "yes" ])], [ DBUS_GETALL([config], [config], 0, [dnl string "AllowZoneDrifting" : variant string "no" string "AutomaticHelpers" : variant string "no" string "CleanupOnExit" : variant string "no" string "DefaultZone" : variant string "public" string "FirewallBackend" : variant string "nftables" string "FlushAllOnReload" : variant string "yes" string "IPv6_rpfilter" : variant string "no" string "IndividualCalls" : variant string "no" string "Lockdown" : variant string "no" string "LogDenied" : variant string "off" string "MinimalMark" : variant int32 100 string "RFC3964_IPv4" : variant string "yes" ]) ]) m4_define([_helper], [ DBUS_SET([config], [config], [string:"$1" $2], 0, ignore) DBUS_GET([config], [config], [string:"$1"], 0, [dnl $3 ]) ]) dnl Test individual Set/Get _helper([MinimalMark], [int32:1234], [variant int32 1234]) _helper([AutomaticHelpers], [string:"no"], [variant string "no"]) _helper([Lockdown], [string:"yes"], [variant string "yes"]) _helper([LogDenied], [string:"all"], [variant string "all"]) _helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"]) _helper([IndividualCalls], [string:"yes"], [variant string "yes"]) _helper([FirewallBackend], [string:"iptables"], [variant string "iptables"]) _helper([FlushAllOnReload], [string:"no"], [variant string "no"]) _helper([CleanupOnExit], [string:"yes"], [variant string "yes"]) _helper([RFC3964_IPv4], [string:"no"], [variant string "no"]) _helper([AllowZoneDrifting], [string:"yes"], [variant string "yes"]) dnl Note: DefaultZone is RO m4_undefine([_helper]) FWD_END_TEST firewalld-0.8.2/src/tests/dbus/dbus.at0000664007115300711530000000012513626005156021027 0ustar00egarveregarver00000000000000AT_BANNER([dbus]) m4_include([dbus/firewalld.conf.at]) m4_include([dbus/service.at]) firewalld-0.8.2/src/tests/testsuite0000775007115300711530002571650113641123222020601 0ustar00egarveregarver00000000000000#! /bin/sh # Generated from testsuite.at by GNU Autoconf 2.69. # # Copyright (C) 2009-2012 Free Software Foundation, Inc. # # This test suite is free software; the Free Software Foundation gives # unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} # How were we run? at_cli_args="$@" # Not all shells have the 'times' builtin; the subshell is needed to make # sure we discard the 'times: not found' message from the shell. at_times_p=false (times) >/dev/null 2>&1 && at_times_p=: # CLI Arguments to pass to the debugging scripts. at_debug_args= # -e sets to true at_errexit_p=false # Shall we be verbose? ':' means no, empty means yes. at_verbose=: at_quiet= # Running several jobs in parallel, 0 means as many as test groups. at_jobs=1 at_traceon=: at_trace_echo=: at_check_filter_trace=: # Shall we keep the debug scripts? Must be `:' when the suite is # run by a debug script, so that the script doesn't remove itself. at_debug_p=false # Display help message? at_help_p=false # Display the version message? at_version_p=false # List test groups? at_list_p=false # --clean at_clean=false # Test groups to run at_groups= # Whether to rerun failed tests. at_recheck= # Whether a write failure occurred at_write_fail=0 # The directory we run the suite in. Default to . if no -C option. at_dir=`pwd` # An absolute reference to this testsuite script. case $as_myself in [\\/]* | ?:[\\/]* ) at_myself=$as_myself ;; * ) at_myself=$at_dir/$as_myself ;; esac # Whether -C is in effect. at_change_dir=false # Whether to enable colored test results. at_color=auto # List of the tested programs. at_tested='' # As many question marks as there are digits in the last test group number. # Used to normalize the test group numbers so that `ls' lists them in # numerical order. at_format='???' # Description of all the test groups. at_help_all="1;firewall-cmd.at:5;basic options;offline panic reload; 2;firewall-cmd.at:28;get/list options;offline zone service icmp; 3;firewall-cmd.at:44;default zone;offline zone; 4;firewall-cmd.at:56;user zone;offline zone; 5;firewall-cmd.at:76;zone interfaces;offline zone; 6;firewall-cmd.at:174;zone sources;offline zone; 7;firewall-cmd.at:226;services;offline service; 8;firewall-cmd.at:270;user services;offline service; 9;firewall-cmd.at:352;ports;offline port; 10;firewall-cmd.at:409;source ports;offline port; 11;firewall-cmd.at:446;protocols;offline protocol; 12;firewall-cmd.at:474;masquerade;offline masquerade nat; 13;firewall-cmd.at:507;forward ports;offline port forward_port; 14;firewall-cmd.at:624;ICMP block;offline icmp; 15;firewall-cmd.at:670;user ICMP types;offline icmp; 16;firewall-cmd.at:693;ipset;offline ipset rhbz1685256; 17;firewall-cmd.at:884;user helpers;offline helper; 18;firewall-cmd.at:912;direct;offline direct; 19;firewall-cmd.at:985;direct nat;offline direct nat; 20;firewall-cmd.at:1009;direct passthrough;offline direct passthrough; 21;firewall-cmd.at:1046;direct ebtables;offline direct ebtables; 22;firewall-cmd.at:1091;lockdown;offline lockdown; 23;firewall-cmd.at:1158;rich rules good;offline rich; 24;firewall-cmd.at:1187;rich rules audit;offline rich; 25;firewall-cmd.at:1195;rich rules priority;offline rich; 26;firewall-cmd.at:1810;rich rules bad;offline rich; 27;firewall-cmd.at:1846;config validation;offline check_config; 28;rfc3964_ipv4.at:1;RFC3964_IPv4;offline rfc3964_ipv4; 29;service_include.at:1;service include;offline service xml gh273 rhbz1720300; 30;helpers_custom.at:1;customer helpers;offline helpers rhbz1733066 gh514 rhbz1769520; 31;firewall-offline-cmd.at:18;lokkit migration;offline lokkit; 32;firewalld.conf.at:1;firewalld.conf;nftables dbus; 33;service.at:1;dbus api - services;nftables dbus service rhbz1721414 rhbz1737045 gh514; 34;firewall-cmd.at:5;basic options;nftables panic reload; 35;firewall-cmd.at:28;get/list options;nftables zone service icmp; 36;firewall-cmd.at:44;default zone;nftables zone; 37;firewall-cmd.at:56;user zone;nftables zone; 38;firewall-cmd.at:76;zone interfaces;nftables zone; 39;firewall-cmd.at:174;zone sources;nftables zone; 40;firewall-cmd.at:226;services;nftables service; 41;firewall-cmd.at:270;user services;nftables service; 42;firewall-cmd.at:352;ports;nftables port; 43;firewall-cmd.at:409;source ports;nftables port; 44;firewall-cmd.at:446;protocols;nftables protocol; 45;firewall-cmd.at:474;masquerade;nftables masquerade nat; 46;firewall-cmd.at:507;forward ports;nftables port forward_port; 47;firewall-cmd.at:624;ICMP block;nftables icmp; 48;firewall-cmd.at:670;user ICMP types;nftables icmp; 49;firewall-cmd.at:693;ipset;nftables ipset rhbz1685256; 50;firewall-cmd.at:884;user helpers;nftables helper; 51;firewall-cmd.at:912;direct;nftables direct; 52;firewall-cmd.at:985;direct nat;nftables direct nat; 53;firewall-cmd.at:1009;direct passthrough;nftables direct passthrough; 54;firewall-cmd.at:1046;direct ebtables;nftables direct ebtables; 55;firewall-cmd.at:1091;lockdown;nftables lockdown; 56;firewall-cmd.at:1158;rich rules good;nftables rich; 57;firewall-cmd.at:1187;rich rules audit;nftables rich; 58;firewall-cmd.at:1195;rich rules priority;nftables rich; 59;firewall-cmd.at:1810;rich rules bad;nftables rich; 60;firewall-cmd.at:1846;config validation;nftables check_config; 61;rhbz1514043.at:1;--set-log-denied does not zero config;nftables log_denied rhbz1514043; 62;rhbz1498923.at:1;invalid direct rule causes reload error;nftables direct reload rhbz1498923; 63;pr181.at:1;combined zones name length check;nftables zone gh181; 64;gh287.at:1;ICMP block inversion;nftables icmp gh287; 65;individual_calls.at:1;individual calls;nftables individual_calls; 66;rhbz1534571.at:3;rule deduplication;nftables rhbz1534571; 67;gh290.at:1;invalid syntax in xml files;nftables xml direct zone gh290; 68;icmp_block_in_forward_chain.at:1;ICMP block present FORWARD chain;nftables icmp; 69;pr323.at:1;GRE proto helper;nftables helper gh323; 70;rhbz1506742.at:1;ipset with timeout;nftables ipset rhbz1506742; 71;rhbz1594657.at:1;no log untracked passthrough queries;nftables direct passthrough rhbz1594657; 72;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;nftables log_denied rhbz1571957 icmp; 73;rhbz1404076.at:1;query single port added with range;nftables port rhbz1404076; 74;gh366.at:1;service destination multiple IP versions;nftables service gh366; 75;rhbz1601610.at:1;ipset duplicate entries;nftables ipset rhbz1601610; 76;gh303.at:1;unicode in XML;nftables xml unicode service gh303; 77;gh335.at:1;forward-port toaddr enables IP forwarding;nftables port forward_port gh335; 78;gh482.at:1;remove forward-port after reload;nftables gh482 rhbz1637675 rich forward_port; 79;gh478.at:1;rich rule marks every packet;nftables rich mark gh478; 80;gh453.at:1;nftables helper objects;nftables helper gh453; 81;gh258.at:1;zone dispatch layout;nftables zone gh258 gh441 rhbz1713823 rhbz1772208 rhbz1796055; 82;rhbz1715977.at:1;rich rule src/dst with service destination;nftables rich service rhbz1715977 rhbz1729097 rhbz1791783; 83;rhbz1723610.at:1;direct remove-rules per family;nftables direct rhbz1723610 gh385; 84;rhbz1734765.at:1;zone sources ordered by name;nftables zone rhbz1734765 rhbz1421222 gh166 rhbz1738545 rhbz1772208 rhbz1796055; 85;gh509.at:1;missing firewalld.conf file;nftables gh509; 86;gh567.at:1;rich rule source w/ mark action;nftables gh567 rich ipset; 87;rhbz1779835.at:1;ipv6 address with brackets;nftables rhbz1779835 ipset zone forward_port rich; 88;gh330.at:1;ipset cleanup on reload/stop;nftables ipset reload gh330 rhbz1682913 rhbz1790948 rhbz1809225; 89;python.at:3;firewalld_test.py;nftables python; 90;python.at:8;firewalld_config.py;nftables python; 91;python.at:13;firewalld_rich.py;nftables python; 92;python.at:18;firewalld_direct.py;nftables python; 93;rfc3964_ipv4.at:1;RFC3964_IPv4;nftables rfc3964_ipv4; 94;service_include.at:1;service include;nftables service xml gh273 rhbz1720300; 95;helpers_custom.at:1;customer helpers;nftables helpers rhbz1733066 gh514 rhbz1769520; 96;firewall-cmd.at:5;basic options;iptables panic reload; 97;firewall-cmd.at:28;get/list options;iptables zone service icmp; 98;firewall-cmd.at:44;default zone;iptables zone; 99;firewall-cmd.at:56;user zone;iptables zone; 100;firewall-cmd.at:76;zone interfaces;iptables zone; 101;firewall-cmd.at:174;zone sources;iptables zone; 102;firewall-cmd.at:226;services;iptables service; 103;firewall-cmd.at:270;user services;iptables service; 104;firewall-cmd.at:352;ports;iptables port; 105;firewall-cmd.at:409;source ports;iptables port; 106;firewall-cmd.at:446;protocols;iptables protocol; 107;firewall-cmd.at:474;masquerade;iptables masquerade nat; 108;firewall-cmd.at:507;forward ports;iptables port forward_port; 109;firewall-cmd.at:624;ICMP block;iptables icmp; 110;firewall-cmd.at:670;user ICMP types;iptables icmp; 111;firewall-cmd.at:693;ipset;iptables ipset rhbz1685256; 112;firewall-cmd.at:884;user helpers;iptables helper; 113;firewall-cmd.at:912;direct;iptables direct; 114;firewall-cmd.at:985;direct nat;iptables direct nat; 115;firewall-cmd.at:1009;direct passthrough;iptables direct passthrough; 116;firewall-cmd.at:1046;direct ebtables;iptables direct ebtables; 117;firewall-cmd.at:1091;lockdown;iptables lockdown; 118;firewall-cmd.at:1158;rich rules good;iptables rich; 119;firewall-cmd.at:1187;rich rules audit;iptables rich; 120;firewall-cmd.at:1195;rich rules priority;iptables rich; 121;firewall-cmd.at:1810;rich rules bad;iptables rich; 122;firewall-cmd.at:1846;config validation;iptables check_config; 123;rhbz1514043.at:1;--set-log-denied does not zero config;iptables log_denied rhbz1514043; 124;rhbz1498923.at:1;invalid direct rule causes reload error;iptables direct reload rhbz1498923; 125;pr181.at:1;combined zones name length check;iptables zone gh181; 126;gh287.at:1;ICMP block inversion;iptables icmp gh287; 127;individual_calls.at:1;individual calls;iptables individual_calls; 128;rhbz1534571.at:3;rule deduplication;iptables rhbz1534571; 129;gh290.at:1;invalid syntax in xml files;iptables xml direct zone gh290; 130;icmp_block_in_forward_chain.at:1;ICMP block present FORWARD chain;iptables icmp; 131;pr323.at:1;GRE proto helper;iptables helper gh323; 132;rhbz1506742.at:1;ipset with timeout;iptables ipset rhbz1506742; 133;rhbz1594657.at:1;no log untracked passthrough queries;iptables direct passthrough rhbz1594657; 134;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;iptables log_denied rhbz1571957 icmp; 135;rhbz1404076.at:1;query single port added with range;iptables port rhbz1404076; 136;gh366.at:1;service destination multiple IP versions;iptables service gh366; 137;rhbz1601610.at:1;ipset duplicate entries;iptables ipset rhbz1601610; 138;gh303.at:1;unicode in XML;iptables xml unicode service gh303; 139;gh335.at:1;forward-port toaddr enables IP forwarding;iptables port forward_port gh335; 140;gh482.at:1;remove forward-port after reload;iptables gh482 rhbz1637675 rich forward_port; 141;gh478.at:1;rich rule marks every packet;iptables rich mark gh478; 142;gh258.at:1;zone dispatch layout;iptables zone gh258 gh441 rhbz1713823 rhbz1772208 rhbz1796055; 143;rhbz1715977.at:1;rich rule src/dst with service destination;iptables rich service rhbz1715977 rhbz1729097 rhbz1791783; 144;rhbz1723610.at:1;direct remove-rules per family;iptables direct rhbz1723610 gh385; 145;rhbz1734765.at:1;zone sources ordered by name;iptables zone rhbz1734765 rhbz1421222 gh166 rhbz1738545 rhbz1772208 rhbz1796055; 146;gh509.at:1;missing firewalld.conf file;iptables gh509; 147;gh567.at:1;rich rule source w/ mark action;iptables gh567 rich ipset; 148;rhbz1779835.at:1;ipv6 address with brackets;iptables rhbz1779835 ipset zone forward_port rich; 149;gh330.at:1;ipset cleanup on reload/stop;iptables ipset reload gh330 rhbz1682913 rhbz1790948 rhbz1809225; 150;python.at:3;firewalld_test.py;iptables python; 151;python.at:8;firewalld_config.py;iptables python; 152;python.at:13;firewalld_rich.py;iptables python; 153;python.at:18;firewalld_direct.py;iptables python; 154;rfc3964_ipv4.at:1;RFC3964_IPv4;iptables rfc3964_ipv4; 155;service_include.at:1;service include;iptables service xml gh273 rhbz1720300; 156;helpers_custom.at:1;customer helpers;iptables helpers rhbz1733066 gh514 rhbz1769520; " # List of the all the test groups. at_groups_all=`$as_echo "$at_help_all" | sed 's/;.*//'` # at_fn_validate_ranges NAME... # ----------------------------- # Validate and normalize the test group number contained in each variable # NAME. Leading zeroes are treated as decimal. at_fn_validate_ranges () { for at_grp do eval at_value=\$$at_grp if test $at_value -lt 1 || test $at_value -gt 156; then $as_echo "invalid test group: $at_value" >&2 exit 1 fi case $at_value in 0*) # We want to treat leading 0 as decimal, like expr and test, but # AS_VAR_ARITH treats it as octal if it uses $(( )). # With XSI shells, ${at_value#${at_value%%[1-9]*}} avoids the # expr fork, but it is not worth the effort to determine if the # shell supports XSI when the user can just avoid leading 0. eval $at_grp='`expr $at_value + 0`' ;; esac done } at_prev= for at_option do # If the previous option needs an argument, assign it. if test -n "$at_prev"; then at_option=$at_prev=$at_option at_prev= fi case $at_option in *=?*) at_optarg=`expr "X$at_option" : '[^=]*=\(.*\)'` ;; *) at_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $at_option in --help | -h ) at_help_p=: ;; --list | -l ) at_list_p=: ;; --version | -V ) at_version_p=: ;; --clean | -c ) at_clean=: ;; --color ) at_color=always ;; --color=* ) case $at_optarg in no | never | none) at_color=never ;; auto | tty | if-tty) at_color=auto ;; always | yes | force) at_color=always ;; *) at_optname=`echo " $at_option" | sed 's/^ //; s/=.*//'` as_fn_error $? "unrecognized argument to $at_optname: $at_optarg" ;; esac ;; --debug | -d ) at_debug_p=: ;; --errexit | -e ) at_debug_p=: at_errexit_p=: ;; --verbose | -v ) at_verbose=; at_quiet=: ;; --trace | -x ) at_traceon='set -x' at_trace_echo=echo at_check_filter_trace=at_fn_filter_trace ;; [0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9]) at_fn_validate_ranges at_option as_fn_append at_groups "$at_option$as_nl" ;; # Ranges [0-9]- | [0-9][0-9]- | [0-9][0-9][0-9]- | [0-9][0-9][0-9][0-9]-) at_range_start=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_start at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,$p'` as_fn_append at_groups "$at_range$as_nl" ;; -[0-9] | -[0-9][0-9] | -[0-9][0-9][0-9] | -[0-9][0-9][0-9][0-9]) at_range_end=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '1,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; [0-9]-[0-9] | [0-9]-[0-9][0-9] | [0-9]-[0-9][0-9][0-9] | \ [0-9]-[0-9][0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9] | \ [0-9][0-9]-[0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] ) at_range_start=`expr $at_option : '\(.*\)-'` at_range_end=`expr $at_option : '.*-\(.*\)'` if test $at_range_start -gt $at_range_end; then at_tmp=$at_range_end at_range_end=$at_range_start at_range_start=$at_tmp fi at_fn_validate_ranges at_range_start at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; # Directory selection. --directory | -C ) at_prev=--directory ;; --directory=* ) at_change_dir=: at_dir=$at_optarg if test x- = "x$at_dir" ; then at_dir=./- fi ;; # Parallel execution. --jobs | -j ) at_jobs=0 ;; --jobs=* | -j[0-9]* ) if test -n "$at_optarg"; then at_jobs=$at_optarg else at_jobs=`expr X$at_option : 'X-j\(.*\)'` fi case $at_jobs in *[!0-9]*) at_optname=`echo " $at_option" | sed 's/^ //; s/[0-9=].*//'` as_fn_error $? "non-numeric argument to $at_optname: $at_jobs" ;; esac ;; # Keywords. --keywords | -k ) at_prev=--keywords ;; --keywords=* ) at_groups_selected=$at_help_all at_save_IFS=$IFS IFS=, set X $at_optarg shift IFS=$at_save_IFS for at_keyword do at_invert= case $at_keyword in '!'*) at_invert="-v" at_keyword=`expr "X$at_keyword" : 'X!\(.*\)'` ;; esac # It is on purpose that we match the test group titles too. at_groups_selected=`$as_echo "$at_groups_selected" | grep -i $at_invert "^[1-9][^;]*;.*[; ]$at_keyword[ ;]"` done # Smash the keywords. at_groups_selected=`$as_echo "$at_groups_selected" | sed 's/;.*//'` as_fn_append at_groups "$at_groups_selected$as_nl" ;; --recheck) at_recheck=: ;; *=*) at_envvar=`expr "x$at_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $at_envvar in '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$at_envvar'" ;; esac at_value=`$as_echo "$at_optarg" | sed "s/'/'\\\\\\\\''/g"` # Export now, but save eval for later and for debug scripts. export $at_envvar as_fn_append at_debug_args " $at_envvar='$at_value'" ;; *) $as_echo "$as_me: invalid option: $at_option" >&2 $as_echo "Try \`$0 --help' for more information." >&2 exit 1 ;; esac done # Verify our last option didn't require an argument if test -n "$at_prev"; then : as_fn_error $? "\`$at_prev' requires an argument" fi # The file containing the suite. at_suite_log=$at_dir/$as_me.log # Selected test groups. if test -z "$at_groups$at_recheck"; then at_groups=$at_groups_all else if test -n "$at_recheck" && test -r "$at_suite_log"; then at_oldfails=`sed -n ' /^Failed tests:$/,/^Skipped tests:$/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^Unexpected passes:$/,/^## Detailed failed tests/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^## Detailed failed tests/q ' "$at_suite_log"` as_fn_append at_groups "$at_oldfails$as_nl" fi # Sort the tests, removing duplicates. at_groups=`$as_echo "$at_groups" | sort -nu | sed '/^$/d'` fi if test x"$at_color" = xalways \ || { test x"$at_color" = xauto && test -t 1; }; then at_red=`printf '\033[0;31m'` at_grn=`printf '\033[0;32m'` at_lgn=`printf '\033[1;32m'` at_blu=`printf '\033[1;34m'` at_std=`printf '\033[m'` else at_red= at_grn= at_lgn= at_blu= at_std= fi # Help message. if $at_help_p; then cat <<_ATEOF || at_write_fail=1 Usage: $0 [OPTION]... [VARIABLE=VALUE]... [TESTS] Run all the tests, or the selected TESTS, given by numeric ranges, and save a detailed log file. Upon failure, create debugging scripts. Do not change environment variables directly. Instead, set them via command line arguments. Set \`AUTOTEST_PATH' to select the executables to exercise. Each relative directory is expanded as build and source directories relative to the top level of this distribution. E.g., from within the build directory /tmp/foo-1.0, invoking this: $ $0 AUTOTEST_PATH=bin is equivalent to the following, assuming the source directory is /src/foo-1.0: PATH=/tmp/foo-1.0/bin:/src/foo-1.0/bin:\$PATH $0 _ATEOF cat <<_ATEOF || at_write_fail=1 Operation modes: -h, --help print the help message, then exit -V, --version print version number, then exit -c, --clean remove all the files this test suite might create and exit -l, --list describes all the tests, or the selected TESTS _ATEOF cat <<_ATEOF || at_write_fail=1 Execution tuning: -C, --directory=DIR change to directory DIR before starting --color[=never|auto|always] disable colored test results, or enable even without terminal -j, --jobs[=N] Allow N jobs at once; infinite jobs with no arg (default 1) -k, --keywords=KEYWORDS select the tests matching all the comma-separated KEYWORDS multiple \`-k' accumulate; prefixed \`!' negates a KEYWORD --recheck select all tests that failed or passed unexpectedly last time -e, --errexit abort as soon as a test fails; implies --debug -v, --verbose force more detailed output default for debugging scripts -d, --debug inhibit clean up and top-level logging default for debugging scripts -x, --trace enable tests shell tracing _ATEOF cat <<_ATEOF || at_write_fail=1 Report bugs to . firewalld home page: . _ATEOF exit $at_write_fail fi # List of tests. if $at_list_p; then cat <<_ATEOF || at_write_fail=1 firewalld 0.8.2 test suite test groups: NUM: FILE-NAME:LINE TEST-GROUP-NAME KEYWORDS _ATEOF # Pass an empty line as separator between selected groups and help. $as_echo "$at_groups$as_nl$as_nl$at_help_all" | awk 'NF == 1 && FS != ";" { selected[$ 1] = 1 next } /^$/ { FS = ";" } NF > 0 { if (selected[$ 1]) { printf " %3d: %-18s %s\n", $ 1, $ 2, $ 3 if ($ 4) { lmax = 79 indent = " " line = indent len = length (line) n = split ($ 4, a, " ") for (i = 1; i <= n; i++) { l = length (a[i]) + 1 if (i > 1 && len + l > lmax) { print line line = indent " " a[i] len = length (line) } else { line = line " " a[i] len += l } } if (n) print line } } }' || at_write_fail=1 exit $at_write_fail fi if $at_version_p; then $as_echo "$as_me (firewalld 0.8.2)" && cat <<\_ATEOF || at_write_fail=1 Copyright (C) 2012 Free Software Foundation, Inc. This test suite is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ATEOF exit $at_write_fail fi # Should we print banners? Yes if more than one test is run. case $at_groups in #( *$as_nl* ) at_print_banners=: ;; #( * ) at_print_banners=false ;; esac # Text for banner N, set to a single space once printed. # Banner 1. firewall-offline-cmd.at:1 # Category starts at test group 1. at_banner_text_1="firewall-offline-cmd" # Banner 2. features.at:1 # Category starts at test group 28. at_banner_text_2="features (FIREWALL_BACKEND)" # Banner 3. dbus.at:1 # Category starts at test group 32. at_banner_text_3="dbus" # Banner 4. firewall-cmd.at:1 # Category starts at test group 34. at_banner_text_4="firewall-cmd (nftables)" # Banner 5. regression.at:1 # Category starts at test group 61. at_banner_text_5="regression (nftables)" # Banner 6. python.at:1 # Category starts at test group 89. at_banner_text_6="python (nftables)" # Banner 7. features.at:1 # Category starts at test group 93. at_banner_text_7="features (nftables)" # Banner 8. firewall-cmd.at:1 # Category starts at test group 96. at_banner_text_8="firewall-cmd (iptables)" # Banner 9. regression.at:1 # Category starts at test group 123. at_banner_text_9="regression (iptables)" # Banner 10. python.at:1 # Category starts at test group 150. at_banner_text_10="python (iptables)" # Banner 11. features.at:1 # Category starts at test group 154. at_banner_text_11="features (iptables)" # Take any -C into account. if $at_change_dir ; then test x != "x$at_dir" && cd "$at_dir" \ || as_fn_error $? "unable to change directory" at_dir=`pwd` fi # Load the config files for any default variable assignments. for at_file in atconfig atlocal do test -r $at_file || continue . ./$at_file || as_fn_error $? "invalid content: $at_file" done # Autoconf <=2.59b set at_top_builddir instead of at_top_build_prefix: : "${at_top_build_prefix=$at_top_builddir}" # Perform any assignments requested during argument parsing. eval "$at_debug_args" # atconfig delivers names relative to the directory the test suite is # in, but the groups themselves are run in testsuite-dir/group-dir. if test -n "$at_top_srcdir"; then builddir=../.. for at_dir_var in srcdir top_srcdir top_build_prefix do eval at_val=\$at_$at_dir_var case $at_val in [\\/$]* | ?:[\\/]* ) at_prefix= ;; *) at_prefix=../../ ;; esac eval "$at_dir_var=\$at_prefix\$at_val" done fi ## -------------------- ## ## Directory structure. ## ## -------------------- ## # This is the set of directories and files used by this script # (non-literals are capitalized): # # TESTSUITE - the testsuite # TESTSUITE.log - summarizes the complete testsuite run # TESTSUITE.dir/ - created during a run, remains after -d or failed test # + at-groups/ - during a run: status of all groups in run # | + NNN/ - during a run: meta-data about test group NNN # | | + check-line - location (source file and line) of current AT_CHECK # | | + status - exit status of current AT_CHECK # | | + stdout - stdout of current AT_CHECK # | | + stder1 - stderr, including trace # | | + stderr - stderr, with trace filtered out # | | + test-source - portion of testsuite that defines group # | | + times - timestamps for computing duration # | | + pass - created if group passed # | | + xpass - created if group xpassed # | | + fail - created if group failed # | | + xfail - created if group xfailed # | | + skip - created if group skipped # + at-stop - during a run: end the run if this file exists # + at-source-lines - during a run: cache of TESTSUITE line numbers for extraction # + 0..NNN/ - created for each group NNN, remains after -d or failed test # | + TESTSUITE.log - summarizes the group results # | + ... - files created during the group # The directory the whole suite works in. # Should be absolute to let the user `cd' at will. at_suite_dir=$at_dir/$as_me.dir # The file containing the suite ($at_dir might have changed since earlier). at_suite_log=$at_dir/$as_me.log # The directory containing helper files per test group. at_helper_dir=$at_suite_dir/at-groups # Stop file: if it exists, do not start new jobs. at_stop_file=$at_suite_dir/at-stop # The fifo used for the job dispatcher. at_job_fifo=$at_suite_dir/at-job-fifo if $at_clean; then test -d "$at_suite_dir" && find "$at_suite_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -f -r "$at_suite_dir" "$at_suite_log" exit $? fi # Don't take risks: use only absolute directories in PATH. # # For stand-alone test suites (ie. atconfig was not found), # AUTOTEST_PATH is relative to `.'. # # For embedded test suites, AUTOTEST_PATH is relative to the top level # of the package. Then expand it into build/src parts, since users # may create executables in both places. AUTOTEST_PATH=`$as_echo "$AUTOTEST_PATH" | sed "s|:|$PATH_SEPARATOR|g"` at_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $AUTOTEST_PATH $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -n "$at_path" && as_fn_append at_path $PATH_SEPARATOR case $as_dir in [\\/]* | ?:[\\/]* ) as_fn_append at_path "$as_dir" ;; * ) if test -z "$at_top_build_prefix"; then # Stand-alone test suite. as_fn_append at_path "$as_dir" else # Embedded test suite. as_fn_append at_path "$at_top_build_prefix$as_dir$PATH_SEPARATOR" as_fn_append at_path "$at_top_srcdir/$as_dir" fi ;; esac done IFS=$as_save_IFS # Now build and simplify PATH. # # There might be directories that don't exist, but don't redirect # builtins' (eg., cd) stderr directly: Ultrix's sh hates that. at_new_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $at_path do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -d "$as_dir" || continue case $as_dir in [\\/]* | ?:[\\/]* ) ;; * ) as_dir=`(cd "$as_dir" && pwd) 2>/dev/null` ;; esac case $PATH_SEPARATOR$at_new_path$PATH_SEPARATOR in *$PATH_SEPARATOR$as_dir$PATH_SEPARATOR*) ;; $PATH_SEPARATOR$PATH_SEPARATOR) at_new_path=$as_dir ;; *) as_fn_append at_new_path "$PATH_SEPARATOR$as_dir" ;; esac done IFS=$as_save_IFS PATH=$at_new_path export PATH # Setting up the FDs. # 5 is the log file. Not to be overwritten if `-d'. if $at_debug_p; then at_suite_log=/dev/null else : >"$at_suite_log" fi exec 5>>"$at_suite_log" # Banners and logs. $as_echo "## --------------------------- ## ## firewalld 0.8.2 test suite. ## ## --------------------------- ##" { $as_echo "## --------------------------- ## ## firewalld 0.8.2 test suite. ## ## --------------------------- ##" echo $as_echo "$as_me: command line was:" $as_echo " \$ $0 $at_cli_args" echo # If ChangeLog exists, list a few lines in case it might help determining # the exact version. if test -n "$at_top_srcdir" && test -f "$at_top_srcdir/ChangeLog"; then $as_echo "## ---------- ## ## ChangeLog. ## ## ---------- ##" echo sed 's/^/| /;10q' "$at_top_srcdir/ChangeLog" echo fi { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } echo # Contents of the config files. for at_file in atconfig atlocal do test -r $at_file || continue $as_echo "$as_me: $at_file:" sed 's/^/| /' $at_file echo done } >&5 ## ------------------------- ## ## Autotest shell functions. ## ## ------------------------- ## # at_fn_banner NUMBER # ------------------- # Output banner NUMBER, provided the testsuite is running multiple groups and # this particular banner has not yet been printed. at_fn_banner () { $at_print_banners || return 0 eval at_banner_text=\$at_banner_text_$1 test "x$at_banner_text" = "x " && return 0 eval "at_banner_text_$1=\" \"" if test -z "$at_banner_text"; then $at_first || echo else $as_echo "$as_nl$at_banner_text$as_nl" fi } # at_fn_banner # at_fn_check_prepare_notrace REASON LINE # --------------------------------------- # Perform AT_CHECK preparations for the command at LINE for an untraceable # command; REASON is the reason for disabling tracing. at_fn_check_prepare_notrace () { $at_trace_echo "Not enabling shell tracing (command contains $1)" $as_echo "$2" >"$at_check_line_file" at_check_trace=: at_check_filter=: : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_trace LINE # ------------------------------ # Perform AT_CHECK preparations for the command at LINE for a traceable # command. at_fn_check_prepare_trace () { $as_echo "$1" >"$at_check_line_file" at_check_trace=$at_traceon at_check_filter=$at_check_filter_trace : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_dynamic COMMAND LINE # ---------------------------------------- # Decide if COMMAND at LINE is traceable at runtime, and call the appropriate # preparation function. at_fn_check_prepare_dynamic () { case $1 in *$as_nl*) at_fn_check_prepare_notrace 'an embedded newline' "$2" ;; *) at_fn_check_prepare_trace "$2" ;; esac } # at_fn_filter_trace # ------------------ # Remove the lines in the file "$at_stderr" generated by "set -x" and print # them to stderr. at_fn_filter_trace () { mv "$at_stderr" "$at_stder1" grep '^ *+' "$at_stder1" >&2 grep -v '^ *+' "$at_stder1" >"$at_stderr" } # at_fn_log_failure FILE-LIST # --------------------------- # Copy the files in the list on stdout with a "> " prefix, and exit the shell # with a failure exit code. at_fn_log_failure () { for file do $as_echo "$file:"; sed 's/^/> /' "$file"; done echo 1 > "$at_status_file" exit 1 } # at_fn_check_skip EXIT-CODE LINE # ------------------------------- # Check whether EXIT-CODE is a special exit code (77 or 99), and if so exit # the test group subshell with that same exit code. Use LINE in any report # about test failure. at_fn_check_skip () { case $1 in 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$2: hard failure"; exit 99;; 77) echo 77 > "$at_status_file"; exit 77;; esac } # at_fn_check_status EXPECTED EXIT-CODE LINE # ------------------------------------------ # Check whether EXIT-CODE is the EXPECTED exit code, and if so do nothing. # Otherwise, if it is 77 or 99, exit the test group subshell with that same # exit code; if it is anything else print an error message referring to LINE, # and fail the test. at_fn_check_status () { case $2 in $1 ) ;; 77) echo 77 > "$at_status_file"; exit 77;; 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$3: hard failure"; exit 99;; *) $as_echo "$3: exit code was $2, expected $1" at_failed=:;; esac } # at_fn_diff_devnull FILE # ----------------------- # Emit a diff between /dev/null and FILE. Uses "test -s" to avoid useless diff # invocations. at_fn_diff_devnull () { test -s "$1" || return 0 $at_diff "$at_devnull" "$1" } # at_fn_test NUMBER # ----------------- # Parse out test NUMBER from the tail of this file. at_fn_test () { eval at_sed=\$at_sed$1 sed "$at_sed" "$at_myself" > "$at_test_source" } # at_fn_create_debugging_script # ----------------------------- # Create the debugging script $at_group_dir/run which will reproduce the # current test group. at_fn_create_debugging_script () { { echo "#! /bin/sh" && echo 'test "${ZSH_VERSION+set}" = set && alias -g '\''${1+"$@"}'\''='\''"$@"'\''' && $as_echo "cd '$at_dir'" && $as_echo "exec \${CONFIG_SHELL-$SHELL} \"$at_myself\" -v -d $at_debug_args $at_group \${1+\"\$@\"}" && echo 'exit 1' } >"$at_group_dir/run" && chmod +x "$at_group_dir/run" } ## -------------------------------- ## ## End of autotest shell functions. ## ## -------------------------------- ## { $as_echo "## ---------------- ## ## Tested programs. ## ## ---------------- ##" echo } >&5 # Report what programs are being tested. for at_program in : $at_tested do test "$at_program" = : && continue case $at_program in [\\/]* | ?:[\\/]* ) $at_program_=$at_program ;; * ) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -f "$as_dir/$at_program" && break done IFS=$as_save_IFS at_program_=$as_dir/$at_program ;; esac if test -f "$at_program_"; then { $as_echo "$at_srcdir/testsuite.at:1: $at_program_ --version" "$at_program_" --version &5 2>&1 else as_fn_error $? "cannot find $at_program" "$LINENO" 5 fi done { $as_echo "## ------------------ ## ## Running the tests. ## ## ------------------ ##" } >&5 at_start_date=`date` at_start_time=`date +%s 2>/dev/null` $as_echo "$as_me: starting at: $at_start_date" >&5 # Create the master directory if it doesn't already exist. as_dir="$at_suite_dir"; as_fn_mkdir_p || as_fn_error $? "cannot create \`$at_suite_dir'" "$LINENO" 5 # Can we diff with `/dev/null'? DU 5.0 refuses. if diff /dev/null /dev/null >/dev/null 2>&1; then at_devnull=/dev/null else at_devnull=$at_suite_dir/devnull >"$at_devnull" fi # Use `diff -u' when possible. if at_diff=`diff -u "$at_devnull" "$at_devnull" 2>&1` && test -z "$at_diff" then at_diff='diff -u' else at_diff=diff fi # Get the last needed group. for at_group in : $at_groups; do :; done # Extract the start and end lines of each test group at the tail # of this file awk ' BEGIN { FS="" } /^#AT_START_/ { start = NR } /^#AT_STOP_/ { test = substr ($ 0, 10) print "at_sed" test "=\"1," start "d;" (NR-1) "q\"" if (test == "'"$at_group"'") exit }' "$at_myself" > "$at_suite_dir/at-source-lines" && . "$at_suite_dir/at-source-lines" || as_fn_error $? "cannot create test line number cache" "$LINENO" 5 rm -f "$at_suite_dir/at-source-lines" # Set number of jobs for `-j'; avoid more jobs than test groups. set X $at_groups; shift; at_max_jobs=$# if test $at_max_jobs -eq 0; then at_jobs=1 fi if test $at_jobs -ne 1 && { test $at_jobs -eq 0 || test $at_jobs -gt $at_max_jobs; }; then at_jobs=$at_max_jobs fi # If parallel mode, don't output banners, don't split summary lines. if test $at_jobs -ne 1; then at_print_banners=false at_quiet=: fi # Set up helper dirs. rm -rf "$at_helper_dir" && mkdir "$at_helper_dir" && cd "$at_helper_dir" && { test -z "$at_groups" || mkdir $at_groups; } || as_fn_error $? "testsuite directory setup failed" "$LINENO" 5 # Functions for running a test group. We leave the actual # test group execution outside of a shell function in order # to avoid hitting zsh 4.x exit status bugs. # at_fn_group_prepare # ------------------- # Prepare for running a test group. at_fn_group_prepare () { # The directory for additional per-group helper files. at_job_dir=$at_helper_dir/$at_group # The file containing the location of the last AT_CHECK. at_check_line_file=$at_job_dir/check-line # The file containing the exit status of the last command. at_status_file=$at_job_dir/status # The files containing the output of the tested commands. at_stdout=$at_job_dir/stdout at_stder1=$at_job_dir/stder1 at_stderr=$at_job_dir/stderr # The file containing the code for a test group. at_test_source=$at_job_dir/test-source # The file containing dates. at_times_file=$at_job_dir/times # Be sure to come back to the top test directory. cd "$at_suite_dir" # Clearly separate the test groups when verbose. $at_first || $at_verbose echo at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' # Create a fresh directory for the next test group, and enter. # If one already exists, the user may have invoked ./run from # within that directory; we remove the contents, but not the # directory itself, so that we aren't pulling the rug out from # under the shell's notion of the current directory. at_group_dir=$at_suite_dir/$at_group_normalized at_group_log=$at_group_dir/$as_me.log if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx {} \; rm -fr "$at_group_dir"/* "$at_group_dir"/.[!.] "$at_group_dir"/.??* fi || { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: test directory for $at_group_normalized could not be cleaned" >&5 $as_echo "$as_me: WARNING: test directory for $at_group_normalized could not be cleaned" >&2;} # Be tolerant if the above `rm' was not able to remove the directory. as_dir="$at_group_dir"; as_fn_mkdir_p echo 0 > "$at_status_file" # In verbose mode, append to the log file *and* show on # the standard output; in quiet mode only write to the log. if test -z "$at_verbose"; then at_tee_pipe='tee -a "$at_group_log"' else at_tee_pipe='cat >> "$at_group_log"' fi } # at_fn_group_banner ORDINAL LINE DESC PAD [BANNER] # ------------------------------------------------- # Declare the test group ORDINAL, located at LINE with group description DESC, # and residing under BANNER. Use PAD to align the status column. at_fn_group_banner () { at_setup_line="$2" test -n "$5" && at_fn_banner $5 at_desc="$3" case $1 in [0-9]) at_desc_line=" $1: ";; [0-9][0-9]) at_desc_line=" $1: " ;; *) at_desc_line="$1: " ;; esac as_fn_append at_desc_line "$3$4" $at_quiet $as_echo_n "$at_desc_line" echo "# -*- compilation -*-" >> "$at_group_log" } # at_fn_group_postprocess # ----------------------- # Perform cleanup after running a test group. at_fn_group_postprocess () { # Be sure to come back to the suite directory, in particular # since below we might `rm' the group directory we are in currently. cd "$at_suite_dir" if test ! -f "$at_check_line_file"; then sed "s/^ */$as_me: WARNING: /" <<_ATEOF A failure happened in a test group before any test could be run. This means that test suite is improperly designed. Please report this failure to . _ATEOF $as_echo "$at_setup_line" >"$at_check_line_file" at_status=99 fi $at_verbose $as_echo_n "$at_group. $at_setup_line: " $as_echo_n "$at_group. $at_setup_line: " >> "$at_group_log" case $at_xfail:$at_status in yes:0) at_msg="UNEXPECTED PASS" at_res=xpass at_errexit=$at_errexit_p at_color=$at_red ;; no:0) at_msg="ok" at_res=pass at_errexit=false at_color=$at_grn ;; *:77) at_msg='skipped ('`cat "$at_check_line_file"`')' at_res=skip at_errexit=false at_color=$at_blu ;; no:* | *:99) at_msg='FAILED ('`cat "$at_check_line_file"`')' at_res=fail at_errexit=$at_errexit_p at_color=$at_red ;; yes:*) at_msg='expected failure ('`cat "$at_check_line_file"`')' at_res=xfail at_errexit=false at_color=$at_lgn ;; esac echo "$at_res" > "$at_job_dir/$at_res" # In parallel mode, output the summary line only afterwards. if test $at_jobs -ne 1 && test -n "$at_verbose"; then $as_echo "$at_desc_line $at_color$at_msg$at_std" else # Make sure there is a separator even with long titles. $as_echo " $at_color$at_msg$at_std" fi at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg" case $at_status in 0|77) # $at_times_file is only available if the group succeeded. # We're not including the group log, so the success message # is written in the global log separately. But we also # write to the group log in case they're using -d. if test -f "$at_times_file"; then at_log_msg="$at_log_msg ("`sed 1d "$at_times_file"`')' rm -f "$at_times_file" fi $as_echo "$at_log_msg" >> "$at_group_log" $as_echo "$at_log_msg" >&5 # Cleanup the group directory, unless the user wants the files # or the success was unexpected. if $at_debug_p || test $at_res = xpass; then at_fn_create_debugging_script if test $at_res = xpass && $at_errexit; then echo stop > "$at_stop_file" fi else if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -fr "$at_group_dir" fi rm -f "$at_test_source" fi ;; *) # Upon failure, include the log into the testsuite's global # log. The failure message is written in the group log. It # is later included in the global log. $as_echo "$at_log_msg" >> "$at_group_log" # Upon failure, keep the group directory for autopsy, and create # the debugging script. With -e, do not start any further tests. at_fn_create_debugging_script if $at_errexit; then echo stop > "$at_stop_file" fi ;; esac } ## ------------ ## ## Driver loop. ## ## ------------ ## if (set -m && set +m && set +b) >/dev/null 2>&1; then set +b at_job_control_on='set -m' at_job_control_off='set +m' at_job_group=- else at_job_control_on=: at_job_control_off=: at_job_group= fi for at_signal in 1 2 15; do trap 'set +x; set +e $at_job_control_off at_signal='"$at_signal"' echo stop > "$at_stop_file" trap "" $at_signal at_pgids= for at_pgid in `jobs -p 2>/dev/null`; do at_pgids="$at_pgids $at_job_group$at_pgid" done test -z "$at_pgids" || kill -$at_signal $at_pgids 2>/dev/null wait if test "$at_jobs" -eq 1 || test -z "$at_verbose"; then echo >&2 fi at_signame=`kill -l $at_signal 2>&1 || echo $at_signal` set x $at_signame test 0 -gt 2 && at_signame=$at_signal { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: caught signal $at_signame, bailing out" >&5 $as_echo "$as_me: WARNING: caught signal $at_signame, bailing out" >&2;} as_fn_arith 128 + $at_signal && exit_status=$as_val as_fn_exit $exit_status' $at_signal done rm -f "$at_stop_file" at_first=: if test $at_jobs -ne 1 && rm -f "$at_job_fifo" && test -n "$at_job_group" && ( mkfifo "$at_job_fifo" && trap 'exit 1' PIPE STOP TSTP ) 2>/dev/null then # FIFO job dispatcher. trap 'at_pids= for at_pid in `jobs -p`; do at_pids="$at_pids $at_job_group$at_pid" done if test -n "$at_pids"; then at_sig=TSTP test "${TMOUT+set}" = set && at_sig=STOP kill -$at_sig $at_pids 2>/dev/null fi kill -STOP $$ test -z "$at_pids" || kill -CONT $at_pids 2>/dev/null' TSTP echo # Turn jobs into a list of numbers, starting from 1. at_joblist=`$as_echo "$at_groups" | sed -n 1,${at_jobs}p` set X $at_joblist shift for at_group in $at_groups; do $at_job_control_on 2>/dev/null ( # Start one test group. $at_job_control_off if $at_first; then exec 7>"$at_job_fifo" else exec 6<&- fi trap 'set +x; set +e trap "" PIPE echo stop > "$at_stop_file" echo >&7 as_fn_exit 141' PIPE at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source" then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess echo >&7 ) & $at_job_control_off if $at_first; then at_first=false exec 6<"$at_job_fifo" 7>"$at_job_fifo" fi shift # Consume one token. if test $# -gt 0; then :; else read at_token <&6 || break set x $* fi test -f "$at_stop_file" && break done exec 7>&- # Read back the remaining ($at_jobs - 1) tokens. set X $at_joblist shift if test $# -gt 0; then shift for at_job do read at_token done <&6 fi exec 6<&- wait else # Run serially, avoid forks and other potential surprises. for at_group in $at_groups; do at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source"; then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess test -f "$at_stop_file" && break at_first=false done fi # Wrap up the test suite with summary statistics. cd "$at_helper_dir" # Use ?..???? when the list must remain sorted, the faster * otherwise. at_pass_list=`for f in */pass; do echo $f; done | sed '/\*/d; s,/pass,,'` at_skip_list=`for f in */skip; do echo $f; done | sed '/\*/d; s,/skip,,'` at_xfail_list=`for f in */xfail; do echo $f; done | sed '/\*/d; s,/xfail,,'` at_xpass_list=`for f in ?/xpass ??/xpass ???/xpass ????/xpass; do echo $f; done | sed '/?/d; s,/xpass,,'` at_fail_list=`for f in ?/fail ??/fail ???/fail ????/fail; do echo $f; done | sed '/?/d; s,/fail,,'` set X $at_pass_list $at_xpass_list $at_xfail_list $at_fail_list $at_skip_list shift; at_group_count=$# set X $at_xpass_list; shift; at_xpass_count=$#; at_xpass_list=$* set X $at_xfail_list; shift; at_xfail_count=$# set X $at_fail_list; shift; at_fail_count=$#; at_fail_list=$* set X $at_skip_list; shift; at_skip_count=$# as_fn_arith $at_group_count - $at_skip_count && at_run_count=$as_val as_fn_arith $at_xpass_count + $at_fail_count && at_unexpected_count=$as_val as_fn_arith $at_xfail_count + $at_fail_count && at_total_fail_count=$as_val # Back to the top directory. cd "$at_dir" rm -rf "$at_helper_dir" # Compute the duration of the suite. at_stop_date=`date` at_stop_time=`date +%s 2>/dev/null` $as_echo "$as_me: ending at: $at_stop_date" >&5 case $at_start_time,$at_stop_time in [0-9]*,[0-9]*) as_fn_arith $at_stop_time - $at_start_time && at_duration_s=$as_val as_fn_arith $at_duration_s / 60 && at_duration_m=$as_val as_fn_arith $at_duration_m / 60 && at_duration_h=$as_val as_fn_arith $at_duration_s % 60 && at_duration_s=$as_val as_fn_arith $at_duration_m % 60 && at_duration_m=$as_val at_duration="${at_duration_h}h ${at_duration_m}m ${at_duration_s}s" $as_echo "$as_me: test suite duration: $at_duration" >&5 ;; esac echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo { echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo } >&5 if test $at_run_count = 1; then at_result="1 test" at_were=was else at_result="$at_run_count tests" at_were=were fi if $at_errexit_p && test $at_unexpected_count != 0; then if test $at_xpass_count = 1; then at_result="$at_result $at_were run, one passed" else at_result="$at_result $at_were run, one failed" fi at_result="$at_result unexpectedly and inhibited subsequent tests." at_color=$at_red else # Don't you just love exponential explosion of the number of cases? at_color=$at_red case $at_xpass_count:$at_fail_count:$at_xfail_count in # So far, so good. 0:0:0) at_result="$at_result $at_were successful." at_color=$at_grn ;; 0:0:*) at_result="$at_result behaved as expected." at_color=$at_lgn ;; # Some unexpected failures 0:*:0) at_result="$at_result $at_were run, $at_fail_count failed unexpectedly." ;; # Some failures, both expected and unexpected 0:*:1) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; 0:*:*) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; # No unexpected failures, but some xpasses *:0:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly." ;; # No expected failures, but failures and xpasses *:1:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failure)." ;; *:*:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failures)." ;; # All of them. *:*:1) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; *:*:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; esac if test $at_skip_count = 0 && test $at_run_count -gt 1; then at_result="All $at_result" fi fi # Now put skips in the mix. case $at_skip_count in 0) ;; 1) at_result="$at_result 1 test was skipped." ;; *) at_result="$at_result $at_skip_count tests were skipped." ;; esac if test $at_unexpected_count = 0; then echo "$at_color$at_result$at_std" echo "$at_result" >&5 else echo "${at_color}ERROR: $at_result$at_std" >&2 echo "ERROR: $at_result" >&5 { echo $as_echo "## ------------------------ ## ## Summary of the failures. ## ## ------------------------ ##" # Summary of failed and skipped tests. if test $at_fail_count != 0; then echo "Failed tests:" $SHELL "$at_myself" $at_fail_list --list echo fi if test $at_skip_count != 0; then echo "Skipped tests:" $SHELL "$at_myself" $at_skip_list --list echo fi if test $at_xpass_count != 0; then echo "Unexpected passes:" $SHELL "$at_myself" $at_xpass_list --list echo fi if test $at_fail_count != 0; then $as_echo "## ---------------------- ## ## Detailed failed tests. ## ## ---------------------- ##" echo for at_group in $at_fail_list do at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' cat "$at_suite_dir/$at_group_normalized/$as_me.log" echo done echo fi if test -n "$at_top_srcdir"; then sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## ${at_top_build_prefix}config.log ## _ASBOX sed 's/^/| /' ${at_top_build_prefix}config.log echo fi } >&5 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## $as_me.log was created. ## _ASBOX echo if $at_debug_p; then at_msg='per-test log files' else at_msg="\`${at_testdir+${at_testdir}/}$as_me.log'" fi $as_echo "Please send $at_msg and all information you think might help: To: Subject: [firewalld 0.8.2] $as_me: $at_fail_list${at_fail_list:+ failed${at_xpass_list:+, }}$at_xpass_list${at_xpass_list:+ passed unexpectedly} You may investigate any problem if you feel able to do so, in which case the test suite provides a good starting point. Its output may be found below \`${at_testdir+${at_testdir}/}$as_me.dir'. " exit 1 fi exit 0 ## ------------- ## ## Actual tests. ## ## ------------- ## #AT_START_1 at_fn_group_banner 1 'firewall-cmd.at:5' \ "basic options" " " 1 at_xfail=no ( $as_echo "1. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:17: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --complete-reload " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --complete-reload " "firewall-cmd.at:17" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --complete-reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:17" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_1 #AT_START_2 at_fn_group_banner 2 'firewall-cmd.at:28' \ "get/list options" " " 1 at_xfail=no ( $as_echo "2. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:34: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zones " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zones " "firewall-cmd.at:34" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:35: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-services " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services " "firewall-cmd.at:35" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:36: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes " "firewall-cmd.at:36" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:40: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-all-zones " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all-zones " "firewall-cmd.at:40" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:40" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:41: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-all " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all " "firewall-cmd.at:41" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_2 #AT_START_3 at_fn_group_banner 3 'firewall-cmd.at:44' \ "default zone" " " 1 at_xfail=no ( $as_echo "3. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" "firewall-cmd.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:49: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"home\"" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"home\"" "firewall-cmd.at:49" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone="home" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:49" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:50: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" "firewall-cmd.at:50" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "home " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:50" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:52: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"public\"" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"public\"" "firewall-cmd.at:52" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:52" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:53: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone" "firewall-cmd.at:53" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:53" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_3 #AT_START_4 at_fn_group_banner 4 'firewall-cmd.at:56' \ "user zone" " " 1 at_xfail=no ( $as_echo "4. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:60: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar " "firewall-cmd.at:60" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:60" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:61: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zones | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:61" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zones | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep default " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=BAD " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=BAD " "firewall-cmd.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=BAD ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/firewall-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% " "firewall-cmd.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP " "firewall-cmd.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " "firewall-cmd.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep ACCEPT " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-service=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-service=ssh " "firewall-cmd.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghi " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghi " "firewall-cmd.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:72: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghij " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghij " "firewall-cmd.at:72" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghij ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/firewall-cmd.at:72" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_4 #AT_START_5 at_fn_group_banner 5 'firewall-cmd.at:76' \ "zone interfaces" " " 1 at_xfail=no ( $as_echo "5. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:108: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --get-default-zone" "firewall-cmd.at:108" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:108" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:109: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --set-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --set-default-zone" "firewall-cmd.at:109" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:109" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:112: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --add-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --add-interface=perm_dummy " "firewall-cmd.at:112" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:112" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:113: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --add-interface=perm_dummy2 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --add-interface=perm_dummy2 " "firewall-cmd.at:113" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --add-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:113" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:115: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " "firewall-cmd.at:115" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:115" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:117: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-interface=perm_dummy " "firewall-cmd.at:117" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:117" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:118: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --list-interfaces " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --list-interfaces " "firewall-cmd.at:118" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "perm_dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:118" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:124: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " "firewall-cmd.at:124" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:124" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:125: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " "firewall-cmd.at:125" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:125" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:127: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " "firewall-cmd.at:127" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:127" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:128: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " "firewall-cmd.at:128" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:128" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:129: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " "firewall-cmd.at:129" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:129" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:130: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " "firewall-cmd.at:130" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:130" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:132: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " "firewall-cmd.at:132" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:132" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:133: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " "firewall-cmd.at:133" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:133" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:134: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --remove-interface=perm_dummy2 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --remove-interface=perm_dummy2 " "firewall-cmd.at:134" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --remove-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:134" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:139: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=trusted" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=trusted" "firewall-cmd.at:139" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:139" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:140: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" "firewall-cmd.at:140" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:140" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:146: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=public" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=public" "firewall-cmd.at:146" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:146" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:169: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-interface=foobar+ " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-interface=foobar+ " "firewall-cmd.at:169" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:169" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:170: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-interface=foobar+ " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-interface=foobar+ " "firewall-cmd.at:170" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:170" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_5 #AT_START_6 at_fn_group_banner 6 'firewall-cmd.at:174' \ "zone sources" " " 1 at_xfail=no ( $as_echo "6. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=3ffe:501:ffff::/64 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=dead:beef::babe " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_6 #AT_START_7 at_fn_group_banner 7 'firewall-cmd.at:226' \ "services" " " 1 at_xfail=no ( $as_echo "7. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:226" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:238: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service dns " "firewall-cmd.at:238" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:238" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:239: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --list-services " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --list-services " "firewall-cmd.at:239" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dns ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:239" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:241: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service dns " "firewall-cmd.at:241" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:241" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:242: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-service-from-zone=dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-service-from-zone=dns " "firewall-cmd.at:242" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-service-from-zone=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:242" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:247: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service=dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service=dns " "firewall-cmd.at:247" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:247" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:248: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=smtpssssssss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=smtpssssssss " "firewall-cmd.at:248" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:248" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:249: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=dns --add-interface=dummy0 " "firewall-cmd.at:249" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:249" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:258: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-service=http --add-service=nfs " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-service=http --add-service=nfs " "firewall-cmd.at:258" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-service=http --add-service=nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:258" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:259: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service http " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http " "firewall-cmd.at:259" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:259" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:260: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service=nfs --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service=nfs --zone=public " "firewall-cmd.at:260" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:260" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:261: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-service-from-zone=nfs --remove-service-from-zone=http " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-service-from-zone=nfs --remove-service-from-zone=http " "firewall-cmd.at:261" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-service-from-zone=nfs --remove-service-from-zone=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:261" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:266: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service http " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http " "firewall-cmd.at:266" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:266" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:267: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service nfs " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service nfs " "firewall-cmd.at:267" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:267" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_7 #AT_START_8 at_fn_group_banner 8 'firewall-cmd.at:270' \ "user services" " " 1 at_xfail=no ( $as_echo "8. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:270" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:273: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-service=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=ssh " "firewall-cmd.at:273" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:273" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:275: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-service=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=foobar " "firewall-cmd.at:275" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:275" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:276: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:276" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:276" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:278: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666 " "firewall-cmd.at:278" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:278" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:279: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/dummy " "firewall-cmd.at:279" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:279" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:280: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/tcp " "firewall-cmd.at:280" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:280" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:281: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/tcp " "firewall-cmd.at:281" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:281" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:282: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=111-222/udp " "firewall-cmd.at:282" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:282" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:283: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " "firewall-cmd.at:283" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:283" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:284: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 111-222/udp " "firewall-cmd.at:284" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:284" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:285: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " "firewall-cmd.at:285" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:285" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:286: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " "firewall-cmd.at:286" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:286" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:287: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/sctp " "firewall-cmd.at:287" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:287" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:288: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 666/sctp " "firewall-cmd.at:288" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:288" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:289: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=666/sctp " "firewall-cmd.at:289" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:289" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:290: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " "firewall-cmd.at:290" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:290" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:291: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=999/dccp " "firewall-cmd.at:291" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:291" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:292: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 999/dccp " "firewall-cmd.at:292" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:292" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:293: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=999/dccp " "firewall-cmd.at:293" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:293" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:294: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " "firewall-cmd.at:294" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:294" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:295: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " "firewall-cmd.at:295" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:295" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:297: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-protocol=ddp --add-protocol gre " "firewall-cmd.at:297" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:297" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:298: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " "firewall-cmd.at:298" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:298" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:299: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " "firewall-cmd.at:299" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:299" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:300: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol ddp " "firewall-cmd.at:300" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:300" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:301: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol gre " "firewall-cmd.at:301" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:301" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:302: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " "firewall-cmd.at:302" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:302" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:303: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " "firewall-cmd.at:303" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:303" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:305: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=sip " "firewall-cmd.at:305" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:305" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:306: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=sip " "firewall-cmd.at:306" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:306" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:307: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=ftp " "firewall-cmd.at:307" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:307" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:308: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " "firewall-cmd.at:308" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:308" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:309: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=ftp " "firewall-cmd.at:309" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:309" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:310: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " "firewall-cmd.at:310" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:310" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:312: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=sip " "firewall-cmd.at:312" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:312" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:313: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=sip " "firewall-cmd.at:313" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:313" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:314: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=ftp " "firewall-cmd.at:314" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:314" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:315: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " "firewall-cmd.at:315" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:315" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:316: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --get-service-helpers " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --get-service-helpers " "firewall-cmd.at:316" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --get-service-helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:316" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:319: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=ftp " "firewall-cmd.at:319" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:319" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:320: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " "firewall-cmd.at:320" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:320" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:322: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4 " "firewall-cmd.at:322" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/firewall-cmd.at:322" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:323: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:foo " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:foo " "firewall-cmd.at:323" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:323" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:324: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:1.2.3.4 " "firewall-cmd.at:324" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:324" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:325: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv4 " "firewall-cmd.at:325" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:325" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " "firewall-cmd.at:326" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " "firewall-cmd.at:326" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv6 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv6 " "firewall-cmd.at:326" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " "firewall-cmd.at:326" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:333: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-service=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-service=foobar " "firewall-cmd.at:333" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:333" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:334: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:334" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:334" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:335: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-service=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-service=foobar " "firewall-cmd.at:335" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:335" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:336: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:336" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:336" $at_failed && at_fn_log_failure $at_traceon; } cat >./foobar-to-be-renamed <<'_ATEOF' FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:338: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " "firewall-cmd.at:338" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:338" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:338: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar-from-file " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:338" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar-from-file ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:338" $at_failed && at_fn_log_failure $at_traceon; } _ATEOF set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_8 #AT_START_9 at_fn_group_banner 9 'firewall-cmd.at:352' \ "ports" " " 1 at_xfail=no ( $as_echo "9. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:352" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:376: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666 " "firewall-cmd.at:376" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:376" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:377: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=666/dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/dummy " "firewall-cmd.at:377" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:377" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:378: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/tcp " "firewall-cmd.at:378" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:378" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:379: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port=666/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port=666/tcp --zone=public " "firewall-cmd.at:379" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:379" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:380: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=111-222/udp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=111-222/udp --zone=public " "firewall-cmd.at:380" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:380" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:381: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " "firewall-cmd.at:381" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:381" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:382: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 111-222/udp " "firewall-cmd.at:382" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:382" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:383: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " "firewall-cmd.at:383" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:383" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:385: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=5000/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=5000/sctp " "firewall-cmd.at:385" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:385" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:386: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp --zone=public " "firewall-cmd.at:386" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:386" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:387: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 5000/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 5000/sctp " "firewall-cmd.at:387" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:387" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:388: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp " "firewall-cmd.at:388" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:388" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:389: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=222/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=222/dccp " "firewall-cmd.at:389" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:389" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:390: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp --zone=public " "firewall-cmd.at:390" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:390" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:391: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 222/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 222/dccp " "firewall-cmd.at:391" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:391" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:392: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp " "firewall-cmd.at:392" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:392" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:401: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=80/tcp --add-port 443-444/udp " "firewall-cmd.at:401" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:401" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:402: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp --zone=public " "firewall-cmd.at:402" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:402" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:403: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " "firewall-cmd.at:403" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:403" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:404: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 80/tcp --remove-port=443-444/udp " "firewall-cmd.at:404" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:404" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:405: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp " "firewall-cmd.at:405" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:405" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:406: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " "firewall-cmd.at:406" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:406" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_9 #AT_START_10 at_fn_group_banner 10 'firewall-cmd.at:409' \ "source ports" " " 1 at_xfail=no ( $as_echo "10. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:409" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:422: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666 " "firewall-cmd.at:422" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:422" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:423: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/dummy " "firewall-cmd.at:423" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:423" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:424: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/tcp " "firewall-cmd.at:424" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:424" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:425: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-source-port=666/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port=666/tcp --zone=public " "firewall-cmd.at:425" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:425" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:426: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=111-222/udp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=111-222/udp --zone=public " "firewall-cmd.at:426" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:426" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:427: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " "firewall-cmd.at:427" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:427" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:428: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 111-222/udp " "firewall-cmd.at:428" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:428" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:429: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " "firewall-cmd.at:429" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:429" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:438: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=80/tcp --add-source-port 443-444/udp " "firewall-cmd.at:438" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:438" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:439: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp --zone=public " "firewall-cmd.at:439" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:439" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:440: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " "firewall-cmd.at:440" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:440" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:441: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 80/tcp --remove-source-port=443-444/udp " "firewall-cmd.at:441" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:441" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:442: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp " "firewall-cmd.at:442" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:442" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:443: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " "firewall-cmd.at:443" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:443" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_10 #AT_START_11 at_fn_group_banner 11 'firewall-cmd.at:446' \ "protocols" " " 1 at_xfail=no ( $as_echo "11. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:446" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:454: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dummy " "firewall-cmd.at:454" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:454" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:455: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dccp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dccp --zone=public " "firewall-cmd.at:455" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:455" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:456: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " "firewall-cmd.at:456" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:456" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:457: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-protocol dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol dccp " "firewall-cmd.at:457" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:457" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:458: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " "firewall-cmd.at:458" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:458" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:466: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=ddp --add-protocol gre " "firewall-cmd.at:466" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:466" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:467: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp --zone=public " "firewall-cmd.at:467" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:467" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:468: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " "firewall-cmd.at:468" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:468" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:469: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol ddp --remove-protocol=gre " "firewall-cmd.at:469" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:469" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:470: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp " "firewall-cmd.at:470" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:470" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:471: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " "firewall-cmd.at:471" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:471" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_11 #AT_START_12 at_fn_group_banner 12 'firewall-cmd.at:474' \ "masquerade" " " 1 at_xfail=no ( $as_echo "12. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:474" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:501: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-masquerade --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-masquerade --zone=public " "firewall-cmd.at:501" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:501" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " "firewall-cmd.at:502" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:503: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-masquerade " "firewall-cmd.at:503" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:503" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:504: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " "firewall-cmd.at:504" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:504" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_12 #AT_START_13 at_fn_group_banner 13 'firewall-cmd.at:507' \ "forward ports" " " 1 at_xfail=no ( $as_echo "13. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:507" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:595: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=666 " "firewall-cmd.at:595" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:595" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:596: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=11:proto=tcp:toport=22 " "firewall-cmd.at:596" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:596" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:597: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " "firewall-cmd.at:597" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:597" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:598: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4444 " "firewall-cmd.at:598" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:598" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:599: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " "firewall-cmd.at:599" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:599" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:600: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " "firewall-cmd.at:600" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:600" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:601: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:601" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:601" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " "firewall-cmd.at:602" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:603: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:603" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:603" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:604: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:604" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:604" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:605: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:605" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:605" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:606: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " "firewall-cmd.at:606" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:606" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:607: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:607" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:607" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:608: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:608" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:608" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " "firewall-cmd.at:609" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " "firewall-cmd.at:609" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " "firewall-cmd.at:609" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " "firewall-cmd.at:609" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:615: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " "firewall-cmd.at:615" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:615" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:616: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=100:proto=tcp:toport=200 " "firewall-cmd.at:616" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:616" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:617: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 --zone=public " "firewall-cmd.at:617" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:617" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:618: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " "firewall-cmd.at:618" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:618" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:619: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=100:proto=tcp:toport=200 " "firewall-cmd.at:619" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:619" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:620: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 " "firewall-cmd.at:620" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:620" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:621: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-forward-ports " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-forward-ports " "firewall-cmd.at:621" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:621" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_13 #AT_START_14 at_fn_group_banner 14 'firewall-cmd.at:624' \ "ICMP block" " " 1 at_xfail=no ( $as_echo "14. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:634: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=dummyblock " "firewall-cmd.at:634" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:634" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:635: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=redirect " "firewall-cmd.at:635" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:635" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:636: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " "firewall-cmd.at:636" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:636" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:637: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block redirect " "firewall-cmd.at:637" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:637" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:638: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " "firewall-cmd.at:638" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:638" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:644: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-icmp-block-inversion --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-icmp-block-inversion --zone=public " "firewall-cmd.at:644" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:644" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:645: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " "firewall-cmd.at:645" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:645" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:646: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-icmp-block-inversion " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-icmp-block-inversion " "firewall-cmd.at:646" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:646" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:647: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " "firewall-cmd.at:647" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:647" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:662: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " "firewall-cmd.at:662" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:662" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:663: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " "firewall-cmd.at:663" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:663" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:664: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " "firewall-cmd.at:664" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:664" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:665: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " "firewall-cmd.at:665" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:665" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:666: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " "firewall-cmd.at:666" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:666" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:667: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " "firewall-cmd.at:667" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:667" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_14 #AT_START_15 at_fn_group_banner 15 'firewall-cmd.at:670' \ "user ICMP types" " " 1 at_xfail=no ( $as_echo "15. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:670" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:673: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=redirect " "firewall-cmd.at:673" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:673" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:675: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=foobar " "firewall-cmd.at:675" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:675" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:676: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:676" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:676" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:678: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv5 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv5 " "firewall-cmd.at:678" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:678" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:679: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " "firewall-cmd.at:679" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:679" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:680: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " "firewall-cmd.at:680" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:680" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:681: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " "firewall-cmd.at:681" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:681" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:682: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " "firewall-cmd.at:682" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:682" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:683: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " "firewall-cmd.at:683" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:683" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:684: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " "firewall-cmd.at:684" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:684" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:686: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-icmp-block=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-icmp-block=foobar " "firewall-cmd.at:686" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-icmp-block=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:686" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:687: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:687" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:687" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:689: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-icmptype=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-icmptype=foobar " "firewall-cmd.at:689" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:689" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:690" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_15 #AT_START_16 at_fn_group_banner 16 'firewall-cmd.at:693' \ "ipset" " " 1 at_xfail=no ( $as_echo "16. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:699: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip " "firewall-cmd.at:699" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:699" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:717: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:717" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:717" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:721: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " "firewall-cmd.at:721" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:721" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:722: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,1234 " "firewall-cmd.at:722" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:722" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:723: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,2000-2100 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,2000-2100 " "firewall-cmd.at:723" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,2000-2100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:723" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:736: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:736" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:736" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:740: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " "firewall-cmd.at:740" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:740" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:741: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " "firewall-cmd.at:741" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:741" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:771: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:771" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:771" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:775: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,mark " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,mark " "firewall-cmd.at:775" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,mark ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:775" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:776: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,0x100 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,0x100 " "firewall-cmd.at:776" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,0x100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:776" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:804: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:804" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:804" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:808: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,port " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,port " "firewall-cmd.at:808" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:808" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:809: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " "firewall-cmd.at:809" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:809" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:812: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:812" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:812" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:816: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port,net " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port,net " "firewall-cmd.at:816" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:816" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:817: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " "firewall-cmd.at:817" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:817" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:837: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:837" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:837" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:841: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,iface " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,iface " "firewall-cmd.at:841" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,iface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:841" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:842: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " "firewall-cmd.at:842" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:842" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:871: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:871" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:871" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:mac " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:mac " "firewall-cmd.at:874" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:mac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=12:34:56:78:90:ab " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=12:34:56:78:90:ab " "firewall-cmd.at:874" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=12:34:56:78:90:ab ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:874" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_16 #AT_START_17 at_fn_group_banner 17 'firewall-cmd.at:884' \ "user helpers" " " 1 at_xfail=no ( $as_echo "17. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:884" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:887: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=foo " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=foo " "firewall-cmd.at:887" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 132 $at_status "$at_srcdir/firewall-cmd.at:887" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:888: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=nf_conntrack_foo " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=nf_conntrack_foo " "firewall-cmd.at:888" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=nf_conntrack_foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:888" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:889" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:890: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:890" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:890" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:891: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv5 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv5 " "firewall-cmd.at:891" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:891" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:892: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv4 " "firewall-cmd.at:892" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:892" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:893: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:893" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:893" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:894: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family= " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family= " "firewall-cmd.at:894" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family= ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:894" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:896: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family " "firewall-cmd.at:896" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:896" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:898: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " "firewall-cmd.at:898" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:898" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:901: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --add-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --add-port=44/tcp " "firewall-cmd.at:901" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --add-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:901" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports | grep 44 " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:902" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports | grep 44 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:903: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " "firewall-cmd.at:903" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:903" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:904: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --remove-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --remove-port=44/tcp " "firewall-cmd.at:904" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --remove-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:904" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:905: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " "firewall-cmd.at:905" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:905" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:906: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " "firewall-cmd.at:906" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:906" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-helper=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-helper=foobar " "firewall-cmd.at:908" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-helper=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:909: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:909" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:909" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_17 #AT_START_18 at_fn_group_banner 18 'firewall-cmd.at:912' \ "direct" " " 1 at_xfail=no ( $as_echo "18. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:912" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:955: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-default-zone" "firewall-cmd.at:955" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:955" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:957: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --list-all " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --list-all " "firewall-cmd.at:957" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:957" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:960: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain ipv4 filter žluťoučký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain ipv4 filter žluťoučký " "firewall-cmd.at:960" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:960" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:961: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains ipv4 filter |grep \"žluťoučký\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:961" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains ipv4 filter |grep "žluťoučký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:961" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:962: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-chains | grep \"ipv4 filter žluťoučký\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:962" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-chains | grep "ipv4 filter žluťoučký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:962" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:963: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluťoučký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluťoučký " "firewall-cmd.at:963" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:963" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:964: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT " "firewall-cmd.at:964" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:964" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:965: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:965" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:965" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:966: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep \"ipv4 filter žluťoučký 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:966" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep "ipv4 filter žluťoučký 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:966" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:967: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " "firewall-cmd.at:967" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:967" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:968: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT " "firewall-cmd.at:968" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:968" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:969: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " "firewall-cmd.at:969" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:969" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:970: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-chain ipv4 filter žluťoučký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-chain ipv4 filter žluťoučký " "firewall-cmd.at:970" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:970" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:971: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluťoučký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluťoučký " "firewall-cmd.at:971" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:971" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:980: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " "firewall-cmd.at:980" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:980" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_18 #AT_START_19 at_fn_group_banner 19 'firewall-cmd.at:985' \ "direct nat" " " 1 at_xfail=no ( $as_echo "19. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:985" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:992: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " "firewall-cmd.at:992" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:992" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:993: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:993" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:993" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:996: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " "firewall-cmd.at:996" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:996" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:997: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " "firewall-cmd.at:997" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:997" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:998: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:998" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:998" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1002: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " "firewall-cmd.at:1002" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1002" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_19 #AT_START_20 at_fn_group_banner 20 'firewall-cmd.at:1009' \ "direct passthrough" " " 1 at_xfail=no ( $as_echo "20. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } fi if $IP6TABLES -L >/dev/null 2>&1; then : else : fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1036: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 " "firewall-cmd.at:1036" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1036" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1037: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv5 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv5 -nvL " "firewall-cmd.at:1037" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1037" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1038: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 -nvL " "firewall-cmd.at:1038" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1038" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1039: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-passthroughs ipv4 | grep \"\\-nvL\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1039" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-passthroughs ipv4 | grep "\-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1039" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1040: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-passthroughs | grep \"ipv4 \\-nvL\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1040" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-passthroughs | grep "ipv4 \-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1040" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1041: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " "firewall-cmd.at:1041" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1041" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1042: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-passthrough ipv4 -nvL " "firewall-cmd.at:1042" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1042" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " "firewall-cmd.at:1043" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_20 #AT_START_21 at_fn_group_banner 21 'firewall-cmd.at:1046' \ "direct ebtables" " " 1 at_xfail=no ( $as_echo "21. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1046" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1081: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain eb filter mychain " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain eb filter mychain " "firewall-cmd.at:1081" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1081" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1082: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1082" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1082" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " "firewall-cmd.at:1083" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_21 #AT_START_22 at_fn_group_banner 22 'firewall-cmd.at:1091' \ "lockdown" " " 1 at_xfail=no ( $as_echo "22. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1099: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1099" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1099" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1101: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1101" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1101" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1102: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1102" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1102" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1103" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1110: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1110" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1110" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1111: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1111" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1111" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1112: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1112" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1112" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1113: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1113" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1113" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1114: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1114" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1114" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1122: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1122" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1122" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1123: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1123" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1123" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1124: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1124" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1124" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1125: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1125" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1125" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1126: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1126" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1126" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1127: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666x " "firewall-cmd.at:1127" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1127" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1134: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-user theboss " "firewall-cmd.at:1134" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1134" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1135: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " "firewall-cmd.at:1135" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1135" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1136: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1136" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1136" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1137: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-user theboss " "firewall-cmd.at:1137" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1137" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1138: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " "firewall-cmd.at:1138" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1138" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1140" >"$at_check_line_file" (test `whoami` != 'root') \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1140" set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_22 #AT_START_23 at_fn_group_banner 23 'firewall-cmd.at:1158' \ "rich rules good" " " 1 at_xfail=no ( $as_echo "23. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1158" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1161" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1161" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1161" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1161" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1162" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1162" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1162" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1162" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1163" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1163" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1163" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1163" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1164" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1164" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1164" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1164" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1165" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1165" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1165" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1165" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1174" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1174" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1174" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1174" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1176" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1176" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1176" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1176" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1177" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1177" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1177" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1177" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1178" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1178" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1178" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1178" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1179" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1179" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1179" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1179" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1180" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1180" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1180" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1180" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1181" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1185" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1185" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1185" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1185" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_23 #AT_START_24 at_fn_group_banner 24 'firewall-cmd.at:1187' \ "rich rules audit" " " 1 at_xfail=no ( $as_echo "24. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1191" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1191" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1191" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1191" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_24 #AT_START_25 at_fn_group_banner 25 'firewall-cmd.at:1195' \ "rich rules priority" " " 1 at_xfail=no ( $as_echo "25. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1349: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1349" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1349" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1350: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1350" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1350" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1351: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1351" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1351" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1352: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1352" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1352" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_25 #AT_START_26 at_fn_group_banner 26 'firewall-cmd.at:1810' \ "rich rules bad" " " 1 at_xfail=no ( $as_echo "26. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='' " "firewall-cmd.at:1817" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1818: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='name=\"dns\" accept' " "firewall-cmd.at:1818" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1818" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1819: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='protocol value=\"ah\" reject' " "firewall-cmd.at:1819" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1819" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1820: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " "firewall-cmd.at:1820" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1820" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1821: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " "firewall-cmd.at:1821" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1821" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1822: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule' " "firewall-cmd.at:1822" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1822" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1823: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule bad_element' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule bad_element' " "firewall-cmd.at:1823" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1823" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1824: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv5\"' " "firewall-cmd.at:1824" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1824" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1825: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule name=\"dns\" accept' " "firewall-cmd.at:1825" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1825" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1826: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol=\"ah\" accept' " "firewall-cmd.at:1826" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1826" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1827: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" accept drop' " "firewall-cmd.at:1827" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1827" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1828: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " "firewall-cmd.at:1828" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1828" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1829: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service bad_attribute=\"dns\"' " "firewall-cmd.at:1829" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1829" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1830: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " "firewall-cmd.at:1830" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1830" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='family=\"ipv6\" accept' " "firewall-cmd.at:1831" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " "firewall-cmd.at:1831" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " "firewall-cmd.at:1831" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1836: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\"' " "firewall-cmd.at:1836" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1836" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1837: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" masquerade drop' " "firewall-cmd.at:1837" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1837" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1838: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " "firewall-cmd.at:1838" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1838" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1839: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " "firewall-cmd.at:1839" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1839" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_26 #AT_START_27 at_fn_group_banner 27 'firewall-cmd.at:1846' \ "config validation" " " 1 at_xfail=no ( $as_echo "27. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1846" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1850: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1850" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1850" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1855: cp ./firewalld.conf ./firewalld.conf.orig" at_fn_check_prepare_trace "firewall-cmd.at:1855" ( $at_check_trace; cp ./firewalld.conf ./firewalld.conf.orig ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1855" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1856: echo \"SomeBogusField=yes\" >> ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1856" ( $at_check_trace; echo "SomeBogusField=yes" >> ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1856" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1857: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1857" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "ERROR: Invalid option: 'SomeBogusField=yes' ERROR: Invalid option: 'SomeBogusField=yes' " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1857" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1862: cp ./firewalld.conf.orig ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1862" ( $at_check_trace; cp ./firewalld.conf.orig ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1862" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1871: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1871" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1871" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1879: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1879" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1879" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1880: rm ./direct.xml" at_fn_check_prepare_trace "firewall-cmd.at:1880" ( $at_check_trace; rm ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1880" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1889: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1889" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1889" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1897: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1897" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1897" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1905: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1905" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: rm ./lockdown-whitelist.xml" at_fn_check_prepare_trace "firewall-cmd.at:1906" ( $at_check_trace; rm ./lockdown-whitelist.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1909: mkdir -p ./ipsets" at_fn_check_prepare_trace "firewall-cmd.at:1909" ( $at_check_trace; mkdir -p ./ipsets ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1909" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90 _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1916: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1916" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1916" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90:ab _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1928: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1928" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1928" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1935: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1935" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 119 $at_status "$at_srcdir/firewall-cmd.at:1935" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1936: rm ./ipsets/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1936" ( $at_check_trace; rm ./ipsets/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1936" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1939: mkdir -p ./helpers" at_fn_check_prepare_trace "firewall-cmd.at:1939" ( $at_check_trace; mkdir -p ./helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1939" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1945: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1945" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1945" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1952: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1952" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1952" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1954" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: rm ./helpers/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1963" ( $at_check_trace; rm ./helpers/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: mkdir -p ./icmptypes" at_fn_check_prepare_trace "firewall-cmd.at:1966" ( $at_check_trace; mkdir -p ./icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1973" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1981: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1981" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1982: rm ./icmptypes/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1982" ( $at_check_trace; rm ./icmptypes/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1982" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1985: mkdir -p ./services" at_fn_check_prepare_trace "firewall-cmd.at:1985" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1985" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1992: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1992" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:1992" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2000: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2000" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2000" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2008: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2008" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2008" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2016: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2016" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2016" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2024: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2024" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2024" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2032: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2032" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2032" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2041: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2041" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2041" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2049: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2049" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2049" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2050: rm ./services/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2050" ( $at_check_trace; rm ./services/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2050" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2053: mkdir -p ./zones" at_fn_check_prepare_trace "firewall-cmd.at:2053" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2053" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2057: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2057" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/firewall-cmd.at:2057" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2065: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2065" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:2065" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2073: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2073" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2073" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2081: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2081" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2081" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2089: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2089" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2089" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2097: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2097" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2097" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2105: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2105" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2105" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2113: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2113" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2113" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2121: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2121" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2121" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2129: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2129" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2129" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2137: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2137" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2137" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2145: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2145" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid source: No address no ipset. WARNING: Invalid source: No address no ipset. " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2145" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2160: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2160" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2160" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2173: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2173" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_LIMIT: none: rule family=\"ipv4\" source address=\"10.0.0.1/24\" accept limit value=\"none\" WARNING: INVALID_LIMIT: none: rule family=\"ipv4\" source address=\"10.0.0.1/24\" accept limit value=\"none\" " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2173" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2188: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2188" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid rule: Invalid log level WARNING: Invalid rule: Invalid log level " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2188" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2203: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2203" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2203" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2205: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2205" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_ADDR: 10.0.0.1/24: rule family=\"ipv6\" source address=\"10.0.0.1/24\" accept WARNING: INVALID_ADDR: 10.0.0.1/24: rule family=\"ipv6\" source address=\"10.0.0.1/24\" accept " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2205" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2221: rm ./zones/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2221" ( $at_check_trace; rm ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2221" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_27 #AT_START_28 at_fn_group_banner 28 'rfc3964_ipv4.at:1' \ "RFC3964_IPv4" " " 2 at_xfail=no ( $as_echo "28. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:4: sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:4" ( $at_check_trace; sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:5: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:5" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:70: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:70" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:70" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_28 #AT_START_29 at_fn_group_banner 29 'service_include.at:1' \ "service include" " " 2 at_xfail=no ( $as_echo "29. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:4: mkdir -p ./services" at_fn_check_prepare_trace "service_include.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:5: cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:5" ( $at_check_trace; cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:17: cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:17" ( $at_check_trace; cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:17" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:61: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service " "service_include.at:61" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:61" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh " "service_include.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " "service_include.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:64: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:64" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh " "service_include.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " "service_include.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:67: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:67" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes " "service_include.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:71" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" "service_include.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" "service_include.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:96: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:96" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" "service_include.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:98: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:98" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:99: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:99" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" "service_include.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; }" at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:103" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:115: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-interface=foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-interface=foobar0 " "service_include.at:115" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:115" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:116: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-service=my-service-with-include " "service_include.at:116" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:116" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:117: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=does-not-exist " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=does-not-exist " "service_include.at:117" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:117" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:125: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=does-not-exist " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=does-not-exist " "service_include.at:125" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:125" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_29 #AT_START_30 at_fn_group_banner 30 'helpers_custom.at:1' \ "customer helpers" " " 2 at_xfail=no ( $as_echo "30. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " "helpers_custom.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-helper="ftptest" --module="nf_conntrack_ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --helper=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --helper=ftptest --add-port=\"2121/tcp\" " "helpers_custom.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --helper=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-service=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-service=\"ftptest\" " "helpers_custom.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-service="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:7" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:8: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " "helpers_custom.at:8" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " "helpers_custom.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"2121/tcp\" " "helpers_custom.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-module=\"ftptest\" " "helpers_custom.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " "helpers_custom.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/helpers_custom.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftptest\" " "helpers_custom.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:116: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " "helpers_custom.at:116" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:116" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:117: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-helper=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-helper=\"ftptest\" " "helpers_custom.at:117" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:117" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:118: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftp\" " "helpers_custom.at:118" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper="ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:118" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:119: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"21/tcp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"21/tcp\" " "helpers_custom.at:119" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port="21/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:119" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_30 #AT_START_31 at_fn_group_banner 31 'firewall-offline-cmd.at:18' \ "lokkit migration" " " 2 at_xfail=no ( $as_echo "31. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-offline-cmd.at:18" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:18" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-offline-cmd.at:18" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:18" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:22: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444" "firewall-offline-cmd.at:22" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:22" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:30: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" "firewall-offline-cmd.at:30" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:30" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:31: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" "firewall-offline-cmd.at:31" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:31" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:32: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dns" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns" "firewall-offline-cmd.at:32" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:32" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:33: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" "firewall-offline-cmd.at:33" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:33" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:34: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" "firewall-offline-cmd.at:34" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-offline-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:35: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" "firewall-offline-cmd.at:35" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:36: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" "firewall-offline-cmd.at:36" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:37: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" "firewall-offline-cmd.at:37" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:37" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:38: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" "firewall-offline-cmd.at:38" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:41: cat << EOF > ./system-config-firewall --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 EOF " at_fn_check_prepare_notrace 'an embedded newline' "firewall-offline-cmd.at:41" ( $at_check_trace; cat << EOF > ./system-config-firewall --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 EOF ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:61: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --migrate-system-config-firewall=./system-config-firewall" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --migrate-system-config-firewall=./system-config-firewall" "firewall-offline-cmd.at:61" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --migrate-system-config-firewall=./system-config-firewall ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" "firewall-offline-cmd.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" "firewall-offline-cmd.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dns" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns" "firewall-offline-cmd.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" "firewall-offline-cmd.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" "firewall-offline-cmd.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-offline-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" "firewall-offline-cmd.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" "firewall-offline-cmd.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:69: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" "firewall-offline-cmd.at:69" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:69" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:70: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" "firewall-offline-cmd.at:70" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:70" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_31 #AT_START_32 at_fn_group_banner 32 'firewalld.conf.at:1' \ "firewalld.conf" " " 3 at_xfail=no ( $as_echo "32. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewalld.conf.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewalld.conf.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewalld.conf.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewalld.conf.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewalld.conf.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewalld.conf.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : { set +x $as_echo "$at_srcdir/firewalld.conf.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.GetAll string:\"org.fedoraproject.FirewallD1.config\" | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer \" : \" $0} } /^dict entry/{line_mark=line}' | sort " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.GetAll string:"org.fedoraproject.FirewallD1.config" | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer " : " $0} } /^dict entry/{line_mark=line}' | sort ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "string \"AllowZoneDrifting\" : variant string \"no\" string \"AutomaticHelpers\" : variant string \"no\" string \"CleanupOnExit\" : variant string \"no\" string \"DefaultZone\" : variant string \"public\" string \"FirewallBackend\" : variant string \"nftables\" string \"FlushAllOnReload\" : variant string \"yes\" string \"IPv6_rpfilter\" : variant string \"yes\" string \"IndividualCalls\" : variant string \"no\" string \"Lockdown\" : variant string \"no\" string \"LogDenied\" : variant string \"off\" string \"MinimalMark\" : variant int32 100 string \"RFC3964_IPv4\" : variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : { set +x $as_echo "$at_srcdir/firewalld.conf.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.GetAll string:\"org.fedoraproject.FirewallD1.config\" | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer \" : \" $0} } /^dict entry/{line_mark=line}' | sort " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.GetAll string:"org.fedoraproject.FirewallD1.config" | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer " : " $0} } /^dict entry/{line_mark=line}' | sort ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "string \"AllowZoneDrifting\" : variant string \"no\" string \"AutomaticHelpers\" : variant string \"no\" string \"CleanupOnExit\" : variant string \"no\" string \"DefaultZone\" : variant string \"public\" string \"FirewallBackend\" : variant string \"nftables\" string \"FlushAllOnReload\" : variant string \"yes\" string \"IPv6_rpfilter\" : variant string \"no\" string \"IndividualCalls\" : variant string \"no\" string \"Lockdown\" : variant string \"no\" string \"LogDenied\" : variant string \"off\" string \"MinimalMark\" : variant int32 100 string \"RFC3964_IPv4\" : variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewalld.conf.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"MinimalMark\" int32:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"MinimalMark" int32:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"MinimalMark\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"MinimalMark" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant int32 1234 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"AutomaticHelpers\" string:\"no\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"AutomaticHelpers" string:"no" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"AutomaticHelpers\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"AutomaticHelpers" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"Lockdown\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"Lockdown" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"Lockdown\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"Lockdown" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"LogDenied\" string:\"all\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"LogDenied" string:"all" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"LogDenied\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"LogDenied" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"all\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"IndividualCalls\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"IndividualCalls" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IndividualCalls\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IndividualCalls" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"FirewallBackend\" string:\"iptables\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"FirewallBackend" string:"iptables" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"FirewallBackend\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"FirewallBackend" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"iptables\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"FlushAllOnReload\" string:\"no\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"FlushAllOnReload" string:"no" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"FlushAllOnReload\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"FlushAllOnReload" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"CleanupOnExit\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"CleanupOnExit" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"CleanupOnExit\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"CleanupOnExit" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"RFC3964_IPv4\" string:\"no\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"RFC3964_IPv4" string:"no" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"RFC3964_IPv4\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"RFC3964_IPv4" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"AllowZoneDrifting\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"AllowZoneDrifting" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"AllowZoneDrifting\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"AllowZoneDrifting" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:54" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewalld.conf.at:58" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:58" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_32 #AT_START_33 at_fn_group_banner 33 'service.at:1' \ "dbus api - services" " " 3 at_xfail=no ( $as_echo "33. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "service.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "service.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service.at:1" $as_echo "service.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:4" $as_echo "service.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:4" { set +x $as_echo "$at_srcdir/service.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addService\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//method[@name="addService"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:4" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:11" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:11" { set +x $as_echo "$at_srcdir/service.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService \"foobar\" '(\"1.0\", \"foobar\", \"foobar service is for foobar\", [(\"1234\", \"udp\"), (\"22\", \"tcp\"), (\"1234\", \"udp\")], [\"ftp\"], {\"ipv4\": \"1.2.3.4\"}, [\"icmp\", \"igmp\"], [(\"4321\", \"tcp\"), (\"4321\", \"udp\")] )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService "foobar" '("1.0", "foobar", "foobar service is for foobar", [("1234", "udp"), ("22", "tcp"), ("1234", "udp")], ["ftp"], {"ipv4": "1.2.3.4"}, ["icmp", "igmp"], [("4321", "tcp"), ("4321", "udp")] )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:11" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service.at:26" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:26" $as_echo "service.at:26" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:26" { set +x $as_echo "$at_srcdir/service.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getSettings\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getSettings"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:26" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:31" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:31" { set +x $as_echo "$at_srcdir/service.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.0', 'foobar', 'foobar service is for foobar', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], {'ipv4': '1.2.3.4'}, ['icmp', 'igmp'], [('4321', 'tcp'), ('4321', 'udp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:31" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:35" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:35" $as_echo "service.at:35" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:35" { set +x $as_echo "$at_srcdir/service.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"update\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="update"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:35" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:40" { set +x $as_echo "$at_srcdir/service.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update '(\"1.1\", \"foobar new\", \"foobar new service is for foobar\", [(\"12345\", \"udp\"), (\"2222\", \"tcp\")], [\"ftp\"], {}, [\"icmp\"], [(\"4321\", \"tcp\")] )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update '("1.1", "foobar new", "foobar new service is for foobar", [("12345", "udp"), ("2222", "tcp")], ["ftp"], {}, ["icmp"], [("4321", "tcp")] )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:40" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:52" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:52" { set +x $as_echo "$at_srcdir/service.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:52" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:56" $as_echo "service.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:56" { set +x $as_echo "$at_srcdir/service.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"loadDefaults\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="loadDefaults"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:56" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:60" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:60" { set +x $as_echo "$at_srcdir/service.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName \"ssh\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName "ssh"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:60" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ_TEMP=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ_TEMP $as_echo "service.at:63" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:63" { set +x $as_echo "$at_srcdir/service.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.setVersion \"1.1\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.setVersion "1.1"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:63" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:64" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:64" { set +x $as_echo "$at_srcdir/service.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.loadDefaults ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.loadDefaults ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:64" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:65" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:65" { set +x $as_echo "$at_srcdir/service.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName \"ssh\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName "ssh"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:65" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ_TEMP=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ_TEMP $as_echo "service.at:68" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:68" { set +x $as_echo "$at_srcdir/service.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.getVersion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.getVersion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:68" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:72" $as_echo "service.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:72" { set +x $as_echo "$at_srcdir/service.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"remove\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="remove"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:72" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:76" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:76" $as_echo "service.at:76" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:76" { set +x $as_echo "$at_srcdir/service.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"rename\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="rename"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:76" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:82" $as_echo "service.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:82" { set +x $as_echo "$at_srcdir/service.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getVersion\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getVersion"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:82" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:87" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:87" $as_echo "service.at:87" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:87" { set +x $as_echo "$at_srcdir/service.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setVersion\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setVersion"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:87" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:93" $as_echo "service.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:93" { set +x $as_echo "$at_srcdir/service.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getShort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getShort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:93" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:98" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:98" $as_echo "service.at:98" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:98" { set +x $as_echo "$at_srcdir/service.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setShort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setShort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:98" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:104" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:104" $as_echo "service.at:104" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:104" { set +x $as_echo "$at_srcdir/service.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getDescription\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getDescription"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:104" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:109" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:109" $as_echo "service.at:109" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:109" { set +x $as_echo "$at_srcdir/service.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setDescription\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setDescription"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:109" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:115" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:115" $as_echo "service.at:115" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:115" { set +x $as_echo "$at_srcdir/service.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getPorts\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getPorts"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:115" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:120" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:120" $as_echo "service.at:120" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:120" { set +x $as_echo "$at_srcdir/service.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setPorts\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setPorts"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:120" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:125" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:125" $as_echo "service.at:125" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:125" { set +x $as_echo "$at_srcdir/service.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addPort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addPort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:125" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:131" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:131" $as_echo "service.at:131" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:131" { set +x $as_echo "$at_srcdir/service.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removePort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removePort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:131" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:137" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:137" $as_echo "service.at:137" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:137" { set +x $as_echo "$at_srcdir/service.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryPort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryPort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:137" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:145" $as_echo "service.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:145" { set +x $as_echo "$at_srcdir/service.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getSourcePorts\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getSourcePorts"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:145" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:150" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:150" $as_echo "service.at:150" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:150" { set +x $as_echo "$at_srcdir/service.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setSourcePorts\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setSourcePorts"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:150" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:155" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:155" $as_echo "service.at:155" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:155" { set +x $as_echo "$at_srcdir/service.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addSourcePort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addSourcePort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:155" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:161" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:161" $as_echo "service.at:161" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:161" { set +x $as_echo "$at_srcdir/service.at:161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeSourcePort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeSourcePort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:161" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:167" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:167" $as_echo "service.at:167" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:167" { set +x $as_echo "$at_srcdir/service.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"querySourcePort\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="querySourcePort"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:167" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:175" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:175" $as_echo "service.at:175" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:175" { set +x $as_echo "$at_srcdir/service.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getProtocols\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getProtocols"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:175" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:180" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:180" $as_echo "service.at:180" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:180" { set +x $as_echo "$at_srcdir/service.at:180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setProtocols\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setProtocols"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:180" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:185" $as_echo "service.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:185" { set +x $as_echo "$at_srcdir/service.at:185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addProtocol\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addProtocol"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:185" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:190" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:190" $as_echo "service.at:190" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:190" { set +x $as_echo "$at_srcdir/service.at:190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeProtocol\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeProtocol"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:190" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:195" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:195" $as_echo "service.at:195" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:195" { set +x $as_echo "$at_srcdir/service.at:195: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryProtocol\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:195" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryProtocol"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:195" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:202" $as_echo "service.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:202" { set +x $as_echo "$at_srcdir/service.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getModules\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getModules"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:202" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:207" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:207" $as_echo "service.at:207" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:207" { set +x $as_echo "$at_srcdir/service.at:207: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setModules\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:207" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setModules"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:207" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:212" $as_echo "service.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:212" { set +x $as_echo "$at_srcdir/service.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addModule\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addModule"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:212" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:217" $as_echo "service.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:217" { set +x $as_echo "$at_srcdir/service.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeModule\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeModule"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:217" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:222" $as_echo "service.at:222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:222" { set +x $as_echo "$at_srcdir/service.at:222: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryModule\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:222" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryModule"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:222" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:229" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:229" $as_echo "service.at:229" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:229" { set +x $as_echo "$at_srcdir/service.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getDestinations\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getDestinations"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:229" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:234" $as_echo "service.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:234" { set +x $as_echo "$at_srcdir/service.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setDestinations\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setDestinations"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:234" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:239" $as_echo "service.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:239" { set +x $as_echo "$at_srcdir/service.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setDestination\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setDestination"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:239" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:245" $as_echo "service.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:245" { set +x $as_echo "$at_srcdir/service.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getDestination\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getDestination"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:245" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:251" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:251" $as_echo "service.at:251" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:251" { set +x $as_echo "$at_srcdir/service.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeDestination\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeDestination"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:251" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:256" $as_echo "service.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:256" { set +x $as_echo "$at_srcdir/service.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryDestination\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryDestination"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:256" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:264" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:264" $as_echo "service.at:264" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:264" { set +x $as_echo "$at_srcdir/service.at:264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getIncludes\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getIncludes"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:264" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:269" { set +x $as_echo "$at_srcdir/service.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(@as [],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:269" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:272" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:272" $as_echo "service.at:272" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:272" { set +x $as_echo "$at_srcdir/service.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setIncludes\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setIncludes"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:272" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:277" { set +x $as_echo "$at_srcdir/service.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '[\"https\", \"ssh\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '["https", "ssh"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:277" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:278" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:278" { set +x $as_echo "$at_srcdir/service.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['https', 'ssh'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:278" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:281" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:281" $as_echo "service.at:281" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:281" { set +x $as_echo "$at_srcdir/service.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addInclude\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addInclude"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:281" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:286" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:286" { set +x $as_echo "$at_srcdir/service.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:286" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:287" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:287" { set +x $as_echo "$at_srcdir/service.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:287" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:290" $as_echo "service.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:290" { set +x $as_echo "$at_srcdir/service.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeInclude\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeInclude"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:290" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:295" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:295" { set +x $as_echo "$at_srcdir/service.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:295" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:296" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:296" $as_echo "service.at:296" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:296" { set +x $as_echo "$at_srcdir/service.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryInclude\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryInclude"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:296" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:302" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:302" { set +x $as_echo "$at_srcdir/service.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:306" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:307" $as_echo "service.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:307" { set +x $as_echo "$at_srcdir/service.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getServiceSettings\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getServiceSettings"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:307" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:313" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:313" { set +x $as_echo "$at_srcdir/service.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings \"foobar\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings "foobar"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:313" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:324" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:324" { set +x $as_echo "$at_srcdir/service.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService \"foobar-old\" '(\"1.0\", \"foobar-old\", \"foobar-old service is for foobar-old\", [(\"1234\", \"udp\"), (\"22\", \"tcp\"), (\"1234\", \"udp\")], [\"ftp\"], {}, [], [(\"4321\", \"tcp\"), (\"4321\", \"udp\")] )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService "foobar-old" '("1.0", "foobar-old", "foobar-old service is for foobar-old", [("1234", "udp"), ("22", "tcp"), ("1234", "udp")], ["ftp"], {}, [], [("4321", "tcp"), ("4321", "udp")] )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:324" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service.at:338" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:338" { set +x $as_echo "$at_srcdir/service.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.1\">, \"includes\": <[\"https\"]>, \"protocols\": <[\"icmp\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.1">, "includes": <["https"]>, "protocols": <["icmp"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:338" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:345" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:345" { set +x $as_echo "$at_srcdir/service.at:345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:345" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:348" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:348" { set +x $as_echo "$at_srcdir/service.at:348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:348" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:359" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:360" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:360" { set +x $as_echo "$at_srcdir/service.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings \"foobar-old\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings "foobar-old"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:360" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:363" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:363" { set +x $as_echo "$at_srcdir/service.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 \"foobar-old\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 "foobar-old"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:363" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:375" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:375" $as_echo "service.at:375" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:375" { set +x $as_echo "$at_srcdir/service.at:375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addService2\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//method[@name="addService2"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:375" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:382" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:382" { set +x $as_echo "$at_srcdir/service.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService2 \"foobar-dict\" '{\"version\": <\"1.0\">, \"short\": <\"foobar-dict\">, \"description\": <\"foobar-dict service is for foobar-dict\">, \"ports\": <[(\"1234\", \"udp\"), (\"22\", \"tcp\"), (\"1234\", \"udp\")]>, \"modules\": <[\"ftp\"]>, \"destination\": <{\"ipv6\": \"1234::4321\"}>, \"protocols\": <[\"icmp\", \"igmp\"]>, \"source_ports\": <[(\"4321\", \"tcp\"), (\"4321\", \"udp\")]>, \"includes\": <[\"https\", \"samba\"]>, \"helpers\": <[\"ftp\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService2 "foobar-dict" '{"version": <"1.0">, "short": <"foobar-dict">, "description": <"foobar-dict service is for foobar-dict">, "ports": <[("1234", "udp"), ("22", "tcp"), ("1234", "udp")]>, "modules": <["ftp"]>, "destination": <{"ipv6": "1234::4321"}>, "protocols": <["icmp", "igmp"]>, "source_ports": <[("4321", "tcp"), ("4321", "udp")]>, "includes": <["https", "samba"]>, "helpers": <["ftp"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:382" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service.at:399" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:399" $as_echo "service.at:399" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:399" { set +x $as_echo "$at_srcdir/service.at:399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getSettings2\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getSettings2"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:399" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:404" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:404" { set +x $as_echo "$at_srcdir/service.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.0'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:404" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:418" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:418" $as_echo "service.at:418" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:418" { set +x $as_echo "$at_srcdir/service.at:418: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"update2\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:418" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="update2"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:418" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:423" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:423" { set +x $as_echo "$at_srcdir/service.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.1\">, \"includes\": <[\"https\", \"samba\", \"http\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.1">, "includes": <["https", "samba", "http"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:423" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:428" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:428" { set +x $as_echo "$at_srcdir/service.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba', 'http']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:428" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:442" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:442" { set +x $as_echo "$at_srcdir/service.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.2\">, \"includes\": <@as []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.2">, "includes": <@as []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:442" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:447" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:447" { set +x $as_echo "$at_srcdir/service.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:447" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:459" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:460" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:460" $as_echo "service.at:460" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:460" { set +x $as_echo "$at_srcdir/service.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getServiceSettings2\"]' - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getServiceSettings2"]' - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:460" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:466" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:466" { set +x $as_echo "$at_srcdir/service.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 \"foobar-dict\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 "foobar-dict"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:466" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:479" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:479" { set +x $as_echo "$at_srcdir/service.at:479: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.3\">, \"thisdoesnotexist\": <\"\"> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:479" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.3">, "thisdoesnotexist": <""> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service.at:479" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_OPTION: service option/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_OPTION: service option/d'"; then sed -i -e '/ERROR: INVALID_OPTION: service option/d' ./firewalld.log fi $as_echo "service.at:485" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/service.at:485" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_33 #AT_START_34 at_fn_group_banner 34 'firewall-cmd.at:5' \ "basic options" " " 4 at_xfail=no ( $as_echo "34. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" { set +x $as_echo "$at_srcdir/firewall-cmd.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --help " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --help ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -V " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -V ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --complete-reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --complete-reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "yes " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "no " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_34 #AT_START_35 at_fn_group_banner 35 'firewall-cmd.at:28' \ "get/list options" " " 4 at_xfail=no ( $as_echo "35. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:28" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" { set +x $as_echo "$at_srcdir/firewall-cmd.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:42" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:42" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_35 #AT_START_36 at_fn_group_banner 36 'firewall-cmd.at:44' \ "default zone" " " 4 at_xfail=no ( $as_echo "36. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:44" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" { set +x $as_echo "$at_srcdir/firewall-cmd.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"home\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="home" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "home " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:53" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:54" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:54" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_36 #AT_START_37 at_fn_group_banner 37 'firewall-cmd.at:56' \ "user zone" " " 4 at_xfail=no ( $as_echo "37. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:56" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" { set +x $as_echo "$at_srcdir/firewall-cmd.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/firewall-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/firewall-cmd.at:72" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_TARGET: BAD/d' -e '/ERROR: INVALID_NAME: Zone of/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_TARGET: BAD/d' -e '/ERROR: INVALID_NAME: Zone of/d'"; then sed -i -e '/ERROR: INVALID_TARGET: BAD/d' -e '/ERROR: INVALID_NAME: Zone of/d' ./firewalld.log fi $as_echo "firewall-cmd.at:73" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:73" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_37 #AT_START_38 at_fn_group_banner 38 'firewall-cmd.at:76' \ "zone interfaces" " " 4 at_xfail=no ( $as_echo "38. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:76" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" { set +x $as_echo "$at_srcdir/firewall-cmd.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dmz " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "perm_dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:130" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:148: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:148" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:148" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:153" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:154" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:156: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:156" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { iifname \"foobar*\" goto filter_IN_public iifname \"foobar++*\" goto filter_IN_public goto filter_IN_trusted goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:156" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:167" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'" != x"ignore"; then if test -n "-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'"; then sed -i -e '/ERROR: ZONE_CONFLICT: perm_dummy/d' ./firewalld.log fi $as_echo "firewall-cmd.at:172" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:172" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_38 #AT_START_39 at_fn_group_banner 39 'firewall-cmd.at:174' \ "zone sources" " " 4 at_xfail=no ( $as_echo "39. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:174" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x" -e '/ERROR: ZONE_CONFLICT/d'" != x"ignore"; then if test -n " -e '/ERROR: ZONE_CONFLICT/d'"; then sed -i -e '/ERROR: ZONE_CONFLICT/d' ./firewalld.log fi $as_echo "firewall-cmd.at:224" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:224" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_39 #AT_START_40 at_fn_group_banner 40 'firewall-cmd.at:226' \ "services" " " 4 at_xfail=no ( $as_echo "40. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:226" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:226" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:226" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:226" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:226" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:226" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:226" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:226" { set +x $as_echo "$at_srcdir/firewall-cmd.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:229" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:231" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:232" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:237: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:237" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:237" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:238: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:238" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:238" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dns ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:248" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:258" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:266" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:267" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_SERVICE:/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_SERVICE:/d'"; then sed -i -e '/ERROR: INVALID_SERVICE:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:268" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:268" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_40 #AT_START_41 at_fn_group_banner 41 'firewall-cmd.at:270' \ "user services" " " 4 at_xfail=no ( $as_echo "41. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:270" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:270" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:270" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:270" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:270" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:270" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:270" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:270" { set +x $as_echo "$at_srcdir/firewall-cmd.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:275" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:286" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:287" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:288" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:289: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:289" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:289" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:290" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:303: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:303" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:303" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:305: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:305" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:305" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:307" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:308" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:309" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:312: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:312" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:312" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:313" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:314" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:315: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:315" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:315" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:319" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:320" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:322: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:322" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/firewall-cmd.at:322" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:323: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:323" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:323" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:324" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:325" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:334" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:335" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:336" $at_failed && at_fn_log_failure $at_traceon; } cat >./foobar-to-be-renamed <<'_ATEOF' { set +x $as_echo "$at_srcdir/firewall-cmd.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:338" $at_failed && at_fn_log_failure $at_traceon; } _ATEOF if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d'" != x"ignore"; then if test -n "-e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d'"; then sed -i -e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:349" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:349" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_41 #AT_START_42 at_fn_group_banner 42 'firewall-cmd.at:352' \ "ports" " " 4 at_xfail=no ( $as_echo "42. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:352" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:352" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:352" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:352" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:352" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:352" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:352" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:352" { set +x $as_echo "$at_srcdir/firewall-cmd.at:355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:364: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:364" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:364" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:372: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:372" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:372" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:376" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:379: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:379" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:379" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:380" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:382" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:383: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:383" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:383" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:385: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:385" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:385" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:386" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:387: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:387" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:387" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:388: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:388" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:388" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:389: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:389" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:389" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:390: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:390" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:390" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:391: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:391" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:391" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:392" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:394: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:394" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:394" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:395: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:395" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:395" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:396: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:396" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:396" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:397: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:397" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:397" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:398: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:398" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:398" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:399" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:401: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:401" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:401" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:402" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:403: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:403" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:403" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:404" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:405: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:405" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:405" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:406" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:407" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:407" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_42 #AT_START_43 at_fn_group_banner 43 'firewall-cmd.at:409' \ "source ports" " " 4 at_xfail=no ( $as_echo "43. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:409" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:409" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:409" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:409" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:409" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:409" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:409" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:409" { set +x $as_echo "$at_srcdir/firewall-cmd.at:412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:416" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:417: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:417" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:417" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:418: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:418" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:418" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:422: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:422" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:422" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:424" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:425: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:425" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:425" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:426" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:429: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:429" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:429" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:431: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:431" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:431" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:432: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:432" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:432" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:433" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:434" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:436" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:438: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:438" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:438" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:439" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:440" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:442" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:443" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:444" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:444" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_43 #AT_START_44 at_fn_group_banner 44 'firewall-cmd.at:446' \ "protocols" " " 4 at_xfail=no ( $as_echo "44. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:446" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:446" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:446" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:446" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:446" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:446" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:446" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:446" { set +x $as_echo "$at_srcdir/firewall-cmd.at:449: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:449" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:449" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:456: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:456" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:456" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:464: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:464" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:464" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:466" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:467" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:468" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:469" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:470: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:470" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:470" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:471: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:471" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:471" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_PROTOCOL: dummy/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_PROTOCOL: dummy/d'"; then sed -i -e '/ERROR: INVALID_PROTOCOL: dummy/d' ./firewalld.log fi $as_echo "firewall-cmd.at:472" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:472" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_44 #AT_START_45 at_fn_group_banner 45 'firewall-cmd.at:474' \ "masquerade" " " 4 at_xfail=no ( $as_echo "45. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:474" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:474" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:474" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:474" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:474" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:474" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:474" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:474" { set +x $as_echo "$at_srcdir/firewall-cmd.at:477: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:477" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:477" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:479: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:479" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POST_public_allow { oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:479" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:486: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:486" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POST_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:486" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:497" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:498: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:498" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:498" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:499" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:501: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:501" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:501" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:503: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:503" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:503" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:504: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:504" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:504" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:505" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:505" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_45 #AT_START_46 at_fn_group_banner 46 'firewall-cmd.at:507' \ "forward ports" " " 4 at_xfail=no ( $as_echo "46. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:507" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:507" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:507" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:507" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:507" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:507" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:507" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:507" { set +x $as_echo "$at_srcdir/firewall-cmd.at:510: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:510" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:510" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:511: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:511" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:511" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:513: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:513" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PRE_public_allow { tcp dport 11 redirect to :22 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:513" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PRE_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:520" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:531: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:531" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:531" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:532: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:532" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:532" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:533: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:533" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:533" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:535: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:535" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PRE_public_allow { tcp dport 33 dnat to 4.4.4.4 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:535" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:542: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:542" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PRE_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:542" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:554: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:554" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:554" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:555: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:555" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:555" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:556: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:556" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:556" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:557: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:557" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:557" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:558: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:558" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:558" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:559: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:559" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:559" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:560" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:561" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PRE_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PRE_public_allow { sctp dport 66 dnat to [fd00:dead:beef:ff0::]:66 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:587: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:587" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:587" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:589: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:589" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:589" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:590: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:590" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:590" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:591: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:591" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:591" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:592: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:592" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:592" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:593: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:593" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:593" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:595: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:595" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:595" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:596: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:596" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:596" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:597: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:597" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:597" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:598: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:598" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:598" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:599: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:599" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:599" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:600: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:600" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:600" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:601: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:601" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:601" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:603: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:603" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:603" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:604: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:604" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:604" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:605" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:606: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:606" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:606" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:607" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:608: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:608" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:608" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:615" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:616: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:616" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:616" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:617: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:617" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:617" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:618: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:618" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:618" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:619: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:619" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:619" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:620: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:620" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:620" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:621: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:621" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:621" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "firewall-cmd.at:622" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:622" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_46 #AT_START_47 at_fn_group_banner 47 'firewall-cmd.at:624' \ "ICMP block" " " 4 at_xfail=no ( $as_echo "47. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:624" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:624" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:624" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:624" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:624" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:624" { set +x $as_echo "$at_srcdir/firewall-cmd.at:627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-icmp-blocks " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-icmp-blocks ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:627" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:629: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:629" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:629" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:630: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:630" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:630" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:631: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:631" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:631" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:632: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:632" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:632" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:633: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:633" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:633" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:634: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:634" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:634" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:635: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:635" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:635" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:636: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:636" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:636" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:637: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:637" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:637" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:638: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:638" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:638" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:640: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:640" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:640" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:641: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:641" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:641" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:642: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:642" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:642" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:643: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:643" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:643" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:644: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:644" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:644" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:645: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:645" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:645" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:646: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:646" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:646" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:647: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:647" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:647" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:649: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:649" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:649" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:650: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:650" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:650" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:651: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:651" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:651" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:652: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:652" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:652" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:653: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:653" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:653" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:654: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:654" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:654" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:657: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:657" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:657" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:658: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:658" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:658" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:659: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:659" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:659" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:660: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:660" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:660" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:662: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:662" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:662" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:663: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:663" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:663" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:664: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:664" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:664" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:665: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:665" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:665" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:666" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:667: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:667" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:667" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_ICMPTYPE:/d'"; then sed -i -e '/ERROR: INVALID_ICMPTYPE:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:668" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:668" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_47 #AT_START_48 at_fn_group_banner 48 'firewall-cmd.at:670' \ "user ICMP types" " " 4 at_xfail=no ( $as_echo "48. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:670" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:670" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:670" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:670" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:670" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:670" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:670" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:670" { set +x $as_echo "$at_srcdir/firewall-cmd.at:673: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:673" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:673" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:675: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:675" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:675" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:676: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:676" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:676" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:678" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:679" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:680: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:680" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:680" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:681: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:681" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:681" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:682: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:682" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:682" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:683" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:684: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:684" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:684" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:686: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:686" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:686" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:687: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:687" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:687" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:689: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:689" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:689" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/NAME_CONFLICT: new_icmptype():/d'" != x"ignore"; then if test -n "-e '/NAME_CONFLICT: new_icmptype():/d'"; then sed -i -e '/NAME_CONFLICT: new_icmptype():/d' ./firewalld.log fi $as_echo "firewall-cmd.at:691" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:691" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_48 #AT_START_49 at_fn_group_banner 49 'firewall-cmd.at:693' \ "ipset" " " 4 at_xfail=no ( $as_echo "49. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:693" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:693" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:693" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:693" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:693" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:693" { set +x $as_echo "$at_srcdir/firewall-cmd.at:696: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:696" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:696" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:696: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:696" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:696" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:696" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:696" $as_echo "firewall-cmd.at:696" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:696" $as_echo "firewall-cmd.at:696" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:696" $as_echo "firewall-cmd.at:696" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:696" $as_echo "firewall-cmd.at:696" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:696" $as_echo "firewall-cmd.at:696" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:696" { set +x $as_echo "$at_srcdir/firewall-cmd.at:696: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:696" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:696" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:697" >"$at_check_line_file" (! ipset --help | grep "hash:mac") \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:697" $as_echo "firewall-cmd.at:697" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} ipset create foobar hash:mac >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:697" { set +x $as_echo "$at_srcdir/firewall-cmd.at:697: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} ipset destroy foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:697" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} ipset destroy foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:697" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:699: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:699" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:699" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:700: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:700" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:700" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:701: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:701" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:701" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:703: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:703" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:703" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:704: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep \"1.2.3.4\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:704" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep "1.2.3.4" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:704" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:705: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:705" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/firewall-cmd.at:705" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:706: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:706" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:706" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:707: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:707" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:707" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:710: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:710" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:710" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:711: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:711" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:711" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:712: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources | grep \"ipset:foobar\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:712" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources | grep "ipset:foobar" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:712" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:713: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:713" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:713" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:714: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:714" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:714" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:715: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:715" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:715" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:717: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:717" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:717" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:718: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:718" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:718" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:721: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:721" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:721" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:722: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:722" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:722" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:723: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:723" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:723" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:724" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:724" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:725: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:725" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . tcp . 1234, 10.10.10.10 . tcp . 2000-2100 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:725" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:735: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:735" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:735" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:736: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:736" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:736" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:737: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:737" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:737" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:737: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:737" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:737" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:740: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:740" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:740" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:741: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:741" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:741" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:742: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:742" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:742" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:742: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:742" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:742" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:743: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:743" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:743" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:744: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:744" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:744" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:745: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:745" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . sctp . 1234, 20.20.20.20 . tcp . 8080 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:745" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:755: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:755" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr . meta l4proto . th sport @foobar goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:755" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:763: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:763" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port Members: 10.10.10.10,sctp:1234 20.20.20.20,tcp:8080 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:763" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:770: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:770" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:770" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:775: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:775" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:775" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:776: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:776" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:776" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:777: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:777" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:777" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:777: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:777" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:777" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:778: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:778" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:778" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:779: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:779" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:779" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:780: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:780" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . mark elements = { 10.10.10.10 . 0x00000100, 20.20.20.20 . 0x00000200 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:780" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr . mark @foobar goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,mark Members: 10.10.10.10,0x00000100 20.20.20.20,0x00000200 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:804: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:804" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:804" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:808: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:808" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:808" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:811: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:811" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:811" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:812: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:812" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:812" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:816: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:816" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:816" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:820: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:820" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service . ipv4_addr flags interval elements = { 10.10.10.10 . sctp . 1234 . 10.10.10.0/24, 1.2.3.4 . tcp . 8080 . 1.6.0.0/16 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:820" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port,net Members: 1.2.3.4,tcp:8080,1.6.0.0/16 10.10.10.10,sctp:1234,10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:841: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:841" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:841" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:842: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:842" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:842" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:844: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:844" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:844" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:845: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:845" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:845" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:846: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:846" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . ifname flags interval elements = { 10.10.10.0/24 . \"foobar0\", 20.20.20.0/24 . \"raboof0\" } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:846" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:856: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:856" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr . oifname @foobar goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:856" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:864: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:864" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net,iface Members: 10.10.10.0/24,foobar0 20.20.20.0/24,raboof0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:864" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:871" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:872: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:872" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:872" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:872: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:872" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:872" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_ENTRY: invalid address/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_ENTRY: invalid address/d'"; then sed -i -e '/ERROR: INVALID_ENTRY: invalid address/d' ./firewalld.log fi $as_echo "firewall-cmd.at:882" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:882" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_49 #AT_START_50 at_fn_group_banner 50 'firewall-cmd.at:884' \ "user helpers" " " 4 at_xfail=no ( $as_echo "50. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:884" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:884" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:884" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:884" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:884" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:884" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:884" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:884" { set +x $as_echo "$at_srcdir/firewall-cmd.at:887: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:887" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 132 $at_status "$at_srcdir/firewall-cmd.at:887" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:888: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:888" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:888" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:890: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:890" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:890" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:891: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:891" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:891" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:892: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:892" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:892" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:893: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:893" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:893" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:894: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:894" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:894" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:896: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:896" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:896" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:898: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:898" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:898" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:901: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:901" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:901" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:903: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:903" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:903" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:904: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:904" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:904" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:908" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:909: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:909" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:909" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_MODULE:/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_MODULE:/d'"; then sed -i -e '/ERROR: INVALID_MODULE:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:910" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:910" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_50 #AT_START_51 at_fn_group_banner 51 'firewall-cmd.at:912' \ "direct" " " 4 at_xfail=no ( $as_echo "51. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:912" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:912" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:912" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:912" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:912" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:912" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:912" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:912" { set +x $as_echo "$at_srcdir/firewall-cmd.at:915: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:915" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:915" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:916: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:916" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:916" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:917: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-chains | grep \"ipv4 filter mychain\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:917" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-chains | grep "ipv4 filter mychain" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:917" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:918: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:918" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:918" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:919: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:919" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:919" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:920: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:920" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:920" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:922: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:922" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:922" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:923: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:923" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:923" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:924: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 filter mychain 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:924" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 filter mychain 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:924" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:925: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:925" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:925" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:926: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:926" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:926" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:927: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:927" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:927" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:928: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:928" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:928" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:929: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:929" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:929" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:931: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:931" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:931" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:932: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:932" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:932" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:933: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:933" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:933" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:934: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:934" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:934" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:935: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -s 192.168.1.1 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:935" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -s 192.168.1.1 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:935" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:936: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"4 -s 192.168.1.2 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:936" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "4 -s 192.168.1.2 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:936" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:937: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"5 -s 192.168.1.3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:937" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "5 -s 192.168.1.3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:937" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:938: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"6 -s 192.168.1.4 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:938" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "6 -s 192.168.1.4 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:938" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:939: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:939" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:939" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:940: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:940" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:940" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:941: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:941" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:941" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:943: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:943" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:943" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:945: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:945" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:945" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:946" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:947" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:948: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:948" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:948" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:949: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:949" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:949" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:952: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:952" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:952" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:953" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:956: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --zone=home --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:956" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --zone=home --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:956" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:957" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:960" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:961: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep \"žluťoučký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:961" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep "žluťoučký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:961" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep \"ipv4 filter žluťoučký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep "ipv4 filter žluťoučký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:964: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:964" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:964" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:965: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:965" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:965" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:966: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 filter žluťoučký 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:966" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 filter žluťoučký 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:966" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:968: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:968" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:968" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:969: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:969" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:969" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:970: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:970" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:970" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:971: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:971" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:971" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:974" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:977: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:977" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:977" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:978: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:978" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:978" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:980: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:980" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:980" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d'"; then sed -i -e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d' ./firewalld.log fi $as_echo "firewall-cmd.at:982" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:982" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_51 #AT_START_52 at_fn_group_banner 52 'firewall-cmd.at:985' \ "direct nat" " " 4 at_xfail=no ( $as_echo "52. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:985" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:985" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:985" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:985" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:985" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:985" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:985" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:985" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 18 || test ${KERNEL_MAJOR} -gt 4; then : else $as_echo "firewall-cmd.at:988" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:988" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:992: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:992" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:992" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:993: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:993" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:993" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:994: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:994" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:994" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:995: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:995" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:995" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:996: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:996" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:996" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:997: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:997" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:997" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:998: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:998" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:998" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:999: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:999" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:999" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1000: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules |grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1000" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules |grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1000" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1001: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1001" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1001" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1002: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1002" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1002" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1003: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1003" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1003" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1004: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1004" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1004" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1007" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1007" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_52 #AT_START_53 at_fn_group_banner 53 'firewall-cmd.at:1009' \ "direct passthrough" " " 4 at_xfail=no ( $as_echo "53. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1009" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1009" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1009" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1009" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1009" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1009" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1012: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1012" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1013: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1013" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1013" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1015: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1015" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1015" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1016" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1018: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1018" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1019: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1019" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1020: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1020" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1020" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1021: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1021" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1021" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1031: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1031" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1031" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1032: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1032" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1032" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1034: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1034" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1034" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1036: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1036" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1036" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1037: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1037" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1037" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1038: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1038" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1038" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1039: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep \"\\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1039" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep "\-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1039" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1040: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep \"ipv4 \\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1040" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep "ipv4 \-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1040" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1041" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1042: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1042" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1042" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/WARNING: NOT_ENABLED: passthrough/d'" != x"ignore"; then if test -n "-e '/WARNING: NOT_ENABLED: passthrough/d'"; then sed -i -e '/WARNING: NOT_ENABLED: passthrough/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1044" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1044" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_53 #AT_START_54 at_fn_group_banner 54 'firewall-cmd.at:1046' \ "direct ebtables" " " 4 at_xfail=no ( $as_echo "54. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1046" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1046" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1046" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1046" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1046" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1046" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1046" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1046" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1049: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1049" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1049" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1050: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1050" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1050" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1051: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1051" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1051" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1052: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1052" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1052" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1053: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1053" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1053" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1058: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1058" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1058" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1059" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1064: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1064" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1064" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1065: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1065" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1065" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1066: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1066" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 -j DROP " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1066" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1078: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1078" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1078" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1079: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1079" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1079" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1081: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1081" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1081" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1082: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1082" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1082" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1084: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1084" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1084" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1084: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1084" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1084" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1085: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1085" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1085" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1089" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1089" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_54 #AT_START_55 at_fn_group_banner 55 'firewall-cmd.at:1091' \ "lockdown" " " 4 at_xfail=no ( $as_echo "55. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1091" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1091" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1091" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1091" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1091" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1091" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1094: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1094" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1094" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1095: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1095" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1095" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1096: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1096" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1096" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1098: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1098" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1099: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1099" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1099" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1123" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1130" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1131" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1138" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1140" >"$at_check_line_file" (test `whoami` != 'root') \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1140" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1144: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1144" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1145" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1146" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1146" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_55 #AT_START_56 at_fn_group_banner 56 'firewall-cmd.at:1158' \ "rich rules good" " " 4 at_xfail=no ( $as_echo "56. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1158" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1158" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1158" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1158" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1158" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1158" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1158" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1158" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1186" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1186" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_56 #AT_START_57 at_fn_group_banner 57 'firewall-cmd.at:1187' \ "rich rules audit" " " 4 at_xfail=no ( $as_echo "57. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1187" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1187" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1187" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1187" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1187" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1187" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1190" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1190" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1190" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add rule inet firewalld_check_log_audit foobar log level audit >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1190" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1190" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1192" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1192" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_57 #AT_START_58 at_fn_group_banner 58 'firewall-cmd.at:1195' \ "rich rules priority" " " 4 at_xfail=no ( $as_echo "58. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1195" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1195" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1195" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1195" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1195" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1195" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1198" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1198" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1198" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add rule inet firewalld_check_log_audit foobar log level audit >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1198" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1198" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1201: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1201" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public { jump filter_IN_public_pre jump filter_IN_public_log jump filter_IN_public_deny jump filter_IN_public_allow jump filter_IN_public_post meta l4proto { icmp, ipv6-icmp } accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1201" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1213: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1213" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public { jump filter_FWDI_public_pre jump filter_FWDI_public_log jump filter_FWDI_public_deny jump filter_FWDI_public_allow jump filter_FWDI_public_post meta l4proto { icmp, ipv6-icmp } accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1213" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1263" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"1122\" protocol=\"tcp\" audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1264" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1265: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"2222\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1265" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="2222" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1265" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"3333\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="3333" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"4444\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_log { tcp dport 1111 ct state new,untracked log tcp dport 1122 ct state new,untracked log level audit } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1268" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { tcp dport 2222 ct state new,untracked drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 1122 ct state new,untracked accept tcp dport 3333 ct state new,untracked accept tcp dport 4444 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1321" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1321" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1324" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1325" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1328: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1328" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1328" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1328: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1328" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1328" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1332: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1332" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1332" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_post { drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1334" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1347: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1347" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1347" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1348" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1349: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1349" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1349" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1350: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1350" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1350" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1351: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1351" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1351" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1352: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1352" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1352" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix=\"foobar: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix="foobar: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.10.0.0/16\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 source address=\"10.1.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.1.0.0/16\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"222\" protocol=\"tcp\" to-port=\"22\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"2222\" protocol=\"tcp\" to-port=\"22\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1366" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8888\" protocol=\"tcp\" to-port=\"80\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8080\" protocol=\"tcp\" to-port=\"80\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=0 forward-port port=\"9090\" protocol=\"tcp\" to-port=\"90\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"999\" protocol=\"tcp\" to-port=\"99\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"9999\" protocol=\"tcp\" to-port=\"9999\" to-addr=\"1234::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_pre { ip saddr 10.1.0.0/16 drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1386" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1393: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1393" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1393" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1401: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1401" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1401" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1407: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1407" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1407" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDO_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDO_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDO_public_pre { ip saddr 10.1.1.0/24 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDO_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDO_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDO_public_allow { ip saddr 10.10.0.0/16 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PRE_public_pre { tcp dport 8888 redirect to :80 tcp dport 8080 dnat to 10.1.1.1:80 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PRE_public_allow { tcp dport 222 redirect to :22 tcp dport 2222 dnat to 10.1.1.1:22 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POST_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POST_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POST_public_pre { ip saddr 10.1.1.0/24 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1443" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POST_public_allow { ip saddr 10.10.0.0/16 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PRE_public_pre { tcp dport 999 redirect to :99 tcp dport 9999 dnat to [1234::4321]:9999 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PRE_public_allow { tcp dport 9090 redirect to :90 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1472: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POST_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1472" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POST_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POST_public_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1472" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1478: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1478" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POST_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1478" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1484: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1484" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1484" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1490: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1490" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1490" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1551" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1551" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1554: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1554" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1554" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1555: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1555" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1555" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1557: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1557" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1557" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1558: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1558" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1558" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1559: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1559" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_pre { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited icmp type echo-request accept icmpv6 type echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1559" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1569: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1569" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1569" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1577: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1577" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp type echo-request accept icmpv6 type echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1577" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1587: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1587" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public_pre { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited icmp type echo-request accept icmpv6 type echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1587" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1597: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1597" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public_deny { icmp type destination-unreachable reject with icmpx type admin-prohibited icmpv6 type destination-unreachable reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1597" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public_allow { icmp type echo-request accept icmpv6 type echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1605" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1659: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1659" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1659" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1660: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1660" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1660" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port=\"1111\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1662: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1662" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1662" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1663: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1663" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1663" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1664: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1664" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1664" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1665: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-32768 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1665" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1665" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-2 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1666" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1667: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.0.0.0/8\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1667" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1667" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1668: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-5 source address=\"10.10.10.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1668" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1668" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1669: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1669" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1669" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1670: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1670" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1670" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1671: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name=\"imap\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1671" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name="imap" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1671" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1672: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix=\"DROPPED: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1672" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix="DROPPED: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1672" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1673: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1673" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1673" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1674: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1674" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1674" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1675: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1675" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1675" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1676: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1676" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1676" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1678" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1679" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1680: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1680" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1680" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1681: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1681" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1681" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1682: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1682" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1682" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_pre { ip saddr 10.0.0.0/8 log tcp dport 1111 ct state new,untracked log tcp dport 1111 ct state new,untracked drop ip saddr 10.10.10.0/24 accept ip saddr 10.0.0.0/8 log ip saddr 10.0.0.0/8 drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1683" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1695: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1695" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1695" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1703: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1703" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1703" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1709: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1709" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_log { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1709" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1715: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1715" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_post { tcp dport 80 ct state new,untracked accept tcp dport 22 ct state new,untracked accept tcp dport 443 ct state new,untracked accept tcp dport 143 ct state new,untracked accept log prefix \"DROPPED: \" drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1715" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1770: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1770" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1770" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1775: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1775" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1775" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1776: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1776" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority=\"-32768\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-100\" port port=\"1111\" protocol=\"tcp\" log rule priority=\"-10\" port port=\"1111\" protocol=\"tcp\" drop rule priority=\"-5\" family=\"ipv4\" source address=\"10.10.10.0/24\" accept rule priority=\"-2\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-1\" family=\"ipv4\" source address=\"10.0.0.0/8\" drop rule service name=\"http\" accept rule priority=\"1\" service name=\"http\" accept rule priority=\"10\" service name=\"ssh\" accept rule priority=\"100\" service name=\"https\" accept rule priority=\"125\" service name=\"imap\" accept rule priority=\"126\" log prefix=\"DROPPED: \" rule priority=\"127\" drop " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1776" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1805" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1805" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_58 #AT_START_59 at_fn_group_banner 59 'firewall-cmd.at:1810' \ "rich rules bad" " " 4 at_xfail=no ( $as_echo "59. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1810" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1810" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1810" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1810" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1810" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1810" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1820: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1820" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1820" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1820: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1820" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1820" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1821" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1821" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1822: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1822" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1822" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1822: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1822" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1822" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1823: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1823" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1823" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1823: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1823" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1823" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1825: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1825" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1825" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1825: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1825" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1825" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1827: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1827" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1827" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1827: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1827" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1827" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1828: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1828" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1828" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1828: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1828" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1828" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1829: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1829" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1829" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1829: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1829" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1829" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1836: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1836" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1836" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1836: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1836" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1836" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1839: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1839" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1839" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1839: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1839" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1839" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d'"; then sed -i -e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1841" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1841" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_59 #AT_START_60 at_fn_group_banner 60 'firewall-cmd.at:1846' \ "config validation" " " 4 at_xfail=no ( $as_echo "60. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1846" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1846" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1846" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1846" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1846" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1846" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1846" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1846" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1850: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1850" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1850" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1855: cp ./firewalld.conf ./firewalld.conf.orig" at_fn_check_prepare_trace "firewall-cmd.at:1855" ( $at_check_trace; cp ./firewalld.conf ./firewalld.conf.orig ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1855" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1856: echo \"SomeBogusField=yes\" >> ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1856" ( $at_check_trace; echo "SomeBogusField=yes" >> ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1856" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1857: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1857" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1857" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1862: cp ./firewalld.conf.orig ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1862" ( $at_check_trace; cp ./firewalld.conf.orig ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1862" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1871" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1879: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1879" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1879" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1880: rm ./direct.xml" at_fn_check_prepare_trace "firewall-cmd.at:1880" ( $at_check_trace; rm ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1880" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1889" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1897: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1897" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1897" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: rm ./lockdown-whitelist.xml" at_fn_check_prepare_trace "firewall-cmd.at:1906" ( $at_check_trace; rm ./lockdown-whitelist.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1909: mkdir -p ./ipsets" at_fn_check_prepare_trace "firewall-cmd.at:1909" ( $at_check_trace; mkdir -p ./ipsets ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1909" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90 _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1916: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1916" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1916" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90:ab _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1928: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1928" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1928" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1935: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1935" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 119 $at_status "$at_srcdir/firewall-cmd.at:1935" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1936: rm ./ipsets/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1936" ( $at_check_trace; rm ./ipsets/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1936" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1939: mkdir -p ./helpers" at_fn_check_prepare_trace "firewall-cmd.at:1939" ( $at_check_trace; mkdir -p ./helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1939" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1945: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1945" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1945" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1952: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1952" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1952" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: rm ./helpers/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1963" ( $at_check_trace; rm ./helpers/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: mkdir -p ./icmptypes" at_fn_check_prepare_trace "firewall-cmd.at:1966" ( $at_check_trace; mkdir -p ./icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1973" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1982: rm ./icmptypes/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1982" ( $at_check_trace; rm ./icmptypes/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1982" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1985: mkdir -p ./services" at_fn_check_prepare_trace "firewall-cmd.at:1985" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1985" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1992: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1992" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:1992" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2000: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2000" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2000" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2008: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2008" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2008" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2016" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2024: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2024" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2024" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2032: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2032" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2032" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2041" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2049: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2049" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2049" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2050: rm ./services/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2050" ( $at_check_trace; rm ./services/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2050" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2053: mkdir -p ./zones" at_fn_check_prepare_trace "firewall-cmd.at:2053" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2053" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2057: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2057" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/firewall-cmd.at:2057" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2065: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2065" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:2065" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2073: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2073" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2073" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2081: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2081" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2081" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2089: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2089" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2089" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2097" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2105" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2113" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2121" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2129" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2137" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2145" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2160: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2160" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2160" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2173" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2188: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2188" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2188" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2203" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2205" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2221: rm ./zones/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2221" ( $at_check_trace; rm ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2221" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR:/d' -e '/WARNING:/d'" != x"ignore"; then if test -n "-e '/ERROR:/d' -e '/WARNING:/d'"; then sed -i -e '/ERROR:/d' -e '/WARNING:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:2223" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:2223" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_60 #AT_START_61 at_fn_group_banner 61 'rhbz1514043.at:1' \ "--set-log-denied does not zero config" " " 5 at_xfail=no ( $as_echo "61. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1514043.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" { set +x $as_echo "$at_srcdir/rhbz1514043.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: dhcpv6-client samba ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix \"RFC3964_IPv4_REJECT: \" reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:26" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1514043.at:87" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:87" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_61 #AT_START_62 at_fn_group_banner 62 'rhbz1498923.at:1' \ "invalid direct rule causes reload error" " " 5 at_xfail=no ( $as_echo "62. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1498923.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" { set +x $as_echo "$at_srcdir/rhbz1498923.at:5: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:5" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "no zone " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 2 $at_status "$at_srcdir/rhbz1498923.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:17: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:17" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1498923.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "failed " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:45" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/.*a-bogus-flag.*/d'" != x"ignore"; then if test -n "-e '/.*a-bogus-flag.*/d'"; then sed -i -e '/.*a-bogus-flag.*/d' ./firewalld.log fi $as_echo "rhbz1498923.at:46" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:46" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_62 #AT_START_63 at_fn_group_banner 63 'pr181.at:1' \ "combined zones name length check" " " 5 at_xfail=no ( $as_echo "63. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr181.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr181.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:1" { set +x $as_echo "$at_srcdir/pr181.at:4: mkdir -p ./zones/foobar" at_fn_check_prepare_trace "pr181.at:4" ( $at_check_trace; mkdir -p ./zones/foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:6: echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:6" ( $at_check_trace; echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:7: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:7" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:8: echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:8" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:9: echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:9" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:10: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:10" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:11: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:11" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:13: echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:13" ( $at_check_trace; echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:14: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:14" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:15: echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:15" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:16: echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:16" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:17: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:17" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:18: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:18" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: http ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:21" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "pr181.at:24" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_63 #AT_START_64 at_fn_group_banner 64 'gh287.at:1' \ "ICMP block inversion" " " 5 at_xfail=no ( $as_echo "64. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh287.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh287.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:1" { set +x $as_echo "$at_srcdir/gh287.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "gh287.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:5: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:5" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:6: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:6" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:7: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:7" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:8: echo 'foobar desc' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:8" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:9: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:9" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:10: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:10" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:11: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:11" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:12: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:12" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh287.at:15" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:15" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_64 #AT_START_65 at_fn_group_banner 65 'individual_calls.at:1' \ "individual calls" " " 5 at_xfail=no ( $as_echo "65. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/individual_calls.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "individual_calls.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" { set +x $as_echo "$at_srcdir/individual_calls.at:4: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:4" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "individual_calls.at:7" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:7" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_65 #AT_START_66 at_fn_group_banner 66 'rhbz1534571.at:3' \ "rule deduplication" " " 5 at_xfail=no ( $as_echo "66. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1534571.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" { set +x $as_echo "$at_srcdir/rhbz1534571.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1534571.at:17" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_66 #AT_START_67 at_fn_group_banner 67 'gh290.at:1' \ "invalid syntax in xml files" " " 5 at_xfail=no ( $as_echo "67. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh290.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:1" { set +x $as_echo "$at_srcdir/gh290.at:5: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:5" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:6: echo '' > ./direct.xml" at_fn_check_prepare_trace "gh290.at:6" ( $at_check_trace; echo '' > ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:7: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:7" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:8: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:8" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:9: echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:9" ( $at_check_trace; echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:11: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:11" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:14: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:14" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:15: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:15" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:16: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:16" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:17: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:17" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:19: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:20: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:20" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:21: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:21" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:21" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:23" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:23" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:23" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:23" { set +x $as_echo "$at_srcdir/gh290.at:24: grep \"ERROR:.*mismatched tag\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:24" ( $at_check_trace; grep "ERROR:.*mismatched tag" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:25: grep \"ERROR:.*Missing attribute protocol for port\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:25" ( $at_check_trace; grep "ERROR:.*Missing attribute protocol for port" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:25" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR:.*mismatched tag.*/d' -e '/ERROR:.*Missing attribute protocol for port.*/d'" != x"ignore"; then if test -n "-e '/ERROR:.*mismatched tag.*/d' -e '/ERROR:.*Missing attribute protocol for port.*/d'"; then sed -i -e '/ERROR:.*mismatched tag.*/d' -e '/ERROR:.*Missing attribute protocol for port.*/d' ./firewalld.log fi $as_echo "gh290.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_67 #AT_START_68 at_fn_group_banner 68 'icmp_block_in_forward_chain.at:1' \ "ICMP block present FORWARD chain" " " 5 at_xfail=no ( $as_echo "68. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { icmp type destination-unreachable icmp code host-prohibited reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWDI_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWDI_public_deny { icmp type destination-unreachable icmp code host-prohibited reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:13" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "icmp_block_in_forward_chain.at:28" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_68 #AT_START_69 at_fn_group_banner 69 'pr323.at:1' \ "GRE proto helper" " " 5 at_xfail=no ( $as_echo "69. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr323.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr323.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:1" $as_echo "pr323.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} modinfo nf_conntrack_proto_gre ) \ && at_fn_check_skip 77 "$at_srcdir/pr323.at:4" { set +x $as_echo "$at_srcdir/pr323.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:10: lsmod | grep nf_conntrack_proto_gre" at_fn_check_prepare_notrace 'a shell pipeline' "pr323.at:10" ( $at_check_trace; lsmod | grep nf_conntrack_proto_gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "pr323.at:12" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_69 #AT_START_70 at_fn_group_banner 70 'rhbz1506742.at:1' \ "ipset with timeout" " " 5 at_xfail=no ( $as_echo "70. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1506742.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" { set +x $as_echo "$at_srcdir/rhbz1506742.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:4" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" { set +x $as_echo "$at_srcdir/rhbz1506742.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:11" $at_failed && at_fn_log_failure $at_traceon; } cat >foobar_entries.txt <<'_ATEOF' 1.2.3.4 10.0.1.1 _ATEOF { set +x $as_echo "$at_srcdir/rhbz1506742.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d'" != x"ignore"; then if test -n "-e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d'"; then sed -i -e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d' ./firewalld.log fi $as_echo "rhbz1506742.at:21" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:21" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_70 #AT_START_71 at_fn_group_banner 71 'rhbz1594657.at:1' \ "no log untracked passthrough queries" " " 5 at_xfail=no ( $as_echo "71. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1594657.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" { set +x $as_echo "$at_srcdir/rhbz1594657.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:9" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1594657.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:11" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1594657.at:16" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_71 #AT_START_72 at_fn_group_banner 72 'rhbz1571957.at:1' \ "set-log-denied w/ ICMP block inversion" " " 5 at_xfail=no ( $as_echo "72. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1571957.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" { set +x $as_echo "$at_srcdir/rhbz1571957.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:7: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:7" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1571957.at:12" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_72 #AT_START_73 at_fn_group_banner 73 'rhbz1404076.at:1' \ "query single port added with range" " " 5 at_xfail=no ( $as_echo "73. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1404076.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" { set +x $as_echo "$at_srcdir/rhbz1404076.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1404076.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_73 #AT_START_74 at_fn_group_banner 74 'gh366.at:1' \ "service destination multiple IP versions" " " 5 at_xfail=no ( $as_echo "74. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh366.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh366.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:1" { set +x $as_echo "$at_srcdir/gh366.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule=\"rule service name=\"mdns\" accept\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule="rule service name="mdns" accept" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family=\"ipv4\" destination address=\"10.10.10.0/24\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family="ipv4" destination address="10.10.10.0/24" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 122 $at_status "$at_srcdir/gh366.at:33" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_RULE: Destination conflict with service/d'"; then sed -i -e '/ERROR: INVALID_RULE: Destination conflict with service/d' ./firewalld.log fi $as_echo "gh366.at:36" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:36" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_74 #AT_START_75 at_fn_group_banner 75 'rhbz1601610.at:1' \ "ipset duplicate entries" " " 5 at_xfail=no ( $as_echo "75. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1601610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" { set +x $as_echo "$at_srcdir/rhbz1601610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:4" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" { set +x $as_echo "$at_srcdir/rhbz1601610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1601610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.2.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.2.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.1.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.1.0.0/22, 10.2.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.1.0.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.1.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:57" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:83: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:83" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:94" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d'" != x"ignore"; then if test -n "-e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d'"; then sed -i -e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d' ./firewalld.log fi $as_echo "rhbz1601610.at:102" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:102" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_75 #AT_START_76 at_fn_group_banner 76 'gh303.at:1' \ "unicode in XML" " " 5 at_xfail=no ( $as_echo "76. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh303.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:1" { set +x $as_echo "$at_srcdir/gh303.at:4: mkdir -p ./services" at_fn_check_prepare_trace "gh303.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:5: cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Ё ώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE " at_fn_check_prepare_notrace 'an embedded newline' "gh303.at:5" ( $at_check_trace; cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Ё ώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:5" $at_failed && at_fn_log_failure $at_traceon; } LC_ALL="C" export LC_ALL pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:17" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:17" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:17" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:17" { set +x $as_echo "$at_srcdir/gh303.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh303.at:22" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:22" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_76 #AT_START_77 at_fn_group_banner 77 'gh335.at:1' \ "forward-port toaddr enables IP forwarding" " " 5 at_xfail=no ( $as_echo "77. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh335.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh335.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:1" { set +x $as_echo "$at_srcdir/gh335.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:4" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr=\"1234:5678::4321\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:26" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:27" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"10.10.10.10\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"1234:5678::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:49" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:50" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "gh335.at:68" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:68" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_77 #AT_START_78 at_fn_group_banner 78 'gh482.at:1' \ "remove forward-port after reload" " " 5 at_xfail=no ( $as_echo "78. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh482.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh482.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:1" { set +x $as_echo "$at_srcdir/gh482.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh482.at:17" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_78 #AT_START_79 at_fn_group_banner 79 'gh478.at:1' \ "rich rule marks every packet" " " 5 at_xfail=no ( $as_echo "79. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh478.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh478.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:1" { set +x $as_echo "$at_srcdir/gh478.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh478.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_allow { tcp dport 1234 mark set 0x0000000a meta l4proto icmp mark set 0x0000000b tcp sport 4321 mark set 0x0000000c } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:8" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh478.at:28" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_79 #AT_START_80 at_fn_group_banner 80 'gh453.at:1' \ "nftables helper objects" " " 5 at_xfail=no ( $as_echo "80. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh453.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh453.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh453.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh453.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh453.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh453.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh453.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh453.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh453.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh453.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh453.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh453.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh453.at:1" { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ct_helper " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ct_helper ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh453.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add ct helper inet firewalld helper-ftp-tcp { type \"ftp\" protocol tcp \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh453.at:1" { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ct_helper " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ct_helper ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-automatic-helpers=no " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-automatic-helpers=no ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list ruleset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } |grep -A3 \"ct helper helper-ftp-tcp\" " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list ruleset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } |grep -A3 "ct helper helper-ftp-tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ct helper helper-ftp-tcp { type \"ftp\" protocol tcp l3proto inet } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 21 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list ruleset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } |grep -A3 \"ct helper helper-sip-tcp\" " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list ruleset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } |grep -A3 "ct helper helper-sip-tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ct helper helper-sip-tcp { type \"sip\" protocol tcp l3proto inet } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list ruleset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } |grep -A3 \"ct helper helper-sip-udp\" " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list ruleset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } |grep -A3 "ct helper helper-sip-udp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ct helper helper-sip-udp { type \"sip\" protocol udp l3proto inet } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 21 ct state new,untracked accept tcp dport 5060 ct helper set \"helper-sip-tcp\" udp dport 5060 ct helper set \"helper-sip-udp\" tcp dport 5060 ct state new,untracked accept udp dport 5060 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh453.at:1" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh453.at:1" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_80 #AT_START_81 at_fn_group_banner 81 'gh258.at:1' \ "zone dispatch layout" " " 5 at_xfail=no ( $as_echo "81. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh258.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh258.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:1" { set +x $as_echo "$at_srcdir/gh258.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source=\"1.2.3.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source="1.2.3.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=\"dead:beef::/54\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source="dead:beef::/54" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:11: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:11" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip6 saddr dead:beef::/54 goto filter_IN_public ip saddr 1.2.3.0/24 goto filter_IN_trusted iifname \"dummy0\" goto filter_IN_trusted iifname \"dummy1\" goto filter_IN_public goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_IN_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_IN_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_IN_ZONES { ip6 saddr dead:beef::/54 goto filter_FWDI_public ip saddr 1.2.3.0/24 goto filter_FWDI_trusted iifname \"dummy0\" goto filter_FWDI_trusted iifname \"dummy1\" goto filter_FWDI_public goto filter_FWDI_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_OUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_OUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_OUT_ZONES { ip6 daddr dead:beef::/54 goto filter_FWDO_public ip daddr 1.2.3.0/24 goto filter_FWDO_trusted oifname \"dummy0\" goto filter_FWDO_trusted oifname \"dummy1\" goto filter_FWDO_public goto filter_FWDO_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:63" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : { set +x $as_echo "$at_srcdir/gh258.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . iif oif missing drop jump raw_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:74" $at_failed && at_fn_log_failure $at_traceon; } else : { set +x $as_echo "$at_srcdir/gh258.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING { jump raw_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:74" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto raw_PRE_public ip saddr 1.2.3.0/24 goto raw_PRE_trusted iifname \"dummy0\" goto raw_PRE_trusted iifname \"dummy1\" goto raw_PRE_public goto raw_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto mangle_PRE_public ip saddr 1.2.3.0/24 goto mangle_PRE_trusted iifname \"dummy0\" goto mangle_PRE_trusted iifname \"dummy1\" goto mangle_PRE_public goto mangle_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PREROUTING_ZONES { ip saddr 1.2.3.0/24 goto nat_PRE_trusted iifname \"dummy0\" goto nat_PRE_trusted iifname \"dummy1\" goto nat_PRE_public goto nat_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING_ZONES { ip daddr 1.2.3.0/24 goto nat_POST_trusted oifname \"dummy0\" goto nat_POST_trusted oifname \"dummy1\" goto nat_POST_public goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:156: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:156" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:156" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto nat_PRE_public iifname \"dummy0\" goto nat_PRE_trusted iifname \"dummy1\" goto nat_PRE_public goto nat_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING_ZONES { ip6 daddr dead:beef::/54 goto nat_POST_public oifname \"dummy0\" goto nat_POST_trusted oifname \"dummy1\" goto nat_POST_public goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:353: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:353" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:353" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES_SOURCE jump filter_INPUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto filter_IN_public ip saddr 1.2.3.0/24 goto filter_IN_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { iifname \"dummy0\" goto filter_IN_trusted iifname \"dummy1\" goto filter_IN_public goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES_SOURCE jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES_SOURCE jump filter_FORWARD_OUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:386" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_IN_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_IN_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_IN_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto filter_FWDI_public ip saddr 1.2.3.0/24 goto filter_FWDI_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:402" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_IN_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_IN_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_IN_ZONES { iifname \"dummy0\" goto filter_FWDI_trusted iifname \"dummy1\" goto filter_FWDI_public goto filter_FWDI_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:410" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_OUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_OUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_OUT_ZONES_SOURCE { ip6 daddr dead:beef::/54 goto filter_FWDO_public ip daddr 1.2.3.0/24 goto filter_FWDO_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_OUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_OUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_OUT_ZONES { oifname \"dummy0\" goto filter_FWDO_trusted oifname \"dummy1\" goto filter_FWDO_public goto filter_FWDO_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:427" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : { set +x $as_echo "$at_srcdir/gh258.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . iif oif missing drop jump raw_PREROUTING_ZONES_SOURCE jump raw_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:436" $at_failed && at_fn_log_failure $at_traceon; } else : { set +x $as_echo "$at_srcdir/gh258.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING { jump raw_PREROUTING_ZONES_SOURCE jump raw_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:436" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto raw_PRE_public ip saddr 1.2.3.0/24 goto raw_PRE_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld raw_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain raw_PREROUTING_ZONES { iifname \"dummy0\" goto raw_PRE_trusted iifname \"dummy1\" goto raw_PRE_public goto raw_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:474: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:474" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES_SOURCE jump mangle_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:474" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:482: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:482" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto mangle_PRE_public ip saddr 1.2.3.0/24 goto mangle_PRE_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:482" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:490: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:490" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_ZONES { iifname \"dummy0\" goto mangle_PRE_trusted iifname \"dummy1\" goto mangle_PRE_public goto mangle_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:490" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES_SOURCE jump nat_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:499" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:507: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:507" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PREROUTING_ZONES_SOURCE { ip saddr 1.2.3.0/24 goto nat_PRE_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:507" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:514: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:514" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_PREROUTING_ZONES { iifname \"dummy0\" goto nat_PRE_trusted iifname \"dummy1\" goto nat_PRE_public goto nat_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:514" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES_SOURCE jump nat_POSTROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:531: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:531" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip daddr 1.2.3.0/24 goto nat_POST_trusted } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:531" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:538: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:538" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING_ZONES { oifname \"dummy0\" goto nat_POST_trusted oifname \"dummy1\" goto nat_POST_public goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:538" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES_SOURCE jump nat_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:547" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:555: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:555" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PREROUTING_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto nat_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:555" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_PREROUTING_ZONES { iifname \"dummy0\" goto nat_PRE_trusted iifname \"dummy1\" goto nat_PRE_public goto nat_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:571: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:571" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES_SOURCE jump nat_POSTROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:571" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:579: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:579" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip6 daddr dead:beef::/54 goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:579" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:586: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:586" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING_ZONES { oifname \"dummy0\" goto nat_POST_trusted oifname \"dummy1\" goto nat_POST_public goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:586" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'" != x"ignore"; then if test -n "-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'"; then sed -i -e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d' ./firewalld.log fi $as_echo "gh258.at:794" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:794" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_81 #AT_START_82 at_fn_group_banner 82 'rhbz1715977.at:1' \ "rich rule src/dst with service destination" " " 5 at_xfail=no ( $as_echo "82. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1715977.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" { set +x $as_echo "$at_srcdir/rhbz1715977.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set \"helper-netbios-ns-udp\" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.111.222/32\" source address=\"10.10.10.0/24\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set \"helper-netbios-ns-udp\" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name=\"ssdp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set \"helper-netbios-ns-udp\" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_RULE: Destination conflict with service/d'"; then sed -i -e '/ERROR: INVALID_RULE: Destination conflict with service/d' ./firewalld.log fi $as_echo "rhbz1715977.at:106" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:106" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_82 #AT_START_83 at_fn_group_banner 83 'rhbz1723610.at:1' \ "direct remove-rules per family" " " 5 at_xfail=no ( $as_echo "83. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1723610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" { set +x $as_echo "$at_srcdir/rhbz1723610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:29" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1723610.at:31" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:31" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_83 #AT_START_84 at_fn_group_banner 84 'rhbz1734765.at:1' \ "zone sources ordered by name" " " 5 at_xfail=no ( $as_echo "84. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1734765.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" { set +x $as_echo "$at_srcdir/rhbz1734765.at:7: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:7" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"10.1.1.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"10.1.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"10.2.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"10.1.1.1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="10.1.1.1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"10.2.2.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"10.0.0.0/8\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"1234:5678::1:1:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"1234:5678::1:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"1234:5678::2:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"1234:5678::2:2:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"1234:5678::0:0:0/80\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"1234:5678::1:1:1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld ipsetv4; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld ipsetv4; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set ipsetv4 { type ipv4_addr elements = { 192.0.2.12 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld ipsetv6; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld ipsetv6; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set ipsetv6 { type ipv6_addr elements = { ::2 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"10.10.10.10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="10.10.10.10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"20.20.20.20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="20.20.20.20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"1234:5678::10:10:10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="1234:5678::10:10:10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"1234:5678::20:20:20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="1234:5678::20:20:20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr 10.1.1.1 goto filter_IN_foobar_00 ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ip saddr 10.10.10.10 goto filter_IN_foobar_010 ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ip saddr @ipsetv4 goto filter_IN_foobar_011 ip6 saddr @ipsetv6 goto filter_IN_foobar_012 ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ip saddr 20.20.20.20 goto filter_IN_public ip6 saddr 1234:5678::20:20:20 goto filter_IN_public iifname \"foobar2\" goto filter_IN_foobar_010 iifname \"foobar1\" goto filter_IN_trusted iifname \"foobar0\" goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING_ZONES { ip daddr 10.1.1.1 goto nat_POST_foobar_00 ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ip daddr 10.10.10.10 goto nat_POST_foobar_010 ip daddr @ipsetv4 goto nat_POST_foobar_011 ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ip daddr 20.20.20.20 goto nat_POST_public oifname \"foobar2\" goto nat_POST_foobar_010 oifname \"foobar1\" goto nat_POST_trusted oifname \"foobar0\" goto nat_POST_internal goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING_ZONES { ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ip6 daddr @ipsetv6 goto nat_POST_foobar_012 ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ip6 daddr 1234:5678::20:20:20 goto nat_POST_public oifname \"foobar2\" goto nat_POST_foobar_010 oifname \"foobar1\" goto nat_POST_trusted oifname \"foobar0\" goto nat_POST_internal goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:207: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:207" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:207" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:208" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:208" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"10.10.10.10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="10.10.10.10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:210" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"20.20.20.20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="20.20.20.20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"1234:5678::10:10:10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="1234:5678::10:10:10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"1234:5678::20:20:20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="1234:5678::20:20:20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES_SOURCE { ip saddr 10.1.1.1 goto filter_IN_foobar_00 ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ip saddr 10.10.10.10 goto filter_IN_foobar_010 ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ip saddr @ipsetv4 goto filter_IN_foobar_011 ip6 saddr @ipsetv6 goto filter_IN_foobar_012 ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ip saddr 20.20.20.20 goto filter_IN_public ip6 saddr 1234:5678::20:20:20 goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:219" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { iifname \"foobar2\" goto filter_IN_foobar_010 iifname \"foobar1\" goto filter_IN_trusted iifname \"foobar0\" goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip daddr 10.1.1.1 goto nat_POST_foobar_00 ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ip daddr 10.10.10.10 goto nat_POST_foobar_010 ip daddr @ipsetv4 goto nat_POST_foobar_011 ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ip daddr 20.20.20.20 goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip firewalld { chain nat_POSTROUTING_ZONES { oifname \"foobar2\" goto nat_POST_foobar_010 oifname \"foobar1\" goto nat_POST_trusted oifname \"foobar0\" goto nat_POST_internal goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:268" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ip6 daddr @ipsetv6 goto nat_POST_foobar_012 ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ip6 daddr 1234:5678::20:20:20 goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain ip6 firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table ip6 firewalld { chain nat_POSTROUTING_ZONES { oifname \"foobar2\" goto nat_POST_foobar_010 oifname \"foobar1\" goto nat_POST_trusted oifname \"foobar0\" goto nat_POST_internal goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:293" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'" != x"ignore"; then if test -n "-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'"; then sed -i -e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d' ./firewalld.log fi $as_echo "rhbz1734765.at:373" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:373" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_84 #AT_START_85 at_fn_group_banner 85 'gh509.at:1' \ "missing firewalld.conf file" " " 5 at_xfail=no ( $as_echo "85. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh509.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh509.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh509.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh509.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh509.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh509.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : $as_echo "gh509.at:7" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/gh509.at:7" fi { set +x $as_echo "$at_srcdir/gh509.at:9: if ! rm ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh509.at:9" ( $at_check_trace; if ! rm ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:9" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh509.at:10" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:10" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh509.at:10" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:10" if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d'"; then sed -i -e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d' ./firewalld.log fi $as_echo "gh509.at:12" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_85 #AT_START_86 at_fn_group_banner 86 'gh567.at:1' \ "rich rule source w/ mark action" " " 5 at_xfail=no ( $as_echo "86. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh567.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh567.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:1" { set +x $as_echo "$at_srcdir/gh567.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule \"rule family=ipv4 source ipset=Teste mark set=2\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule "rule family=ipv4 source ipset=Teste mark set=2" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:6" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh567.at:8" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:8" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_86 #AT_START_87 at_fn_group_banner 87 'rhbz1779835.at:1' \ "ipv6 address with brackets" " " 5 at_xfail=no ( $as_echo "87. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1779835.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" { set +x $as_echo "$at_srcdir/rhbz1779835.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1779835.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_87 #AT_START_88 at_fn_group_banner 88 'gh330.at:1' \ "ipset cleanup on reload/stop" " " 5 at_xfail=no ( $as_echo "88. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh330.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:1" { set +x $as_echo "$at_srcdir/gh330.at:4: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:4" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh330.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh330.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:29: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:29" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 4.3.2.1, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 6.6.6.6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 4.3.2.1, 6.6.6.6, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:115: sed -i 's/^CleanUpOnExit.*/CleanUpOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:115" ( $at_check_trace; sed -i 's/^CleanUpOnExit.*/CleanUpOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:117" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:118" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:118" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:118" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:118" { set +x $as_echo "$at_srcdir/gh330.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:119" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } { set +x $as_echo "$at_srcdir/gh330.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:128" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:136" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:136" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:136" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:136" if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh330.at:138" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:138" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_88 #AT_START_89 at_fn_group_banner 89 'python.at:3' \ "firewalld_test.py" " " 6 at_xfail=no ( $as_echo "89. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:3" { set +x $as_echo "$at_srcdir/python.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_test.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_test.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:5" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:6" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:6" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_89 #AT_START_90 at_fn_group_banner 90 'python.at:8' \ "firewalld_config.py" " " 6 at_xfail=no ( $as_echo "90. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:8: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:8: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:8: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:8" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:8" { set +x $as_echo "$at_srcdir/python.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_config.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_config.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:11" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:11" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_90 #AT_START_91 at_fn_group_banner 91 'python.at:13' \ "firewalld_rich.py" " " 6 at_xfail=no ( $as_echo "91. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:13: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:13: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:13: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:13" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:13" { set +x $as_echo "$at_srcdir/python.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_rich.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_rich.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:16" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_91 #AT_START_92 at_fn_group_banner 92 'python.at:18' \ "firewalld_direct.py" " " 6 at_xfail=no ( $as_echo "92. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:18: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:18" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:18" { set +x $as_echo "$at_srcdir/python.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_direct.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_direct.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:21" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:21" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_92 #AT_START_93 at_fn_group_banner 93 'rfc3964_ipv4.at:1' \ "RFC3964_IPv4" " " 7 at_xfail=no ( $as_echo "93. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:4: sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:4" ( $at_check_trace; sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:5: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:5" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix \"RFC3964_IPv4_REJECT: \" reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT { oifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix \"RFC3964_IPv4_REJECT: \" reject with icmpv6 type addr-unreachable } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:70: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:70" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx type admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT { oifname \"lo\" accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:88" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rfc3964_ipv4.at:113" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:113" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_93 #AT_START_94 at_fn_group_banner 94 'service_include.at:1' \ "service include" " " 7 at_xfail=no ( $as_echo "94. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service_include.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service_include.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:1" { set +x $as_echo "$at_srcdir/service_include.at:4: mkdir -p ./services" at_fn_check_prepare_trace "service_include.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:5: cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:5" ( $at_check_trace; cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:17: cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:17" ( $at_check_trace; cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=drop --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=drop --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_drop_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_drop_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_drop_allow { ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept ip6 daddr ff02::c udp dport 1900 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept tcp dport 12345 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:64: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:64" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:67: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:67" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:81" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" "service_include.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" "service_include.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:96: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:96" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" "service_include.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:98: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:98" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:99: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:99" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" "service_include.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; }" at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=drop --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=drop --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dhcpv6-client ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:126" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_SERVICE: does-not-exist/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_SERVICE: does-not-exist/d'"; then sed -i -e '/ERROR: INVALID_SERVICE: does-not-exist/d' ./firewalld.log fi $as_echo "service_include.at:128" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:128" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_94 #AT_START_95 at_fn_group_banner 95 'helpers_custom.at:1' \ "customer helpers" " " 7 at_xfail=no ( $as_echo "95. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/helpers_custom.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "helpers_custom.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" { set +x $as_echo "$at_srcdir/helpers_custom.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-service=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-service="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set \"helper-ftptest-tcp\" tcp dport 2121 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/helpers_custom.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set \"helper-ftptest-tcp\" tcp dport 2121 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"21/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="21/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 2121 ct helper set \"helper-ftptest-tcp\" tcp dport 2121 ct state new,untracked accept tcp dport 21 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:124" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "helpers_custom.at:156" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:156" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_95 #AT_START_96 at_fn_group_banner 96 'firewall-cmd.at:5' \ "basic options" " " 8 at_xfail=no ( $as_echo "96. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" { set +x $as_echo "$at_srcdir/firewall-cmd.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --help " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --help ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -V " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -V ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --complete-reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --complete-reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "yes " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "no " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_96 #AT_START_97 at_fn_group_banner 97 'firewall-cmd.at:28' \ "get/list options" " " 8 at_xfail=no ( $as_echo "97. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:28" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" { set +x $as_echo "$at_srcdir/firewall-cmd.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:42" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:42" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_97 #AT_START_98 at_fn_group_banner 98 'firewall-cmd.at:44' \ "default zone" " " 8 at_xfail=no ( $as_echo "98. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:44" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" { set +x $as_echo "$at_srcdir/firewall-cmd.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"home\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="home" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "home " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:53" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:54" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:54" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_98 #AT_START_99 at_fn_group_banner 99 'firewall-cmd.at:56' \ "user zone" " " 8 at_xfail=no ( $as_echo "99. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:56" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" { set +x $as_echo "$at_srcdir/firewall-cmd.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/firewall-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/firewall-cmd.at:72" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_TARGET: BAD/d' -e '/ERROR: INVALID_NAME: Zone of/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_TARGET: BAD/d' -e '/ERROR: INVALID_NAME: Zone of/d'"; then sed -i -e '/ERROR: INVALID_TARGET: BAD/d' -e '/ERROR: INVALID_NAME: Zone of/d' ./firewalld.log fi $as_echo "firewall-cmd.at:73" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:73" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_99 #AT_START_100 at_fn_group_banner 100 'firewall-cmd.at:76' \ "zone interfaces" " " 8 at_xfail=no ( $as_echo "100. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:76" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" { set +x $as_echo "$at_srcdir/firewall-cmd.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dmz " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "perm_dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:130" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:148: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:148" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:148" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:153" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:154" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:167" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'" != x"ignore"; then if test -n "-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'"; then sed -i -e '/ERROR: ZONE_CONFLICT: perm_dummy/d' ./firewalld.log fi $as_echo "firewall-cmd.at:172" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:172" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_100 #AT_START_101 at_fn_group_banner 101 'firewall-cmd.at:174' \ "zone sources" " " 8 at_xfail=no ( $as_echo "101. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:174" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x" -e '/ERROR: ZONE_CONFLICT/d'" != x"ignore"; then if test -n " -e '/ERROR: ZONE_CONFLICT/d'"; then sed -i -e '/ERROR: ZONE_CONFLICT/d' ./firewalld.log fi $as_echo "firewall-cmd.at:224" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:224" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_101 #AT_START_102 at_fn_group_banner 102 'firewall-cmd.at:226' \ "services" " " 8 at_xfail=no ( $as_echo "102. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:226" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:226" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:226: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:226" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:226" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:226" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:226" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:226" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:226" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:226" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:226" { set +x $as_echo "$at_srcdir/firewall-cmd.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:229" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:231" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:232" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:237: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:237" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:237" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:238: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:238" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:238" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dns ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:248" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:258" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:266" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:267" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_SERVICE:/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_SERVICE:/d'"; then sed -i -e '/ERROR: INVALID_SERVICE:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:268" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:268" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_102 #AT_START_103 at_fn_group_banner 103 'firewall-cmd.at:270' \ "user services" " " 8 at_xfail=no ( $as_echo "103. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:270" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:270" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:270: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:270" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:270" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:270" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:270" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:270" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:270" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:270" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:270" { set +x $as_echo "$at_srcdir/firewall-cmd.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:275" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:286" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:287" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:288" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:289: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:289" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:289" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:290" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:303: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:303" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:303" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:305: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:305" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:305" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:307" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:308" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:309" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:312: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:312" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:312" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:313" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:314" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:315: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:315" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:315" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:319" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:320" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:322: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:322" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/firewall-cmd.at:322" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:323: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:323" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:323" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:324" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:325" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:334" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:335" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:336" $at_failed && at_fn_log_failure $at_traceon; } cat >./foobar-to-be-renamed <<'_ATEOF' { set +x $as_echo "$at_srcdir/firewall-cmd.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:338" $at_failed && at_fn_log_failure $at_traceon; } _ATEOF if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d'" != x"ignore"; then if test -n "-e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d'"; then sed -i -e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:349" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:349" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_103 #AT_START_104 at_fn_group_banner 104 'firewall-cmd.at:352' \ "ports" " " 8 at_xfail=no ( $as_echo "104. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:352" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:352" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:352: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:352" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:352" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:352" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:352" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:352" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:352" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:352" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:352" { set +x $as_echo "$at_srcdir/firewall-cmd.at:355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:364: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:364" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:364" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:372: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:372" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:372" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:376" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:379: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:379" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:379" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:380" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:382" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:383: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:383" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:383" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:385: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:385" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:385" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:386" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:387: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:387" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:387" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:388: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:388" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:388" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:389: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:389" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:389" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:390: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:390" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:390" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:391: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:391" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:391" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:392" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:394: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:394" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:394" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:395: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:395" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:395" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:396: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:396" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:396" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:397: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:397" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:397" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:398: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:398" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:398" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:399" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:401: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:401" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:401" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:402" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:403: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:403" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:403" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:404" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:405: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:405" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:405" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:406" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:407" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:407" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_104 #AT_START_105 at_fn_group_banner 105 'firewall-cmd.at:409' \ "source ports" " " 8 at_xfail=no ( $as_echo "105. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:409" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:409" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:409: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:409" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:409" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:409" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:409" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:409" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:409" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:409" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:409" { set +x $as_echo "$at_srcdir/firewall-cmd.at:412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:416" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:417: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:417" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:417" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:418: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:418" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:418" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:422: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:422" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:422" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:424" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:425: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:425" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:425" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:426" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:429: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:429" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:429" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:431: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:431" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:431" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:432: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:432" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:432" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:433" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:434" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:436" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:438: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:438" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:438" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:439" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:440" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:442" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:443" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:444" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:444" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_105 #AT_START_106 at_fn_group_banner 106 'firewall-cmd.at:446' \ "protocols" " " 8 at_xfail=no ( $as_echo "106. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:446" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:446" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:446: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:446" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:446" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:446" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:446" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:446" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:446" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:446" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:446" { set +x $as_echo "$at_srcdir/firewall-cmd.at:449: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:449" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:449" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:456: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:456" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:456" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:464: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:464" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:464" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:466" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:467" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:468" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:469" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:470: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:470" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:470" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:471: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:471" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:471" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_PROTOCOL: dummy/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_PROTOCOL: dummy/d'"; then sed -i -e '/ERROR: INVALID_PROTOCOL: dummy/d' ./firewalld.log fi $as_echo "firewall-cmd.at:472" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:472" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_106 #AT_START_107 at_fn_group_banner 107 'firewall-cmd.at:474' \ "masquerade" " " 8 at_xfail=no ( $as_echo "107. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:474" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:474" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:474: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:474" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:474" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:474" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:474" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:474" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:474" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:474" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:474" { set +x $as_echo "$at_srcdir/firewall-cmd.at:477: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:477" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:477" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:492: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:492" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:492" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:495: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:495" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:495" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:497" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:498: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:498" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:498" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:499" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:501: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:501" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:501" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:503: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:503" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:503" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:504: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:504" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:504" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:505" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:505" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_107 #AT_START_108 at_fn_group_banner 108 'firewall-cmd.at:507' \ "forward ports" " " 8 at_xfail=no ( $as_echo "108. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:507" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:507" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:507" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:507" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:507" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:507" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:507" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:507" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:507" { set +x $as_echo "$at_srcdir/firewall-cmd.at:510: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:510" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:510" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:511: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:511" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:511" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:526: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:526" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11 to::22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:526" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:529: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:529" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:529" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:531: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:531" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:531" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:532: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:532" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:532" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:533: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:533" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:533" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:548: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:548" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:4.4.4.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:548" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:551" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:554: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:554" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:554" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:555: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:555" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:555" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:556: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:556" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:556" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:557: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:557" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:557" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:558: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:558" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:558" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:559: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:559" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:559" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:560" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:561" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT sctp ::/0 ::/0 sctp dpt:66 to:[fd00:dead:beef:ff0::]:66 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:587: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:587" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:587" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:589: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:589" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:589" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:590: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:590" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:590" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:591: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:591" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:591" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:592: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:592" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:592" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:593: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:593" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:593" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:595: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:595" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:595" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:596: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:596" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:596" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:597: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:597" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:597" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:598: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:598" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:598" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:599: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:599" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:599" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:600: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:600" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:600" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:601: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:601" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:601" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:603: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:603" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:603" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:604: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:604" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:604" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:605" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:606: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:606" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:606" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:607" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:608: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:608" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:608" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:609: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:609" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:609" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:615" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:616: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:616" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:616" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:617: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:617" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:617" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:618: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:618" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:618" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:619: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:619" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:619" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:620: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:620" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:620" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:621: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:621" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:621" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "firewall-cmd.at:622" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:622" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_108 #AT_START_109 at_fn_group_banner 109 'firewall-cmd.at:624' \ "ICMP block" " " 8 at_xfail=no ( $as_echo "109. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:624" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:624" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:624" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:624" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:624" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:624" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:624" { set +x $as_echo "$at_srcdir/firewall-cmd.at:627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-icmp-blocks " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-icmp-blocks ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:627" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:629: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:629" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:629" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:630: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:630" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:630" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:631: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:631" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:631" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:632: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:632" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:632" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:633: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:633" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:633" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:634: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:634" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:634" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:635: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:635" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:635" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:636: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:636" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:636" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:637: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:637" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:637" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:638: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:638" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:638" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:640: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:640" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:640" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:641: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:641" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:641" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:642: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:642" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:642" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:643: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:643" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:643" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:644: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:644" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:644" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:645: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:645" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:645" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:646: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:646" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:646" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:647: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:647" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:647" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:649: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:649" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:649" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:650: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:650" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:650" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:651: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:651" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:651" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:652: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:652" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:652" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:653: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:653" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:653" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:654: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:654" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:654" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:657: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:657" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:657" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:658: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:658" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:658" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:659: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:659" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:659" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:660: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:660" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:660" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:662: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:662" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:662" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:663: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:663" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:663" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:664: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:664" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:664" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:665: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:665" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:665" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:666" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:667: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:667" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:667" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_ICMPTYPE:/d'"; then sed -i -e '/ERROR: INVALID_ICMPTYPE:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:668" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:668" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_109 #AT_START_110 at_fn_group_banner 110 'firewall-cmd.at:670' \ "user ICMP types" " " 8 at_xfail=no ( $as_echo "110. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:670" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:670" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:670" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:670" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:670" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:670" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:670" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:670" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:670" { set +x $as_echo "$at_srcdir/firewall-cmd.at:673: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:673" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:673" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:675: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:675" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:675" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:676: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:676" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:676" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:678" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:679" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:680: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:680" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:680" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:681: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:681" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:681" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:682: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:682" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:682" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:683" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:684: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:684" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:684" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:686: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:686" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:686" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:687: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:687" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:687" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:689: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:689" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:689" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/NAME_CONFLICT: new_icmptype():/d'" != x"ignore"; then if test -n "-e '/NAME_CONFLICT: new_icmptype():/d'"; then sed -i -e '/NAME_CONFLICT: new_icmptype():/d' ./firewalld.log fi $as_echo "firewall-cmd.at:691" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:691" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_110 #AT_START_111 at_fn_group_banner 111 'firewall-cmd.at:693' \ "ipset" " " 8 at_xfail=no ( $as_echo "111. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:693" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:693" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:693" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:693" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:693" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:693" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:693" $as_echo "firewall-cmd.at:697" >"$at_check_line_file" (! ipset --help | grep "hash:mac") \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:697" $as_echo "firewall-cmd.at:697" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} ipset create foobar hash:mac >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:697" { set +x $as_echo "$at_srcdir/firewall-cmd.at:697: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} ipset destroy foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:697" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} ipset destroy foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:697" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:699: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:699" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:699" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:700: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:700" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:700" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:701: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:701" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:701" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:703: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:703" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:703" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:704: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep \"1.2.3.4\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:704" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep "1.2.3.4" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:704" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:705: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:705" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/firewall-cmd.at:705" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:706: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:706" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:706" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:707: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:707" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:707" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:710: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:710" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:710" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:711: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:711" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:711" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:712: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources | grep \"ipset:foobar\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:712" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources | grep "ipset:foobar" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:712" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:713: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:713" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:713" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:714: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:714" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:714" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:715: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:715" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:715" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:717: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:717" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:717" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:718: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:718" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:718" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:721: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:721" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:721" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:722: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:722" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:722" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:723: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:723" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:723" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:724" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:724" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:735: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:735" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:735" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:736: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:736" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:736" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:737: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:737" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:737" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:737: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:737" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:737" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:740: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:740" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:740" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:741: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:741" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:741" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:742: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:742" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:742" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:742: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:742" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:742" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:743: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:743" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:743" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:744: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:744" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:744" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:763: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:763" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port Members: 10.10.10.10,sctp:1234 20.20.20.20,tcp:8080 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:763" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:770: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:770" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:770" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:775: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:775" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:775" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:776: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:776" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:776" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:777: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:777" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:777" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:777: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:777" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:777" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:778: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:778" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:778" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:779: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:779" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:779" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,mark Members: 10.10.10.10,0x00000100 20.20.20.20,0x00000200 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:804: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:804" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:804" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:808: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:808" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:808" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:811: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:811" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:811" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:812: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:812" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:812" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:816: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:816" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:816" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port,net Members: 1.2.3.4,tcp:8080,1.6.0.0/16 10.10.10.10,sctp:1234,10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:841: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:841" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:841" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:842: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:842" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:842" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:844: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:844" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:844" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:845: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:845" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:845" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:864: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:864" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net,iface Members: 10.10.10.0/24,foobar0 20.20.20.0/24,raboof0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:864" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:871" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:872: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:872" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:872" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:872: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:872" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:872" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:874: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:874" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:874" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_ENTRY: invalid address/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_ENTRY: invalid address/d'"; then sed -i -e '/ERROR: INVALID_ENTRY: invalid address/d' ./firewalld.log fi $as_echo "firewall-cmd.at:882" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:882" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_111 #AT_START_112 at_fn_group_banner 112 'firewall-cmd.at:884' \ "user helpers" " " 8 at_xfail=no ( $as_echo "112. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:884" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:884" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:884: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:884" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:884" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:884" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:884" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:884" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:884" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:884" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:884" { set +x $as_echo "$at_srcdir/firewall-cmd.at:887: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:887" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 132 $at_status "$at_srcdir/firewall-cmd.at:887" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:888: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:888" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:888" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:890: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:890" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:890" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:891: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:891" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:891" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:892: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:892" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:892" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:893: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:893" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:893" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:894: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:894" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:894" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:896: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:896" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:896" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:898: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:898" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:898" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:901: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:901" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:901" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:903: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:903" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:903" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:904: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:904" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:904" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:908" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:909: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:909" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:909" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_MODULE:/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_MODULE:/d'"; then sed -i -e '/ERROR: INVALID_MODULE:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:910" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:910" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_112 #AT_START_113 at_fn_group_banner 113 'firewall-cmd.at:912' \ "direct" " " 8 at_xfail=no ( $as_echo "113. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:912" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:912" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:912: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:912" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:912" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:912" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:912" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:912" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:912" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:912" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:912" { set +x $as_echo "$at_srcdir/firewall-cmd.at:915: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:915" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:915" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:916: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:916" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:916" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:917: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-chains | grep \"ipv4 filter mychain\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:917" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-chains | grep "ipv4 filter mychain" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:917" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:918: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:918" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:918" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:919: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:919" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:919" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:920: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:920" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:920" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:922: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:922" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:922" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:923: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:923" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:923" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:924: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 filter mychain 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:924" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 filter mychain 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:924" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:925: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:925" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:925" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:926: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:926" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:926" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:927: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:927" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:927" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:928: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:928" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:928" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:929: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:929" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:929" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:931: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:931" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:931" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:932: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:932" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:932" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:933: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:933" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:933" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:934: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:934" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:934" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:935: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -s 192.168.1.1 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:935" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -s 192.168.1.1 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:935" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:936: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"4 -s 192.168.1.2 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:936" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "4 -s 192.168.1.2 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:936" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:937: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"5 -s 192.168.1.3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:937" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "5 -s 192.168.1.3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:937" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:938: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"6 -s 192.168.1.4 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:938" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "6 -s 192.168.1.4 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:938" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:939: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:939" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:939" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:940: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:940" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:940" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:941: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:941" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:941" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:943: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:943" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:943" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:945: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:945" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:945" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:946" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:947" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:948: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:948" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:948" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:949: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:949" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:949" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:952: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:952" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:952" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:953" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:956: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --zone=home --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:956" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --zone=home --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:956" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:957" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:960" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:961: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep \"žluťoučký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:961" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep "žluťoučký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:961" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep \"ipv4 filter žluťoučký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep "ipv4 filter žluťoučký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:964: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:964" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:964" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:965: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:965" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluťoučký | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:965" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:966: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 filter žluťoučký 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:966" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 filter žluťoučký 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:966" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:968: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:968" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:968" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:969: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:969" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluťoučký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:969" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:970: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:970" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:970" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:971: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:971" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluťoučký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:971" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:974" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:977: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:977" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:977" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:978: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:978" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:978" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:980: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:980" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:980" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d'"; then sed -i -e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d' ./firewalld.log fi $as_echo "firewall-cmd.at:982" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:982" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_113 #AT_START_114 at_fn_group_banner 114 'firewall-cmd.at:985' \ "direct nat" " " 8 at_xfail=no ( $as_echo "114. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:985" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:985" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:985: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:985" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:985" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:985" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:985" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:985" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:985" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:985" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:985" { set +x $as_echo "$at_srcdir/firewall-cmd.at:992: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:992" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:992" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:993: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:993" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:993" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:994: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:994" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:994" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:995: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:995" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:995" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:996: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:996" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:996" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:997: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:997" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:997" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:998: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:998" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:998" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:999: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:999" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:999" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1000: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules |grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1000" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules |grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1000" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1001: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1001" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1001" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1002: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1002" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1002" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1003: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1003" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1003" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1004: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1004" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1004" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1007" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1007" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_114 #AT_START_115 at_fn_group_banner 115 'firewall-cmd.at:1009' \ "direct passthrough" " " 8 at_xfail=no ( $as_echo "115. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1009" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1009" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1009" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1009" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1009" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1009" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1009" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1012: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1012" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1013: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1013" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1013" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1015: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1015" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1015" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1016" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1018: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1018" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1019: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1019" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1020: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1020" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1020" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1021: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1021" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1021" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1023" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1031: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1031" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1031" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1032: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1032" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1032" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1034: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1034" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1034" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1036: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1036" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1036" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1037: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1037" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1037" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1038: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1038" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1038" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1039: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep \"\\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1039" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep "\-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1039" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1040: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep \"ipv4 \\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1040" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep "ipv4 \-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1040" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1041" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1042: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1042" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1042" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/WARNING: NOT_ENABLED: passthrough/d'" != x"ignore"; then if test -n "-e '/WARNING: NOT_ENABLED: passthrough/d'"; then sed -i -e '/WARNING: NOT_ENABLED: passthrough/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1044" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1044" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_115 #AT_START_116 at_fn_group_banner 116 'firewall-cmd.at:1046' \ "direct ebtables" " " 8 at_xfail=no ( $as_echo "116. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1046" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1046" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1046: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1046" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1046" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1046" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1046" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1046" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1046" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1046" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1046" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1049: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1049" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1049" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1050: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1050" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1050" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1051: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1051" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1051" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1052: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1052" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1052" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1053: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1053" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1053" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1058: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1058" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1058" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1059" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1064: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1064" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1064" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1065: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1065" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1065" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1066: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L INPUT_direct; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1066" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L INPUT_direct; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1066" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1078: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1078" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1078" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1079: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1079" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1079" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1081: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1081" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1081" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1082: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1082" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1082" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1084: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1084" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1084" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1084: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1084" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1084" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1085: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1085" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1085" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1089" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1089" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_116 #AT_START_117 at_fn_group_banner 117 'firewall-cmd.at:1091' \ "lockdown" " " 8 at_xfail=no ( $as_echo "117. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1091" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1091" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1091" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1091" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1091" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1091" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1091" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1094: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1094" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1094" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1095: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1095" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1095" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1096: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1096" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1096" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1098: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1098" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1099: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1099" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1099" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1123" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1130" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1131" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1138" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1140" >"$at_check_line_file" (test `whoami` != 'root') \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1140" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1144: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1144" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1145" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1146" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1146" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_117 #AT_START_118 at_fn_group_banner 118 'firewall-cmd.at:1158' \ "rich rules good" " " 8 at_xfail=no ( $as_echo "118. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1158" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1158" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1158: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1158" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1158" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1158" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1158" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1158" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1158" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1158" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1158" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1180" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1181" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1185" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1186" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1186" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_118 #AT_START_119 at_fn_group_banner 119 'firewall-cmd.at:1187' \ "rich rules audit" " " 8 at_xfail=no ( $as_echo "119. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1187" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1187" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1187" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1187" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1187" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1187" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1187" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "firewall-cmd.at:1192" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1192" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_119 #AT_START_120 at_fn_group_banner 120 'firewall-cmd.at:1195' \ "rich rules priority" " " 8 at_xfail=no ( $as_echo "120. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1195" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1195" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1195" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1195" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1195" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1195" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1195" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1225: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1225" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_public_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_public_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1225" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_public_pre all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1233" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_public_pre all ::/0 ::/0 IN_public_log all ::/0 ::/0 IN_public_deny all ::/0 ::/0 IN_public_allow all ::/0 ::/0 IN_public_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1241" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWDI_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWDI_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_public_pre all ::/0 ::/0 FWDI_public_log all ::/0 ::/0 FWDI_public_deny all ::/0 ::/0 FWDI_public_allow all ::/0 ::/0 FWDI_public_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1249" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1263" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"1122\" protocol=\"tcp\" audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1264" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1265: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"2222\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1265" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="2222" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1265" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"3333\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="3333" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"4444\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1301" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1307" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1311: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1311" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP tcp ::/0 ::/0 tcp dpt:2222 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1311" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1314" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1321" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1321" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1324" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1325" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1328: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1328" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1328" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1328: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1328" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1328" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1332: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1332" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1332" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1347: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1347" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1347" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1348" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1349: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1349" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1349" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1350: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1350" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1350" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1351: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1351" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1351" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1352: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1352" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1352" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix=\"foobar: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix="foobar: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.10.0.0/16\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 source address=\"10.1.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.1.0.0/16\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"222\" protocol=\"tcp\" to-port=\"22\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"2222\" protocol=\"tcp\" to-port=\"22\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1366" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8888\" protocol=\"tcp\" to-port=\"80\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8080\" protocol=\"tcp\" to-port=\"80\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1368" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=0 forward-port port=\"9090\" protocol=\"tcp\" to-port=\"90\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"999\" protocol=\"tcp\" to-port=\"99\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"9999\" protocol=\"tcp\" to-port=\"9999\" to-addr=\"1234::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1369" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1496: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1496" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all -- 10.1.0.0/16 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1496" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1499" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1502" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1504: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1504" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1504" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDO_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDO_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.1.1.0/24 0.0.0.0/0 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1506" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1509: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDO_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1509" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDO_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.10.0.0/16 0.0.0.0/0 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1509" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1512: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1512" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to::80 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:10.1.1.1:80 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1512" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1516: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1516" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 to::22 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.1.1.1:22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1516" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 10.1.1.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1520" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 10.10.0.0/16 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1526: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1526" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1526" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1528: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1528" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1528" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1530: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1530" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1530" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1532: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1532" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1532" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1536: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWDI_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1536" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWDI_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1536" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1538: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWDI_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1538" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWDI_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1538" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1540: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1540" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp ::/0 ::/0 tcp dpt:999 to::99 DNAT tcp ::/0 ::/0 tcp dpt:9999 to:[1234::4321]:9999 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1540" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1544: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1544" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp ::/0 ::/0 tcp dpt:9090 to::90 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1544" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1547" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1549: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1549" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1549" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1551" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1551" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1554: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1554" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1554" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1555: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1555" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1555" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1557: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1557" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1557" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1558: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1558" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1558" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1613: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1613" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1613" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1617: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1617" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1617" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1620: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1620" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1620" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1624: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1624" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1624" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1628: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1628" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1628" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1631: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1631" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1631" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1634: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1634" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1634" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1638: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1638" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1638" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1641: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1641" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1641" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1646: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWDI_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1646" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWDI_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1646" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1650: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWDI_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1650" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWDI_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1650" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1653: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWDI_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1653" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWDI_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1653" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1659: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1659" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1659" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1660: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1660" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1660" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port=\"1111\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1662: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1662" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1662" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1663: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1663" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1663" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1664: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1664" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1664" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1665: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-32768 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1665" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1665" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-2 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1666" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1667: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.0.0.0/8\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1667" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1667" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1668: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-5 source address=\"10.10.10.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1668" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1668" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1669: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1669" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1669" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1670: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1670" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1670" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1671: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name=\"imap\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1671" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name="imap" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1671" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1672: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix=\"DROPPED: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1672" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix="DROPPED: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1672" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1673: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1673" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1673" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1674: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1674" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1674" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1675: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1675" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1675" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1676: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1676" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1676" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1678" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1679" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1680: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1680" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1680" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1681: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1681" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1681" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1682: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1682" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1682" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1727: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1727" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED ACCEPT all -- 10.10.10.0/24 0.0.0.0/0 LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 10.0.0.0/8 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1727" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1735: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1735" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1735" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1738: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1738" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1738" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1740: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1740" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1740" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1742: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1742" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"'DROPPED: '\" DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1742" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1750: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1750" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1750" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1754: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1754" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1754" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1758: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1758" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1758" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1760: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1760" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1760" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1762: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1762" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"'DROPPED: '\" DROP all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1762" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1770: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1770" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1770" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1775: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1775" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1775" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1776: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1776" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority=\"-32768\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-100\" port port=\"1111\" protocol=\"tcp\" log rule priority=\"-10\" port port=\"1111\" protocol=\"tcp\" drop rule priority=\"-5\" family=\"ipv4\" source address=\"10.10.10.0/24\" accept rule priority=\"-2\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-1\" family=\"ipv4\" source address=\"10.0.0.0/8\" drop rule service name=\"http\" accept rule priority=\"1\" service name=\"http\" accept rule priority=\"10\" service name=\"ssh\" accept rule priority=\"100\" service name=\"https\" accept rule priority=\"125\" service name=\"imap\" accept rule priority=\"126\" log prefix=\"DROPPED: \" rule priority=\"127\" drop " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1776" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1805" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1805" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_120 #AT_START_121 at_fn_group_banner 121 'firewall-cmd.at:1810' \ "rich rules bad" " " 8 at_xfail=no ( $as_echo "121. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1810" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1810" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1810" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1810" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1810" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1810" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1810" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1820: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1820" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1820" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1820: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1820" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1820" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1821" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1821" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1822: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1822" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1822" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1822: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1822" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1822" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1823: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1823" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1823" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1823: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1823" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1823" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1825: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1825" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1825" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1825: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1825" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1825" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1827: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1827" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1827" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1827: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1827" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1827" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1828: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1828" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1828" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1828: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1828" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1828" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1829: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1829" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1829" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1829: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1829" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1829" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1830" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1831" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1836: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1836" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1836" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1836: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1836" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1836" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1839: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1839" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1839" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1839: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1839" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1839" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d'"; then sed -i -e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d' ./firewalld.log fi $as_echo "firewall-cmd.at:1841" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1841" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_121 #AT_START_122 at_fn_group_banner 122 'firewall-cmd.at:1846' \ "config validation" " " 8 at_xfail=no ( $as_echo "122. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1846" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1846" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1846: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1846" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1846" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1846" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1846" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1846" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1846" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1846" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1846" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1850: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1850" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1850" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1855: cp ./firewalld.conf ./firewalld.conf.orig" at_fn_check_prepare_trace "firewall-cmd.at:1855" ( $at_check_trace; cp ./firewalld.conf ./firewalld.conf.orig ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1855" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1856: echo \"SomeBogusField=yes\" >> ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1856" ( $at_check_trace; echo "SomeBogusField=yes" >> ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1856" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1857: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1857" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1857" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1862: cp ./firewalld.conf.orig ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1862" ( $at_check_trace; cp ./firewalld.conf.orig ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1862" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1871" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1879: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1879" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1879" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1880: rm ./direct.xml" at_fn_check_prepare_trace "firewall-cmd.at:1880" ( $at_check_trace; rm ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1880" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1889" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1897: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1897" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1897" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: rm ./lockdown-whitelist.xml" at_fn_check_prepare_trace "firewall-cmd.at:1906" ( $at_check_trace; rm ./lockdown-whitelist.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1909: mkdir -p ./ipsets" at_fn_check_prepare_trace "firewall-cmd.at:1909" ( $at_check_trace; mkdir -p ./ipsets ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1909" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90 _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1916: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1916" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1916" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90:ab _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1928: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1928" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1928" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1935: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1935" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 119 $at_status "$at_srcdir/firewall-cmd.at:1935" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1936: rm ./ipsets/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1936" ( $at_check_trace; rm ./ipsets/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1936" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1939: mkdir -p ./helpers" at_fn_check_prepare_trace "firewall-cmd.at:1939" ( $at_check_trace; mkdir -p ./helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1939" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1945: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1945" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1945" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1952: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1952" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1952" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: rm ./helpers/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1963" ( $at_check_trace; rm ./helpers/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: mkdir -p ./icmptypes" at_fn_check_prepare_trace "firewall-cmd.at:1966" ( $at_check_trace; mkdir -p ./icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1973" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:1981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1982: rm ./icmptypes/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:1982" ( $at_check_trace; rm ./icmptypes/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1982" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1985: mkdir -p ./services" at_fn_check_prepare_trace "firewall-cmd.at:1985" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1985" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1992: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1992" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:1992" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2000: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2000" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2000" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2008: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2008" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2008" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2016" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2024: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2024" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2024" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2032: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2032" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2032" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2041" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2049: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2049" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2049" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2050: rm ./services/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2050" ( $at_check_trace; rm ./services/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2050" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2053: mkdir -p ./zones" at_fn_check_prepare_trace "firewall-cmd.at:2053" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2053" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2057: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2057" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/firewall-cmd.at:2057" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2065: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2065" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:2065" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2073: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2073" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2073" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2081: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2081" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2081" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2089: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2089" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2089" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2097" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2105" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2113" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2121" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2129" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2137" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2145" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2160: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2160" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2160" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2173" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2188: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2188" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2188" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2203" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2205" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2221: rm ./zones/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2221" ( $at_check_trace; rm ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2221" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR:/d' -e '/WARNING:/d'" != x"ignore"; then if test -n "-e '/ERROR:/d' -e '/WARNING:/d'"; then sed -i -e '/ERROR:/d' -e '/WARNING:/d' ./firewalld.log fi $as_echo "firewall-cmd.at:2223" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:2223" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_122 #AT_START_123 at_fn_group_banner 123 'rhbz1514043.at:1' \ "--set-log-denied does not zero config" " " 9 at_xfail=no ( $as_echo "123. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1514043.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" { set +x $as_echo "$at_srcdir/rhbz1514043.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: dhcpv6-client samba ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:53" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1514043.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:64" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1514043.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:74" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1514043.at:87" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:87" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_123 #AT_START_124 at_fn_group_banner 124 'rhbz1498923.at:1' \ "invalid direct rule causes reload error" " " 9 at_xfail=no ( $as_echo "124. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1498923.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" { set +x $as_echo "$at_srcdir/rhbz1498923.at:5: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:5" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "no zone " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 2 $at_status "$at_srcdir/rhbz1498923.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:17: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:17" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1498923.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "failed " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:45" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/.*a-bogus-flag.*/d'" != x"ignore"; then if test -n "-e '/.*a-bogus-flag.*/d'"; then sed -i -e '/.*a-bogus-flag.*/d' ./firewalld.log fi $as_echo "rhbz1498923.at:46" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:46" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_124 #AT_START_125 at_fn_group_banner 125 'pr181.at:1' \ "combined zones name length check" " " 9 at_xfail=no ( $as_echo "125. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr181.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr181.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:1" { set +x $as_echo "$at_srcdir/pr181.at:4: mkdir -p ./zones/foobar" at_fn_check_prepare_trace "pr181.at:4" ( $at_check_trace; mkdir -p ./zones/foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:6: echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:6" ( $at_check_trace; echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:7: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:7" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:8: echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:8" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:9: echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:9" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:10: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:10" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:11: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:11" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:13: echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:13" ( $at_check_trace; echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:14: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:14" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:15: echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:15" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:16: echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:16" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:17: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:17" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:18: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:18" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: http ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:21" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "pr181.at:24" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_125 #AT_START_126 at_fn_group_banner 126 'gh287.at:1' \ "ICMP block inversion" " " 9 at_xfail=no ( $as_echo "126. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh287.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh287.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:1" { set +x $as_echo "$at_srcdir/gh287.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "gh287.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:5: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:5" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:6: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:6" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:7: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:7" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:8: echo 'foobar desc' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:8" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:9: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:9" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:10: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:10" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:11: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:11" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:12: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:12" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh287.at:15" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:15" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_126 #AT_START_127 at_fn_group_banner 127 'individual_calls.at:1' \ "individual calls" " " 9 at_xfail=no ( $as_echo "127. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/individual_calls.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "individual_calls.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" { set +x $as_echo "$at_srcdir/individual_calls.at:4: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:4" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "individual_calls.at:7" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:7" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_127 #AT_START_128 at_fn_group_banner 128 'rhbz1534571.at:3' \ "rule deduplication" " " 9 at_xfail=no ( $as_echo "128. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1534571.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" { set +x $as_echo "$at_srcdir/rhbz1534571.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1534571.at:17" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_128 #AT_START_129 at_fn_group_banner 129 'gh290.at:1' \ "invalid syntax in xml files" " " 9 at_xfail=no ( $as_echo "129. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh290.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:1" { set +x $as_echo "$at_srcdir/gh290.at:5: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:5" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:6: echo '' > ./direct.xml" at_fn_check_prepare_trace "gh290.at:6" ( $at_check_trace; echo '' > ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:7: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:7" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:8: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:8" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:9: echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:9" ( $at_check_trace; echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:11: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:11" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:14: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:14" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:15: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:15" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:16: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:16" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:17: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:17" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:19: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:20: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:20" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:21: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:21" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:21" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:23" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:23" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:23" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:23" { set +x $as_echo "$at_srcdir/gh290.at:24: grep \"ERROR:.*mismatched tag\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:24" ( $at_check_trace; grep "ERROR:.*mismatched tag" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:25: grep \"ERROR:.*Missing attribute protocol for port\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:25" ( $at_check_trace; grep "ERROR:.*Missing attribute protocol for port" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:25" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR:.*mismatched tag.*/d' -e '/ERROR:.*Missing attribute protocol for port.*/d'" != x"ignore"; then if test -n "-e '/ERROR:.*mismatched tag.*/d' -e '/ERROR:.*Missing attribute protocol for port.*/d'"; then sed -i -e '/ERROR:.*mismatched tag.*/d' -e '/ERROR:.*Missing attribute protocol for port.*/d' ./firewalld.log fi $as_echo "gh290.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_129 #AT_START_130 at_fn_group_banner 130 'icmp_block_in_forward_chain.at:1' \ "ICMP block present FORWARD chain" " " 9 at_xfail=no ( $as_echo "130. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWDI_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWDI_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "icmp_block_in_forward_chain.at:28" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_130 #AT_START_131 at_fn_group_banner 131 'pr323.at:1' \ "GRE proto helper" " " 9 at_xfail=no ( $as_echo "131. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr323.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr323.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:1" $as_echo "pr323.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} modinfo nf_conntrack_proto_gre ) \ && at_fn_check_skip 77 "$at_srcdir/pr323.at:4" { set +x $as_echo "$at_srcdir/pr323.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:10: lsmod | grep nf_conntrack_proto_gre" at_fn_check_prepare_notrace 'a shell pipeline' "pr323.at:10" ( $at_check_trace; lsmod | grep nf_conntrack_proto_gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "pr323.at:12" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_131 #AT_START_132 at_fn_group_banner 132 'rhbz1506742.at:1' \ "ipset with timeout" " " 9 at_xfail=no ( $as_echo "132. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1506742.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" { set +x $as_echo "$at_srcdir/rhbz1506742.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:11" $at_failed && at_fn_log_failure $at_traceon; } cat >foobar_entries.txt <<'_ATEOF' 1.2.3.4 10.0.1.1 _ATEOF { set +x $as_echo "$at_srcdir/rhbz1506742.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d'" != x"ignore"; then if test -n "-e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d'"; then sed -i -e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d' ./firewalld.log fi $as_echo "rhbz1506742.at:21" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:21" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_132 #AT_START_133 at_fn_group_banner 133 'rhbz1594657.at:1' \ "no log untracked passthrough queries" " " 9 at_xfail=no ( $as_echo "133. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1594657.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" { set +x $as_echo "$at_srcdir/rhbz1594657.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:9" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1594657.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:11" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1594657.at:16" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_133 #AT_START_134 at_fn_group_banner 134 'rhbz1571957.at:1' \ "set-log-denied w/ ICMP block inversion" " " 9 at_xfail=no ( $as_echo "134. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1571957.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" { set +x $as_echo "$at_srcdir/rhbz1571957.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:7: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:7" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1571957.at:12" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_134 #AT_START_135 at_fn_group_banner 135 'rhbz1404076.at:1' \ "query single port added with range" " " 9 at_xfail=no ( $as_echo "135. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1404076.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" { set +x $as_echo "$at_srcdir/rhbz1404076.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1404076.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_135 #AT_START_136 at_fn_group_banner 136 'gh366.at:1' \ "service destination multiple IP versions" " " 9 at_xfail=no ( $as_echo "136. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh366.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh366.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:1" { set +x $as_echo "$at_srcdir/gh366.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:26" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh366.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:26" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh366.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule=\"rule service name=\"mdns\" accept\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule="rule service name="mdns" accept" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:30" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh366.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:30" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh366.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family=\"ipv4\" destination address=\"10.10.10.0/24\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family="ipv4" destination address="10.10.10.0/24" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 122 $at_status "$at_srcdir/gh366.at:33" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_RULE: Destination conflict with service/d'"; then sed -i -e '/ERROR: INVALID_RULE: Destination conflict with service/d' ./firewalld.log fi $as_echo "gh366.at:36" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:36" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_136 #AT_START_137 at_fn_group_banner 137 'rhbz1601610.at:1' \ "ipset duplicate entries" " " 9 at_xfail=no ( $as_echo "137. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1601610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" { set +x $as_echo "$at_srcdir/rhbz1601610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1601610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.2.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.2.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.1.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.1.0.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.1.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:57" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:83: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:83" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:94" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d'" != x"ignore"; then if test -n "-e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d'"; then sed -i -e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d' ./firewalld.log fi $as_echo "rhbz1601610.at:102" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:102" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_137 #AT_START_138 at_fn_group_banner 138 'gh303.at:1' \ "unicode in XML" " " 9 at_xfail=no ( $as_echo "138. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh303.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:1" { set +x $as_echo "$at_srcdir/gh303.at:4: mkdir -p ./services" at_fn_check_prepare_trace "gh303.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:5: cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Ё ώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE " at_fn_check_prepare_notrace 'an embedded newline' "gh303.at:5" ( $at_check_trace; cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Ё ώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:5" $at_failed && at_fn_log_failure $at_traceon; } LC_ALL="C" export LC_ALL pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:17" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:17" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:17" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:17" { set +x $as_echo "$at_srcdir/gh303.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh303.at:22" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:22" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_138 #AT_START_139 at_fn_group_banner 139 'gh335.at:1' \ "forward-port toaddr enables IP forwarding" " " 9 at_xfail=no ( $as_echo "139. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh335.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh335.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:1" { set +x $as_echo "$at_srcdir/gh335.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:4" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr=\"1234:5678::4321\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:26" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:27" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"10.10.10.10\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"1234:5678::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:49" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:50" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:60" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'"; then sed -i -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' ./firewalld.log fi $as_echo "gh335.at:68" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:68" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_139 #AT_START_140 at_fn_group_banner 140 'gh482.at:1' \ "remove forward-port after reload" " " 9 at_xfail=no ( $as_echo "140. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh482.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh482.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:1" { set +x $as_echo "$at_srcdir/gh482.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh482.at:17" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_140 #AT_START_141 at_fn_group_banner 141 'gh478.at:1' \ "rich rule marks every packet" " " 9 at_xfail=no ( $as_echo "141. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh478.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh478.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:1" { set +x $as_echo "$at_srcdir/gh478.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh478.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:17" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh478.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh478.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa MARK icmp ::/0 ::/0 MARK set 0xb MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:22" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh478.at:28" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_141 #AT_START_142 at_fn_group_banner 142 'gh258.at:1' \ "zone dispatch layout" " " 9 at_xfail=no ( $as_echo "142. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh258.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh258.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:1" { set +x $as_echo "$at_srcdir/gh258.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source=\"1.2.3.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source="1.2.3.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:4" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=\"dead:beef::/54\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source="dead:beef::/54" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh258.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:11: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:11" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:12" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : fi { set +x $as_echo "$at_srcdir/gh258.at:191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:199" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:205" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:214: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_IN_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:214" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_IN_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] FWDI_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:214" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDO_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] FWDO_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:220" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:226: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:226" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:226" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:260" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:267" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_public all dead:beef::/54 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:275" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:281" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_IN_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_IN_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_public all dead:beef::/54 ::/0 [goto] FWDI_trusted all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:291" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDO_public all ::/0 dead:beef::/54 [goto] FWDO_trusted all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:297" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:303: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:303" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:303" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:310" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:316" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:320" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:326" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:330: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:330" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:330" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:336" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_public all ::/0 dead:beef::/54 [goto] POST_trusted all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:340" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh258.at:353: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:353" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:353" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:354" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : fi { set +x $as_echo "$at_srcdir/gh258.at:596: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:596" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:596" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:605" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:608: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:608" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:608" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:613: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:613" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:613" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:624: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_IN_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:624" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_IN_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:624" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_IN_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_IN_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:627" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:632: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_OUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:632" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_OUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDO_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:632" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:635: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:635" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDO_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:635" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:640: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:640" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:640" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:645: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:645" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:645" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:648: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:648" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:648" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:653: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:653" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:653" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:658: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:658" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:658" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:666" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:671: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:671" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:671" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:674: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:674" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:674" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:679" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:684: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:684" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:684" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:687: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:687" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:687" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:693: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:693" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES_SOURCE all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:693" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:702: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:702" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_public all dead:beef::/54 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:702" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:705: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:705" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_trusted all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:705" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:710: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:710" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES_SOURCE all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES_SOURCE all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:710" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:722: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_IN_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:722" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_IN_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_public all dead:beef::/54 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:722" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:725: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_IN_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:725" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_IN_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDI_trusted all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:725" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:730: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_OUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:730" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_OUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDO_public all ::/0 dead:beef::/54 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:730" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_OUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWDO_trusted all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:733" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:738: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:738" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES_SOURCE all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:738" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:746: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:746" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:746" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:749: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:749" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:749" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:754: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:754" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES_SOURCE all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:754" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:759: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:759" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:759" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:762: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:762" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:762" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:767: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:767" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES_SOURCE all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:767" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:772" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:775: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:775" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:775" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:780: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:780" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES_SOURCE all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:780" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:785: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:785" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_public all ::/0 dead:beef::/54 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:785" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:788: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:788" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_trusted all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:788" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'" != x"ignore"; then if test -n "-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'"; then sed -i -e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d' ./firewalld.log fi $as_echo "gh258.at:794" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:794" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_142 #AT_START_143 at_fn_group_banner 143 'rhbz1715977.at:1' \ "rich rule src/dst with service destination" " " 9 at_xfail=no ( $as_echo "143. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1715977.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" { set +x $as_echo "$at_srcdir/rhbz1715977.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:21" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1715977.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:28" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.111.222/32\" source address=\"10.10.10.0/24\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:52" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1715977.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:60" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name=\"ssdp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:85" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1715977.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:94" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_RULE: Destination conflict with service/d'"; then sed -i -e '/ERROR: INVALID_RULE: Destination conflict with service/d' ./firewalld.log fi $as_echo "rhbz1715977.at:106" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:106" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_143 #AT_START_144 at_fn_group_banner 144 'rhbz1723610.at:1' \ "direct remove-rules per family" " " 9 at_xfail=no ( $as_echo "144. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1723610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" { set +x $as_echo "$at_srcdir/rhbz1723610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:29" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1723610.at:31" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:31" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_144 #AT_START_145 at_fn_group_banner 145 'rhbz1734765.at:1' \ "zone sources ordered by name" " " 9 at_xfail=no ( $as_echo "145. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1734765.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" { set +x $as_echo "$at_srcdir/rhbz1734765.at:7: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:7" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"10.1.1.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"10.1.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"10.2.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"10.1.1.1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="10.1.1.1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"10.2.2.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"10.0.0.0/8\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:31" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"1234:5678::1:1:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"1234:5678::1:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"1234:5678::2:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"1234:5678::2:2:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"1234:5678::0:0:0/80\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"1234:5678::1:1:1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:32" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"10.10.10.10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="10.10.10.10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"20.20.20.20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="20.20.20.20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"1234:5678::10:10:10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="1234:5678::10:10:10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"1234:5678::20:20:20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="1234:5678::20:20:20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:65" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:139" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] IN_foobar_05 all 1234:5678::/80 ::/0 [goto] IN_public all 1234:5678::20:20:20 ::/0 [goto] IN_foobar_010 all ::/0 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_internal all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:154" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:169" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:184: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:184" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] POST_foobar_05 all ::/0 1234:5678::/80 [goto] POST_public all ::/0 1234:5678::20:20:20 [goto] POST_foobar_010 all ::/0 ::/0 [goto] POST_trusted all ::/0 ::/0 [goto] POST_internal all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:184" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:207: sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:207" ( $at_check_trace; sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:207" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:208" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:208" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"10.10.10.10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="10.10.10.10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:210" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"20.20.20.20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="20.20.20.20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:211" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"1234:5678::10:10:10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="1234:5678::10:10:10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"1234:5678::20:20:20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="1234:5678::20:20:20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:212" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:304" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:315: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:315" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:315" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] IN_foobar_05 all 1234:5678::/80 ::/0 [goto] IN_public all 1234:5678::20:20:20 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:321" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:332: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:332" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_010 all ::/0 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_internal all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:332" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:349: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:349" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:349" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES_SOURCE; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] POST_foobar_05 all ::/0 1234:5678::/80 [goto] POST_public all ::/0 1234:5678::20:20:20 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:355" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_010 all ::/0 ::/0 [goto] POST_trusted all ::/0 ::/0 [goto] POST_internal all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:366" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'" != x"ignore"; then if test -n "-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d'"; then sed -i -e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d' ./firewalld.log fi $as_echo "rhbz1734765.at:373" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:373" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_145 #AT_START_146 at_fn_group_banner 146 'gh509.at:1' \ "missing firewalld.conf file" " " 9 at_xfail=no ( $as_echo "146. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh509.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh509.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh509.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh509.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh509.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh509.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : $as_echo "gh509.at:7" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/gh509.at:7" fi { set +x $as_echo "$at_srcdir/gh509.at:9: if ! rm ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh509.at:9" ( $at_check_trace; if ! rm ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:9" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh509.at:10" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:10" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh509.at:10" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:10" if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d'" != x"ignore"; then if test -n "-e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d'"; then sed -i -e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d' ./firewalld.log fi $as_echo "gh509.at:12" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_146 #AT_START_147 at_fn_group_banner 147 'gh567.at:1' \ "rich rule source w/ mark action" " " 9 at_xfail=no ( $as_echo "147. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh567.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh567.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:1" { set +x $as_echo "$at_srcdir/gh567.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule \"rule family=ipv4 source ipset=Teste mark set=2\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule "rule family=ipv4 source ipset=Teste mark set=2" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:6" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh567.at:8" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:8" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_147 #AT_START_148 at_fn_group_banner 148 'rhbz1779835.at:1' \ "ipv6 address with brackets" " " 9 at_xfail=no ( $as_echo "148. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1779835.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" { set +x $as_echo "$at_srcdir/rhbz1779835.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rhbz1779835.at:26" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_148 #AT_START_149 at_fn_group_banner 149 'gh330.at:1' \ "ipset cleanup on reload/stop" " " 9 at_xfail=no ( $as_echo "149. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh330.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:1" { set +x $as_echo "$at_srcdir/gh330.at:4: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:4" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh330.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:29: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:29" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 6.6.6.6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:115: sed -i 's/^CleanUpOnExit.*/CleanUpOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:115" ( $at_check_trace; sed -i 's/^CleanUpOnExit.*/CleanUpOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:117" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:118" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:118" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:118" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:118" { set +x $as_echo "$at_srcdir/gh330.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:119" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } { set +x $as_echo "$at_srcdir/gh330.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ipset list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ipset list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:122" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:136" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:136" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:136" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:136" if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "gh330.at:138" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:138" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_149 #AT_START_150 at_fn_group_banner 150 'python.at:3' \ "firewalld_test.py" " " 10 at_xfail=no ( $as_echo "150. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:3" { set +x $as_echo "$at_srcdir/python.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_test.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_test.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:5" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:6" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:6" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_150 #AT_START_151 at_fn_group_banner 151 'python.at:8' \ "firewalld_config.py" " " 10 at_xfail=no ( $as_echo "151. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:8: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:8: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:8: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:8" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:8" { set +x $as_echo "$at_srcdir/python.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_config.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_config.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:11" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:11" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_151 #AT_START_152 at_fn_group_banner 152 'python.at:13' \ "firewalld_rich.py" " " 10 at_xfail=no ( $as_echo "152. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:13: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:13: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:13: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:13" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:13" { set +x $as_echo "$at_srcdir/python.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_rich.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_rich.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:16" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_152 #AT_START_153 at_fn_group_banner 153 'python.at:18' \ "firewalld_direct.py" " " 10 at_xfail=no ( $as_echo "153. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:18: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:18" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:18" { set +x $as_echo "$at_srcdir/python.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \${srcdir}/python/firewalld_direct.py " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON ${srcdir}/python/firewalld_direct.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"ignore" != x"ignore"; then if test -n "ignore"; then sed -i ignore ./firewalld.log fi $as_echo "python.at:21" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/python.at:21" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_153 #AT_START_154 at_fn_group_banner 154 'rfc3964_ipv4.at:1' \ "RFC3964_IPv4" " " 11 at_xfail=no ( $as_echo "154. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:4: sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:4" ( $at_check_trace; sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:5: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:5" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:e000::/19 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:a9fe::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:c0a8::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:ac10::/28 reject-with icmp6-addr-unreachable LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:7f00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:a00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002::/24 reject-with icmp6-addr-unreachable LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 ::ffff:0.0.0.0/96 reject-with icmp6-addr-unreachable LOG all ::/0 ::/96 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 ::/96 reject-with icmp6-addr-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:32" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:52" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:64" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:70: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:70" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:71" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rfc3964_ipv4.at:96" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:97" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:108" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "rfc3964_ipv4.at:113" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:113" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_154 #AT_START_155 at_fn_group_banner 155 'service_include.at:1' \ "service include" " " 11 at_xfail=no ( $as_echo "155. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service_include.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service_include.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:1" { set +x $as_echo "$at_srcdir/service_include.at:4: mkdir -p ./services" at_fn_check_prepare_trace "service_include.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:5: cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:5" ( $at_check_trace; cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:17: cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:17" ( $at_check_trace; cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=drop --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=drop --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_drop_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_drop_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:49" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/service_include.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_drop_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_drop_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp ::/0 ff02::c udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:12345 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:54" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/service_include.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:64: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:64" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:67: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:67" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:81" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" "service_include.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" "service_include.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:96: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:96" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" "service_include.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:98: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:98" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:99: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:99" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" "service_include.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; }" at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=drop --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=drop --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dhcpv6-client ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:126" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"-e '/ERROR: INVALID_SERVICE: does-not-exist/d'" != x"ignore"; then if test -n "-e '/ERROR: INVALID_SERVICE: does-not-exist/d'"; then sed -i -e '/ERROR: INVALID_SERVICE: does-not-exist/d' ./firewalld.log fi $as_echo "service_include.at:128" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:128" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_155 #AT_START_156 at_fn_group_banner 156 'helpers_custom.at:1' \ "customer helpers" " " 11 at_xfail=no ( $as_echo "156. $at_setup_line: testing $at_desc ..." $at_traceon if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/helpers_custom.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "helpers_custom.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" { set +x $as_echo "$at_srcdir/helpers_custom.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-service=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-service="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:48" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:52" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:55" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/helpers_custom.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/helpers_custom.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:102" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:106" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:109" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/helpers_custom.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"21/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="21/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:140" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:145" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:149" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : else : sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log fi if test x"" != x"ignore"; then if test -n ""; then sed -i ./firewalld.log fi $as_echo "helpers_custom.at:156" >"$at_check_line_file" (grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log) \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:156" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_156 firewalld-0.8.2/src/tests/Makefile.am0000664007115300711530000001022113641106155020637 0ustar00egarveregarver00000000000000TESTSUITE = $(srcdir)/testsuite TESTSUITE_INTEGRATION = $(srcdir)/integration/testsuite TESTSUITE_FILES = \ $(wildcard $(srcdir)/*.at) \ $(wildcard $(srcdir)/cli/*.at) \ $(wildcard $(srcdir)/dbus/*.at) \ $(wildcard $(srcdir)/features/*.at) \ $(wildcard $(srcdir)/integration/*.at) \ $(wildcard $(srcdir)/python/*.at) \ $(wildcard $(srcdir)/regression/*.at) EXTRA_DIST = \ $(TESTSUITE) \ $(TESTSUITE_INTEGRATION) \ $(TESTSUITE_FILES) \ $(wildcard $(srcdir)/python/*.py) \ $(srcdir)/package.m4 \ atlocal.in DISTCLEANFILES = atconfig $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile :;{ \ echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' ; \ } > "$@" check-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) clean-local: test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean -rm $(srcdir)/package.m4 AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te AUTOTEST = $(AUTOM4TE) --language=autotest $(TESTSUITE) $(TESTSUITE_INTEGRATION): $(TESTSUITE_FILES) $(srcdir)/package.m4 $(AUTOTEST) -I '$(srcdir)' -o $@.tmp $@.at mv $@.tmp $@ CONTAINER_TARGETS = check-container-debian-sid check-container-fedora-rawhide check-container-debian-sid-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM debian:sid" && \ echo "RUN apt-get update" && \ echo "RUN apt-get install -y autoconf automake pkg-config intltool libglib2.0-dev \ xsltproc docbook-xsl docbook-xml iptables ipset ebtables \ nftables libxml2-utils libdbus-1-dev libgirepository1.0-dev \ python3-dbus python3-gi python3-slip-dbus python3-nftables \ procps network-manager gir1.2-nm-1.0" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-fedora-rawhide-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM fedora:rawhide" && \ echo "RUN dnf -y makecache" && \ echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \ docbook-style-xsl file gettext glib2-devel intltool ipset \ iptables iptables-nft libtool libxml2 libxslt make nftables \ python3-nftables python3-slip-dbus python3-gobject-base \ diffutils procps-ng iproute which dbus-daemon \ NetworkManager" && \ echo "RUN alternatives --set ebtables /usr/sbin/ebtables-nft" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) $(CONTAINER_TARGETS): check-container-%: check-container-%-image $(PODMAN) run -i --rm --privileged firewalld-testsuite-$* bash -c " \ cd /tmp/firewalld && \ ./autogen.sh && \ ./configure PYTHON=/usr/bin/python3 && \ make && \ { make -C src/tests check-local TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" || \ make -C src/tests check-local TESTSUITEFLAGS=\"--recheck --errexit --verbose\" ; } && \ make -C src/tests check-integration TESTSUITEFLAGS=\"$(TESTSUITEFLAGS) -j1\" " $(PODMAN) rmi firewalld-testsuite-$* check-container: $(CONTAINER_TARGETS) .PHONY: check-container .PHONY: $(CONTAINER_TARGETS) $(foreach container,$(CONTAINER_TARGETS),$(container)-image) check-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) .PHONY: check-integration installcheck-integration firewalld-0.8.2/src/tests/functions.at0000664007115300711530000005507213641106141021151 0ustar00egarveregarver00000000000000m4_define([FWD_STOP_FIREWALLD], [ pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } ]) m4_define([FWD_START_FIREWALLD], [ FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" dnl if testsuite ran with debug flag, add debug output ${at_debug_p} && FIREWALLD_ARGS="--debug=3 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi NS_CMD([firewalld $FIREWALLD_ARGS &]) if test $? -ne 0; then AT_FAIL_IF([:]) fi echo "$!" > firewalld.pid dnl Give it some time for the dbus interface to come up up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if NS_CMD([firewall-cmd --state]); then up=1 break fi sleep 1 done AT_FAIL_IF([test $up -ne 1]) ]) m4_define([START_NETWORKMANAGER], [ AT_SKIP_IF([! NS_CMD([which NetworkManager >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which nmcli >/dev/null 2>&1])]) AT_DATA([./NetworkManager.conf], [dnl [[main]] plugins= [[logging]] #level=DEBUG #domains=ALL ]) NM_ARGS="--no-daemon --config ./NetworkManager.conf" NS_CMD([NetworkManager $NM_ARGS &]) if test $? -ne 0; then AT_FAIL_IF([:]) fi echo "$!" > networkmanager.pid dnl Give it some time for the dbus interface to come up up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if NS_CMD([nmcli general status >/dev/null 2>&1]); then up=1 break fi sleep 1 done AT_FAIL_IF([test $up -ne 1]) ]) m4_define([STOP_NETWORKMANAGER], [ pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } ]) m4_define([FWD_RELOAD], [ FWD_CHECK([-q --reload], [$1], [$2], [$3]) FWD_CHECK([-q --state], [$4], [$5], [$6]) ]) m4_define([FWD_RESTART], [ FWD_STOP_FIREWALLD FWD_START_FIREWALLD ]) m4_define([FWD_START_TEST], [ AT_SETUP([$1]) dnl We test some unicode strings and autotest overrides LC_ALL=C, so set it dnl again for every test. if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi dnl start every test with the default config if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then AT_CHECK([if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi]) else AT_CHECK([if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi]) fi m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ AT_KEYWORDS(offline) ], [ m4_define_default([FIREWALL_BACKEND], [nftables]) AT_KEYWORDS(FIREWALL_BACKEND) dnl don't unload modules or bother cleaning up, the namespace will be deleted AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf]) dnl set the appropriate backend AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf]) dnl fib matching is pretty new in nftables. Don't use rpfilter on older dnl kernels. m4_if(nftables, FIREWALL_BACKEND, [ IF_HOST_SUPPORTS_NFT_FIB([], [ sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf ]) ]) dnl dummy wrapper for trap syntax function kill_firewalld() { FWD_STOP_FIREWALLD } function kill_networkmanager() { if test -f networkmanager.pid; then STOP_NETWORKMANAGER fi } dnl run cleanup commands on test exit echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT dnl create a namespace and dbus-daemon m4_define([CURRENT_DBUS_ADDRESS], [unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}]) m4_define([CURRENT_TEST_NS], [fwd-test-${at_group_normalized}]) echo "ip netns delete CURRENT_TEST_NS" >> ./cleanup_late AT_CHECK([ip netns add CURRENT_TEST_NS]) AT_DATA([./dbus.conf], [ EXTERNAL unix:path=/tmp/dummy ]) DBUS_PID=`NS_CMD([dbus-daemon --address="CURRENT_DBUS_ADDRESS" --print-pid --config-file="./dbus.conf"])` if test $? -ne 0; then AT_FAIL_IF([:]) fi echo "kill $DBUS_PID" >> ./cleanup_late FWD_START_FIREWALLD ]) ]) m4_define([FWD_END_TEST], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ IF_HOST_SUPPORTS_IP6TABLES([], [ sed -i "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" ./firewalld.log ]) if test x"$1" != x"ignore"; then if test -n "$1"; then sed -i $1 ./firewalld.log fi AT_FAIL_IF([[grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)' ./firewalld.log]]) fi m4_undefine([CURRENT_DBUS_ADDRESS]) m4_undefine([CURRENT_TEST_NS]) ]) AT_CLEANUP ]) m4_define([FWD_OFFLINE_CHECK], [ FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi AT_CHECK([firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS $1], [$2], [$3], [$4], [$5], [$6]) ]) m4_define([FWD_CHECK], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ dnl Silently skip tests that don't affect permanent config or other dnl flags we're interested in. dnl dnl if TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH dnl firewall-offline-cmd ... dnl else dnl if ! --permanent dnl if -default-zone dnl firewall-offline-cmd ... dnl else dnl if ! --timeout dnl firewall-offline-cmd ... dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ], [ m4_if(-1, m4_index([$1], [--permanent]), [ m4_if(-1, m4_index([$1], [-default-zone]), [], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ]) m4_if(-1, m4_index([$1], [--check-config]), [], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ]) ], [ m4_if(-1, m4_index([$1], [--timeout]), [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ], []) ]) ]) m4_ifdef([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD], [ m4_undefine([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) FWD_OFFLINE_CHECK([dnl dnl This m4 mess is all about stripping --permanent dnl flag if it exists, otherwise we pass arg 1 verbatim. m4_if(-1, m4_index([$1], [--permanent]), [$1], [ dnl m4_substr([$1],0,m4_index([$1], [--permanent])) dnl before --permanent m4_substr([$1],m4_eval(m4_index([$1], [--permanent])+11),m4_eval(m4_len([$1])-11)) dnl after --permanent ])], [$2], [$3], [$4], [$5], [$6]) ]) ], [ NS_CHECK([firewall-cmd $1], [$2], [$3], [$4], [$5], [$6]) ]) ]) m4_define([FWD_GREP_LOG], [ AT_CHECK([grep "$1" ./firewalld.log], 0, [ignore], [ignore]) ]) m4_define([TRIM], [[sed -e 's/^[ \t]*//' -e 's/[ \t]*$//']]) m4_define([TRIMV], [[sed -e '/^[ \t]*$/d']]) m4_define([TRIM_INTERNAL], [[sed -e 's/[ \t]\+/ /g']]) m4_define([CHOMP], [printf "%s" "$(cat /dev/stdin)"]) m4_define([TRIM_WHITESPACE], [TRIM | TRIMV | TRIM_INTERNAL | { CHOMP; echo; }]) dnl m4sugar's m4_strip has a bug that causes it to print a space after dnl newlines. So implement our own suck-less version. m4_define([m4_strip], [m4_bpatsubsts([$1], [[ ]+], [ ], [^ ?\(.*\) ?$], [\1])]) m4_define([NS_CMD], [dnl env DBUS_SYSTEM_BUS_ADDRESS="CURRENT_DBUS_ADDRESS" ip netns exec CURRENT_TEST_NS $1 dnl ]) m4_define([NS_CHECK], [ AT_CHECK([NS_CMD([$1])], [$2], [$3], [$4], [$5], [$6]) ]) dnl implement PIPESTATUS[0] in a portable way dnl m4_define([PIPESTATUS0], [dnl sh <<-"HERE" { { { { $1; echo $? >&3; } | $2 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ]) m4_define([EBTABLES_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl grep -v "^Bridge" | dnl [sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g'] dnl ]) m4_define([EBTABLES_LIST_RULES], [ dnl ebtables commit 5f508b76a0ce change list output for inversion. m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([ebtables --concurrent -t $1 -L $2], [EBTABLES_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl tail -n +3 dnl ]) m4_define([IPTABLES_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([$IPTABLES -w -n -t $1 -L $2], [IPTABLES_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([IPTABLES_LIST_RULES], [ m4_if(iptables, FIREWALL_BACKEND, [ IPTABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ]) ]) m4_define([IP6TABLES_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl tail -n +3 dnl ]) m4_define([IP6TABLES_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ IF_HOST_SUPPORTS_IP6TABLES([ NS_CHECK([PIPESTATUS0([$IP6TABLES -w -n -t $1 -L $2], [IP6TABLES_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) ]) m4_define([IP6TABLES_LIST_RULES], [ m4_if(iptables, FIREWALL_BACKEND, [ IP6TABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ]) ]) m4_define([NFT_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl dnl nftables commit 6dd848339444 change list output to show "meta mark" dnl instead of just "mark". sed -e 's/meta mark/mark/g'dnl -e '/type.*hook.*priority.*policy.*/d'dnl dnl tranform ct state { established,related } to ct state established,related -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\(@<:@a-z@:>@*\), /\1,/g;}' dnl ]) m4_define([NFT_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([nft $NFT_NUMERIC_ARGS list chain $1 firewalld $2], [NFT_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([NFT_LIST_RULES], [ m4_if(nftables, FIREWALL_BACKEND, [ NFT_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ]) ]) m4_define([IPSET_LIST_SET_NORMALIZE], [dnl TRIM_WHITESPACE |dnl grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl awk 'NR <= 3; NR > 3 {print | "sort"}' dnl ]) m4_define([IPSET_LIST_SET], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([ipset list $1], [IPSET_LIST_SET_NORMALIZE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) ]) m4_define([NFT_LIST_SET_NORMALIZE], [dnl TRIM_WHITESPACE dnl ]) m4_define([NFT_LIST_SET_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([nft $NFT_NUMERIC_ARGS list set inet firewalld $1], [NFT_LIST_SET_NORMALIZE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) ]) m4_define([NFT_LIST_SET], [ m4_if(nftables, FIREWALL_BACKEND, [ NFT_LIST_SET_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6]) ]) ]) m4_define([DBUS_INTROSPECT], [ AT_SKIP_IF([! NS_CMD([which gdbus >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which xmllint >/dev/null 2>&1])]) NS_CHECK([PIPESTATUS0([gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 dnl m4_ifblank([$1], [--object-path /org/fedoraproject/FirewallD1], [--object-path /org/fedoraproject/FirewallD1/$1])], dnl [m4_ifnblank([$2], [xmllint --xpath '$2' - |]) xmllint --c14n - | TRIM_WHITESPACE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) m4_define([DBUS_CHECK_NORMALIZE], [dnl [sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g'] | dnl truncate dictionary output TRIM_WHITESPACE | dnl sort dnl sort dictionaries by keys ]) m4_define([DBUS_CHECK], [ AT_SKIP_IF([! NS_CMD([which gdbus >/dev/null 2>&1])]) NS_CHECK([PIPESTATUS0([gdbus call --system --dest=org.fedoraproject.FirewallD1 dnl m4_ifblank([$1], [--object-path /org/fedoraproject/FirewallD1], [--object-path /org/fedoraproject/FirewallD1/$1]) dnl --method org.fedoraproject.FirewallD1.$2 $3], [DBUS_CHECK_NORMALIZE])], [$4], [m4_strip([$5])], [m4_strip([$6])], [$7], [$8]) ]) m4_define([DBUS_GETALL_NORMALIZE], dnl m4_escape([awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer " : " $0} } /^dict entry/{line_mark=line}' | sort])dnl ) m4_define([DBUS_GETALL], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 dnl org.freedesktop.DBus.Properties.GetAll string:"org.fedoraproject.FirewallD1.$2" dnl | TRIM_WHITESPACE | DBUS_GETALL_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) m4_define([DBUS_GET], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 dnl org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.$2" $3 dnl | tail -n +2 | TRIM_WHITESPACE], [$4], [m4_strip([$5])], [m4_strip([$6])], [$7], [$8]) ]) m4_define([DBUS_SET], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 dnl org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.$2" $3], [$4], [$5], [$6], [$7], [$8]) ]) m4_define([CHECK_IPSET], [ m4_if(nftables, FIREWALL_BACKEND, [ dnl If our nft binary has buggy flush set, then skip the test NS_CHECK([nft add table inet firewalld_check_ipset]) NS_CHECK([nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; }]) AT_SKIP_IF([! NS_CMD([nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1])]) dnl If nft set has has no timeout support, then skip the test AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1])]) dnl If nft set has has no size support, then skip the test AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1])]) dnl If nft set doesn't allow interval + concat, then skip the test AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1])]) dnl use JSON to verify a JSON parser bug is also fixed AT_SKIP_IF([! NS_CMD([[nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1]])]) NS_CHECK([nft delete table inet firewalld_check_ipset]) ]) ]) m4_define([CHECK_IPSET_HASH_MAC], [ dnl skip if ipset hash:mac support is there m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ AT_SKIP_IF([! ipset --help | grep "hash:mac"]) AT_SKIP_IF([! NS_CMD([ipset create foobar hash:mac >/dev/null 2>&1])]) NS_CHECK([ipset destroy foobar]) ]) ]) m4_define([CHECK_NAT_COEXISTENCE], [ dnl verify the host can support simultaneous iptables and nftables NAT m4_if(nftables, FIREWALL_BACKEND, [ KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 18 || test ${KERNEL_MAJOR} -gt 4; then : else AT_SKIP_IF([true]) fi ]) ]) m4_define([CHECK_LOG_AUDIT], [ m4_if(nftables, FIREWALL_BACKEND, [ NS_CHECK([nft add table inet firewalld_check_log_audit]) NS_CHECK([nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \; } ]) AT_SKIP_IF([! NS_CMD([nft add rule inet firewalld_check_log_audit foobar log level audit >/dev/null 2>&1])]) NS_CHECK([nft delete table inet firewalld_check_log_audit]) ]) ]) m4_define([CHECK_NFT_CT_HELPER], [ m4_if(nftables, FIREWALL_BACKEND, [ NS_CHECK([nft add table inet firewalld_check_ct_helper]) AT_SKIP_IF([! NS_CMD([nft add ct helper inet firewalld helper-ftp-tcp { type \"ftp\" protocol tcp \; } >/dev/null 2>&1])]) NS_CHECK([nft delete table inet firewalld_check_ct_helper]) ]) ]) m4_define([CHECK_MODULE_PROTO_GRE], [ AT_SKIP_IF([! NS_CMD([modinfo nf_conntrack_proto_gre])]) ]) m4_define([IF_HOST_SUPPORTS_NFT_FIB], [ KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : $1 else : $2 fi ]) m4_define([IF_HOST_SUPPORTS_IP6TABLES], [ if $IP6TABLES -L >/dev/null 2>&1; then : $1 else : $2 fi ]) m4_define([IF_HOST_SUPPORTS_IPV6], [ if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : $1 else : $2 fi ]) m4_define([IF_HOST_SUPPORTS_IPV6_RULES], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ m4_if(nftables, FIREWALL_BACKEND, [$1], [ IF_HOST_SUPPORTS_IP6TABLES([$1], [$2]) ])]) ]) m4_define([NMCLI_CHECK], [ AT_SKIP_IF([! NS_CMD([nmcli connection show >/dev/null 2>&1])]) NS_CHECK([PIPESTATUS0([nmcli $1], [TRIM_WHITESPACE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) firewalld-0.8.2/src/tests/regression/0000775007115300711530000000000013641123257020771 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/regression/pr181.at0000664007115300711530000000275013620317435022176 0ustar00egarveregarver00000000000000FWD_START_TEST([combined zones name length check]) AT_KEYWORDS(zone gh181) AT_CHECK([mkdir -p ./zones/foobar]) AT_CHECK([echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) FWD_RELOAD FWD_CHECK([--zone=foobar --list-all | TRIM | grep ^services], 0, [dnl services: http ssh ]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh330.at0000664007115300711530000000707313641106137022150 0ustar00egarveregarver00000000000000FWD_START_TEST([ipset cleanup on reload/stop]) AT_KEYWORDS(ipset reload gh330 rhbz1682913 rhbz1790948 rhbz1809225) AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf]) FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_RELOAD FWD_CHECK([-q --permanent --delete-ipset foobar]) dnl make sure ipset still in system IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4 } } } ]) FWD_RELOAD dnl make sure reload removed ipset from system IPSET_LIST_SET([foobar], 1, [ignore], [ignore]) NFT_LIST_SET([foobar], 1, [ignore], [ignore]) AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf]) FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_RELOAD FWD_CHECK([-q --ipset foobar --add-entry 10.10.10.10]) dnl make sure ipset still in system IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 10.10.10.10 } } } ]) FWD_RELOAD dnl make sure ipset still in system with runtime entries IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 10.10.10.10 } } } ]) FWD_CHECK([-q --permanent --delete-ipset foobar]) FWD_CHECK([-q --ipset foobar --add-entry 4.3.2.1]) FWD_RELOAD dnl Make sure ipset still in system with runtime entries. IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 4.3.2.1, 10.10.10.10 } } } ]) dnl Verify re-adding the set is not problematic. And the runtime entries dnl should be implicitly added. FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 6.6.6.6]) FWD_RELOAD IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 6.6.6.6 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4, 4.3.2.1, 6.6.6.6, 10.10.10.10 } } } ]) FWD_CHECK([-q --permanent --delete-ipset foobar]) dnl do all again, but with CleanUpOnExit=no and stop AT_CHECK([sed -i 's/^CleanUpOnExit.*/CleanUpOnExit=no/' ./firewalld.conf]) FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_RESTART FWD_CHECK([-q --permanent --delete-ipset foobar]) FWD_STOP_FIREWALLD dnl make sure ipset still in system IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr elements = { 1.2.3.4 } } } ]) FWD_START_FIREWALLD FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh482.at0000664007115300711530000000175113620317435022157 0ustar00egarveregarver00000000000000FWD_START_TEST([remove forward-port after reload]) AT_KEYWORDS(gh482 rhbz1637675 rich forward_port) FWD_CHECK([-q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_RELOAD FWD_CHECK([-q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321]) FWD_RELOAD FWD_CHECK([-q --remove-forward-port=port=1234:proto=tcp:toport=4321]) FWD_CHECK([-q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/rhbz1734765.at0000664007115300711530000004110113641106137023040 0ustar00egarveregarver00000000000000FWD_START_TEST([zone sources ordered by name]) AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166 rhbz1738545 rhbz1772208 rhbz1796055) dnl dnl Users depend on firewalld ordering source-based zone dispatch by zone name. dnl AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --permanent --new-zone=foobar_00]) FWD_CHECK([-q --permanent --new-zone=foobar_05]) FWD_CHECK([-q --permanent --new-zone=foobar_02]) FWD_CHECK([-q --permanent --new-zone=foobar_03]) FWD_CHECK([-q --permanent --new-zone=foobar_01]) FWD_CHECK([-q --permanent --new-zone=foobar_04]) FWD_CHECK([-q --permanent --new-zone=foobar_010]) FWD_CHECK([-q --permanent --new-zone=foobar_011]) FWD_CHECK([-q --permanent --new-zone=foobar_012]) FWD_CHECK([-q --permanent --new-ipset 'ipsetv4' --type hash:ip]) FWD_CHECK([-q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6]) FWD_CHECK([-q --permanent --ipset ipsetv4 --add-entry '192.0.2.12']) FWD_CHECK([-q --permanent --ipset ipsetv6 --add-entry '::2']) FWD_CHECK([-q --permanent --zone=foobar_011 --add-source ipset:ipsetv4]) FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24"]) FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16"]) FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"]) FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"]) FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"]) FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"]) FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80"]) FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) ]) FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) FWD_RELOAD NFT_LIST_SET([ipsetv4], 0, [dnl table inet firewalld { set ipsetv4 { type ipv4_addr elements = { 192.0.2.12 } } } ]) NFT_LIST_SET([ipsetv6], 0, [dnl table inet firewalld { set ipsetv6 { type ipv6_addr elements = { ::2 } } } ]) FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) FWD_CHECK([-q --zone=foobar_012 --add-source ipset:ipsetv6]) ]) FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr 10.1.1.1 goto filter_IN_foobar_00 ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ip saddr 10.10.10.10 goto filter_IN_foobar_010 ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ip saddr @ipsetv4 goto filter_IN_foobar_011 ip6 saddr @ipsetv6 goto filter_IN_foobar_012 ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ip saddr 20.20.20.20 goto filter_IN_public ip6 saddr 1234:5678::20:20:20 goto filter_IN_public iifname "foobar2" goto filter_IN_foobar_010 iifname "foobar1" goto filter_IN_trusted iifname "foobar0" goto filter_IN_internal goto filter_IN_public } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl table ip firewalld { chain nat_POSTROUTING_ZONES { ip daddr 10.1.1.1 goto nat_POST_foobar_00 ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ip daddr 10.10.10.10 goto nat_POST_foobar_010 ip daddr @ipsetv4 goto nat_POST_foobar_011 ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ip daddr 20.20.20.20 goto nat_POST_public oifname "foobar2" goto nat_POST_foobar_010 oifname "foobar1" goto nat_POST_trusted oifname "foobar0" goto nat_POST_internal goto nat_POST_public } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING_ZONES { ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ip6 daddr @ipsetv6 goto nat_POST_foobar_012 ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ip6 daddr 1234:5678::20:20:20 goto nat_POST_public oifname "foobar2" goto nat_POST_foobar_010 oifname "foobar1" goto nat_POST_trusted oifname "foobar0" goto nat_POST_internal goto nat_POST_public } } ]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] IN_foobar_05 all 1234:5678::/80 ::/0 [goto] IN_public all 1234:5678::20:20:20 ::/0 [goto] IN_foobar_010 all ::/0 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_internal all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] POST_foobar_05 all ::/0 1234:5678::/80 [goto] POST_public all ::/0 1234:5678::20:20:20 [goto] POST_foobar_010 all ::/0 ::/0 [goto] POST_trusted all ::/0 ::/0 [goto] POST_internal all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] ]]) dnl ########################################################################## dnl ########################################################################## dnl We also support zone drifting in which source based zones fall through to dnl interface based zones (including default zone). So make sure the zones are dnl sorted by name in this mode. dnl ########################################################################## dnl ########################################################################## AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) FWD_CHECK([-q --zone=foobar_012 --add-source ipset:ipsetv6]) ]) FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES_SOURCE], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES_SOURCE { ip saddr 10.1.1.1 goto filter_IN_foobar_00 ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ip saddr 10.10.10.10 goto filter_IN_foobar_010 ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ip saddr @ipsetv4 goto filter_IN_foobar_011 ip6 saddr @ipsetv6 goto filter_IN_foobar_012 ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ip saddr 20.20.20.20 goto filter_IN_public ip6 saddr 1234:5678::20:20:20 goto filter_IN_public } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { iifname "foobar2" goto filter_IN_foobar_010 iifname "foobar1" goto filter_IN_trusted iifname "foobar0" goto filter_IN_internal goto filter_IN_public } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_SOURCE], 0, [dnl table ip firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip daddr 10.1.1.1 goto nat_POST_foobar_00 ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ip daddr 10.10.10.10 goto nat_POST_foobar_010 ip daddr @ipsetv4 goto nat_POST_foobar_011 ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ip daddr 20.20.20.20 goto nat_POST_public } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl table ip firewalld { chain nat_POSTROUTING_ZONES { oifname "foobar2" goto nat_POST_foobar_010 oifname "foobar1" goto nat_POST_trusted oifname "foobar0" goto nat_POST_internal goto nat_POST_public } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES_SOURCE], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ip6 daddr @ipsetv6 goto nat_POST_foobar_012 ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ip6 daddr 1234:5678::20:20:20 goto nat_POST_public } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING_ZONES { oifname "foobar2" goto nat_POST_foobar_010 oifname "foobar1" goto nat_POST_trusted oifname "foobar0" goto nat_POST_internal goto nat_POST_public } } ]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES_SOURCE], 0, [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES_SOURCE], 0, [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] IN_foobar_05 all 1234:5678::/80 ::/0 [goto] IN_public all 1234:5678::20:20:20 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_foobar_010 all ::/0 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_internal all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES_SOURCE], 0, [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES_SOURCE], 0, [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] POST_foobar_05 all ::/0 1234:5678::/80 [goto] POST_public all ::/0 1234:5678::20:20:20 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_foobar_010 all ::/0 ::/0 [goto] POST_trusted all ::/0 ::/0 [goto] POST_internal all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] ]]) FWD_END_TEST([-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d']) firewalld-0.8.2/src/tests/regression/gh366.at0000664007115300711530000000264513630022170022151 0ustar00egarveregarver00000000000000FWD_START_TEST([service destination multiple IP versions]) AT_KEYWORDS(service gh366) m4_define([check_firewall_backend_output], [ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ])]) FWD_CHECK([-q --zone=public --add-service=mdns]) check_firewall_backend_output FWD_CHECK([-q --zone=public --remove-service=mdns]) FWD_CHECK([-q --zone=public --add-rich-rule="rule service name="mdns" accept"]) check_firewall_backend_output dnl negative tests FWD_CHECK([-q --zone=public --add-rich-rule='rule family="ipv4" destination address="10.10.10.0/24" service name="mdns" accept'], 122) m4_undefine([check_firewall_backend_output]) FWD_END_TEST([-e '/ERROR: INVALID_RULE: Destination conflict with service/d']) firewalld-0.8.2/src/tests/regression/rhbz1534571.at0000664007115300711530000000102413620317435023033 0ustar00egarveregarver00000000000000dnl Either don't deduplicate rules, or make sure deduplication does not break dnl cleanup of those rules. Both removes should succeed. FWD_START_TEST([rule deduplication]) AT_KEYWORDS(rhbz1534571) dnl runtime config FWD_CHECK([-q --add-service nfs --add-service nfs3]) FWD_CHECK([-q --remove-service nfs3]) FWD_CHECK([-q --remove-service nfs]) dnl permanent config FWD_CHECK([-q --permanent --add-service nfs --add-service nfs3]) FWD_RELOAD FWD_CHECK([-q --remove-service nfs3]) FWD_CHECK([-q --remove-service nfs]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/rhbz1506742.at0000664007115300711530000000201013626005157023027 0ustar00egarveregarver00000000000000FWD_START_TEST([ipset with timeout]) AT_KEYWORDS(ipset rhbz1506742) CHECK_IPSET FWD_CHECK([-q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600]) FWD_RELOAD FWD_CHECK([--permanent --ipset=foobar --add-entry=1.2.3.4], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --add-entry=1.2.3.4]) FWD_CHECK([-q --ipset=foobar --query-entry=1.2.3.4], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --remove-entry=1.2.3.4]) AT_DATA([foobar_entries.txt], [ 1.2.3.4 10.0.1.1 ]) FWD_CHECK([--permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --add-entries-from-file=foobar_entries.txt]) FWD_CHECK([-q --ipset=foobar --query-entry=1.2.3.4], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --remove-entries-from-file=foobar_entries.txt]) FWD_END_TEST([-e '/Error: IPSET_WITH_TIMEOUT/d' dnl -e '/ERROR: IPSET_WITH_TIMEOUT/d' dnl -e '/WARNING: NOT_ENABLED/d']) firewalld-0.8.2/src/tests/regression/pr323.at0000664007115300711530000000041313620317435022166 0ustar00egarveregarver00000000000000FWD_START_TEST([GRE proto helper]) AT_KEYWORDS(helper gh323) CHECK_MODULE_PROTO_GRE FWD_CHECK([-q --add-protocol=gre]) FWD_CHECK([-q --remove-protocol=gre]) FWD_CHECK([-q --add-service=gre]) AT_CHECK([lsmod | grep nf_conntrack_proto_gre], 0, ignore) FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh258.at0000664007115300711530000006635613626005157022175 0ustar00egarveregarver00000000000000FWD_START_TEST([zone dispatch layout]) AT_KEYWORDS(zone gh258 gh441 rhbz1713823 rhbz1772208 rhbz1796055) FWD_CHECK([--permanent --zone=trusted --add-source="1.2.3.0/24"], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --zone=public --add-source="dead:beef::/54"], 0, ignore) ]) FWD_CHECK([--permanent --zone=trusted --add-interface=dummy0], 0, ignore) FWD_CHECK([--permanent --zone=public --add-interface=dummy1], 0, ignore) AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=no/' ./firewalld.conf]) FWD_RELOAD dnl verify layout of zone dispatch NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip6 saddr dead:beef::/54 goto filter_IN_public ip saddr 1.2.3.0/24 goto filter_IN_trusted iifname "dummy0" goto filter_IN_trusted iifname "dummy1" goto filter_IN_public goto filter_IN_public } } ]) NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES], 0, [dnl table inet firewalld { chain filter_FORWARD_IN_ZONES { ip6 saddr dead:beef::/54 goto filter_FWDI_public ip saddr 1.2.3.0/24 goto filter_FWDI_trusted iifname "dummy0" goto filter_FWDI_trusted iifname "dummy1" goto filter_FWDI_public goto filter_FWDI_public } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES], 0, [dnl table inet firewalld { chain filter_FORWARD_OUT_ZONES { ip6 daddr dead:beef::/54 goto filter_FWDO_public ip daddr 1.2.3.0/24 goto filter_FWDO_trusted oifname "dummy0" goto filter_FWDO_trusted oifname "dummy1" goto filter_FWDO_public goto filter_FWDO_public } } ]) IF_HOST_SUPPORTS_NFT_FIB([ NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl table inet firewalld { chain raw_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . iif oif missing drop jump raw_PREROUTING_ZONES } } ]) ], [ NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl table inet firewalld { chain raw_PREROUTING { jump raw_PREROUTING_ZONES } } ]) ]) NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES], 0, [dnl table inet firewalld { chain raw_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto raw_PRE_public ip saddr 1.2.3.0/24 goto raw_PRE_trusted iifname "dummy0" goto raw_PRE_trusted iifname "dummy1" goto raw_PRE_public goto raw_PRE_public } } ]) NFT_LIST_RULES([inet], [mangle_PREROUTING], 0, [dnl table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES } } ]) NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES], 0, [dnl table inet firewalld { chain mangle_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto mangle_PRE_public ip saddr 1.2.3.0/24 goto mangle_PRE_trusted iifname "dummy0" goto mangle_PRE_trusted iifname "dummy1" goto mangle_PRE_public goto mangle_PRE_public } } ]) NFT_LIST_RULES([ip], [nat_PREROUTING], 0, [dnl table ip firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } ]) NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES], 0, [dnl table ip firewalld { chain nat_PREROUTING_ZONES { ip saddr 1.2.3.0/24 goto nat_PRE_trusted iifname "dummy0" goto nat_PRE_trusted iifname "dummy1" goto nat_PRE_public goto nat_PRE_public } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING], 0, [dnl table ip firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl table ip firewalld { chain nat_POSTROUTING_ZONES { ip daddr 1.2.3.0/24 goto nat_POST_trusted oifname "dummy0" goto nat_POST_trusted oifname "dummy1" goto nat_POST_public goto nat_POST_public } } ]) NFT_LIST_RULES([ip6], [nat_PREROUTING], 0, [dnl table ip6 firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } ]) NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES], 0, [dnl table ip6 firewalld { chain nat_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto nat_PRE_public iifname "dummy0" goto nat_PRE_trusted iifname "dummy1" goto nat_PRE_public goto nat_PRE_public } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING_ZONES { ip6 daddr dead:beef::/54 goto nat_POST_public oifname "dummy0" goto nat_POST_trusted oifname "dummy1" goto nat_POST_public goto nat_POST_public } } ]) IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [[FWDI_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] FWDI_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [[FWDO_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] FWDO_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_public all dead:beef::/54 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [[FWDI_public all dead:beef::/54 ::/0 [goto] FWDI_trusted all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [[FWDO_public all ::/0 dead:beef::/54 [goto] FWDO_trusted all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_public all ::/0 dead:beef::/54 [goto] POST_trusted all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] ]]) dnl ########################################################################## dnl ########################################################################## dnl We also support zone drifting in which source based zones fall through to dnl interface based zones (including default zone). dnl ########################################################################## dnl ########################################################################## AT_CHECK([sed -i 's/^AllowZoneDrifting.*/AllowZoneDrifting=yes/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES_SOURCE jump filter_INPUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES_SOURCE], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto filter_IN_public ip saddr 1.2.3.0/24 goto filter_IN_trusted } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { iifname "dummy0" goto filter_IN_trusted iifname "dummy1" goto filter_IN_public goto filter_IN_public } } ]) NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES_SOURCE jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES_SOURCE jump filter_FORWARD_OUT_ZONES ct state invalid drop reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES_SOURCE], 0, [dnl table inet firewalld { chain filter_FORWARD_IN_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto filter_FWDI_public ip saddr 1.2.3.0/24 goto filter_FWDI_trusted } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_IN_ZONES], 0, [dnl table inet firewalld { chain filter_FORWARD_IN_ZONES { iifname "dummy0" goto filter_FWDI_trusted iifname "dummy1" goto filter_FWDI_public goto filter_FWDI_public } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES_SOURCE], 0, [dnl table inet firewalld { chain filter_FORWARD_OUT_ZONES_SOURCE { ip6 daddr dead:beef::/54 goto filter_FWDO_public ip daddr 1.2.3.0/24 goto filter_FWDO_trusted } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_OUT_ZONES], 0, [dnl table inet firewalld { chain filter_FORWARD_OUT_ZONES { oifname "dummy0" goto filter_FWDO_trusted oifname "dummy1" goto filter_FWDO_public goto filter_FWDO_public } } ]) IF_HOST_SUPPORTS_NFT_FIB([ NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl table inet firewalld { chain raw_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . iif oif missing drop jump raw_PREROUTING_ZONES_SOURCE jump raw_PREROUTING_ZONES } } ]) ], [ NFT_LIST_RULES([inet], [raw_PREROUTING], 0, [dnl table inet firewalld { chain raw_PREROUTING { jump raw_PREROUTING_ZONES_SOURCE jump raw_PREROUTING_ZONES } } ]) ]) NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES_SOURCE], 0, [dnl table inet firewalld { chain raw_PREROUTING_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto raw_PRE_public ip saddr 1.2.3.0/24 goto raw_PRE_trusted } } ]) NFT_LIST_RULES([inet], [raw_PREROUTING_ZONES], 0, [dnl table inet firewalld { chain raw_PREROUTING_ZONES { iifname "dummy0" goto raw_PRE_trusted iifname "dummy1" goto raw_PRE_public goto raw_PRE_public } } ]) NFT_LIST_RULES([inet], [mangle_PREROUTING], 0, [dnl table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES_SOURCE jump mangle_PREROUTING_ZONES } } ]) NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES_SOURCE], 0, [dnl table inet firewalld { chain mangle_PREROUTING_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto mangle_PRE_public ip saddr 1.2.3.0/24 goto mangle_PRE_trusted } } ]) NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES], 0, [dnl table inet firewalld { chain mangle_PREROUTING_ZONES { iifname "dummy0" goto mangle_PRE_trusted iifname "dummy1" goto mangle_PRE_public goto mangle_PRE_public } } ]) NFT_LIST_RULES([ip], [nat_PREROUTING], 0, [dnl table ip firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES_SOURCE jump nat_PREROUTING_ZONES } } ]) NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES_SOURCE], 0, [dnl table ip firewalld { chain nat_PREROUTING_ZONES_SOURCE { ip saddr 1.2.3.0/24 goto nat_PRE_trusted } } ]) NFT_LIST_RULES([ip], [nat_PREROUTING_ZONES], 0, [dnl table ip firewalld { chain nat_PREROUTING_ZONES { iifname "dummy0" goto nat_PRE_trusted iifname "dummy1" goto nat_PRE_public goto nat_PRE_public } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING], 0, [dnl table ip firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES_SOURCE jump nat_POSTROUTING_ZONES } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_SOURCE], 0, [dnl table ip firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip daddr 1.2.3.0/24 goto nat_POST_trusted } } ]) NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES], 0, [dnl table ip firewalld { chain nat_POSTROUTING_ZONES { oifname "dummy0" goto nat_POST_trusted oifname "dummy1" goto nat_POST_public goto nat_POST_public } } ]) NFT_LIST_RULES([ip6], [nat_PREROUTING], 0, [dnl table ip6 firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES_SOURCE jump nat_PREROUTING_ZONES } } ]) NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES_SOURCE], 0, [dnl table ip6 firewalld { chain nat_PREROUTING_ZONES_SOURCE { ip6 saddr dead:beef::/54 goto nat_PRE_public } } ]) NFT_LIST_RULES([ip6], [nat_PREROUTING_ZONES], 0, [dnl table ip6 firewalld { chain nat_PREROUTING_ZONES { iifname "dummy0" goto nat_PRE_trusted iifname "dummy1" goto nat_PRE_public goto nat_PRE_public } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES_SOURCE jump nat_POSTROUTING_ZONES } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES_SOURCE], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING_ZONES_SOURCE { ip6 daddr dead:beef::/54 goto nat_POST_public } } ]) NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES], 0, [dnl table ip6 firewalld { chain nat_POSTROUTING_ZONES { oifname "dummy0" goto nat_POST_trusted oifname "dummy1" goto nat_POST_public goto nat_POST_public } } ]) IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES_SOURCE], 0, [[IN_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_SOURCE], 0, [[FWDI_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [[FWDI_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_SOURCE], 0, [[FWDO_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [[FWDO_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES_SOURCE], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES_SOURCE], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES_SOURCE], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES_SOURCE], 0, [[POST_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES_SOURCE all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES_SOURCE], 0, [[IN_public all dead:beef::/54 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_trusted all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES_SOURCE all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES_SOURCE all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES_SOURCE], 0, [[FWDI_public all dead:beef::/54 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD_IN_ZONES], 0, [[FWDI_trusted all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] FWDI_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES_SOURCE], 0, [[FWDO_public all ::/0 dead:beef::/54 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD_OUT_ZONES], 0, [[FWDO_trusted all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] FWDO_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES_SOURCE all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES_SOURCE], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [[PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES_SOURCE all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES_SOURCE], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [[PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES_SOURCE all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES_SOURCE], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [[PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES_SOURCE all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES_SOURCE], 0, [[POST_public all ::/0 dead:beef::/54 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_trusted all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] ]]) FWD_END_TEST([-e '/WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now./d']) firewalld-0.8.2/src/tests/regression/rhbz1514043.at0000664007115300711530000000716713630022170023027 0ustar00egarveregarver00000000000000FWD_START_TEST([--set-log-denied does not zero config]) AT_KEYWORDS(log_denied rhbz1514043) FWD_CHECK([-q --set-log-denied=all]) FWD_CHECK([-q --permanent --zone=public --add-service=samba]) FWD_RELOAD FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl services: dhcpv6-client samba ssh ]) dnl check that log denied actually took effect NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 type addr-unreachable jump filter_FORWARD_IN_ZONES jump filter_FORWARD_OUT_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx type admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_IN_ZONES all ::/0 ::/0 FORWARD_OUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh287.at0000664007115300711530000000120313620317435022152 0ustar00egarveregarver00000000000000FWD_START_TEST([ICMP block inversion]) AT_KEYWORDS(icmp gh287) AT_CHECK([mkdir -p ./zones]) AT_CHECK([echo '' > ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar.xml]) AT_CHECK([echo 'foobar desc' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) FWD_RELOAD FWD_END_TEST firewalld-0.8.2/src/tests/regression/rhbz1779835.at0000664007115300711530000000270213630022170023043 0ustar00egarveregarver00000000000000FWD_START_TEST([ipv6 address with brackets]) AT_KEYWORDS(rhbz1779835 ipset zone forward_port rich) dnl ipset FWD_CHECK([-q --permanent --new-ipset=foobar --type=hash:ip --family=inet6]) FWD_CHECK([[-q --permanent --ipset foobar --add-entry='[1234::4321]']]) FWD_CHECK([-q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6]) FWD_CHECK([[-q --permanent --ipset foobar2 --add-entry='[1234::]/64']]) FWD_RELOAD dnl zone source FWD_CHECK([[-q --zone internal --add-source='[::1234]']]) FWD_CHECK([[-q --zone internal --add-source='[1234::]/64']]) dnl forward ports FWD_CHECK([[-q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234]]]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"']]) dnl rich rule source/destination FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept']]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh335.at0000664007115300711530000000647713620317435022166 0ustar00egarveregarver00000000000000FWD_START_TEST([forward-port toaddr enables IP forwarding]) AT_KEYWORDS(port forward_port gh335) NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10]) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) FWD_RELOAD IF_HOST_SUPPORTS_IPV6_RULES([ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"]) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) ]) FWD_RELOAD ]) NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) FWD_RELOAD IF_HOST_SUPPORTS_IPV6_RULES([ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) ]) FWD_RELOAD ]) dnl following tests should _not_ enable IP forwarding NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321]) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) ]) FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) firewalld-0.8.2/src/tests/regression/rhbz1571957.at0000664007115300711530000000056713620317435023057 0ustar00egarveregarver00000000000000FWD_START_TEST([set-log-denied w/ ICMP block inversion]) AT_KEYWORDS(log_denied rhbz1571957 icmp) FWD_CHECK([-q --permanent --zone=public --add-icmp-block-inversion]) FWD_RELOAD FWD_CHECK([-q --set-log-denied=all]) AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --set-log-denied=broadcast]) FWD_RELOAD FWD_END_TEST firewalld-0.8.2/src/tests/regression/rhbz1715977.at0000664007115300711530000001360113630022170023040 0ustar00egarveregarver00000000000000FWD_START_TEST([rich rule src/dst with service destination]) AT_KEYWORDS(rich service rhbz1715977 rhbz1729097 rhbz1791783) FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept']) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept']) NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept']) NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore]) FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept']) FWD_RELOAD(122, [ignore], [ignore], 251) FWD_END_TEST([-e '/ERROR: INVALID_RULE: Destination conflict with service/d']) firewalld-0.8.2/src/tests/regression/rhbz1723610.at0000664007115300711530000000460013617024233023025 0ustar00egarveregarver00000000000000FWD_START_TEST([direct remove-rules per family]) AT_KEYWORDS(direct rhbz1723610 gh385) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) FWD_RELOAD FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter INPUT]) FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) FWD_RELOAD FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) FWD_END_TEST firewalld-0.8.2/src/tests/regression/rhbz1498923.at0000664007115300711530000000324613620317435023055 0ustar00egarveregarver00000000000000FWD_START_TEST([invalid direct rule causes reload error]) AT_KEYWORDS(direct reload rhbz1498923) dnl Verify runtime interface to zone assignment is gone after reload AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --zone=public --add-interface=foobar0]) FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl public ]) FWD_RELOAD FWD_CHECK([--get-zone-of-interface=foobar0], 2, [], [dnl no zone ]) dnl Below we test retention of some items applicable to FlushAllOnReload=no AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag]) dnl add some non-permanent things that should persist a reload FWD_CHECK([-q --zone=public --add-interface=foobar0]) FWD_CHECK([-q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT]) FWD_RELOAD(13, [ignore], [ignore], 251) FWD_CHECK([--state], 251, [ignore], [failed ]) dnl verify the non-permanent stuff we set above remained FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl public ]) FWD_CHECK([-q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT]) dnl now remove the bad rule and reload successfully FWD_CHECK([-q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag]) FWD_RELOAD dnl verify the non-permanent stuff we set above remained FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl public ]) FWD_CHECK([-q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT]) FWD_END_TEST([-e '/.*a-bogus-flag.*/d']) firewalld-0.8.2/src/tests/regression/gh509.at0000664007115300711530000000104013617024233022143 0ustar00egarveregarver00000000000000FWD_START_TEST([missing firewalld.conf file]) AT_KEYWORDS(gh509) dnl We're going to wipe the config below and therefore use the defaults. As dnl such, if our test host doesn't support defaults then we must skip this test dnl group. IF_HOST_SUPPORTS_NFT_FIB([], [AT_SKIP_IF([:])]) AT_CHECK([if ! rm ./firewalld.conf; then exit 77; fi]) FWD_RESTART FWD_END_TEST([-e '/ERROR: Failed to load/d' dnl -e '/WARNING:.*No such file or directory:.*/d' dnl -e '/WARNING: Using fallback firewalld configuration settings/d']) firewalld-0.8.2/src/tests/regression/gh453.at0000664007115300711530000000325513630022170022144 0ustar00egarveregarver00000000000000m4_if(nftables, FIREWALL_BACKEND, [ FWD_START_TEST([nftables helper objects]) AT_KEYWORDS(helper gh453) CHECK_NFT_CT_HELPER FWD_CHECK([-q --set-automatic-helpers=no]) FWD_CHECK([-q --add-service=ftp]) NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl ct helper helper-ftp-tcp { type "ftp" protocol tcp l3proto inet } ])]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 21 ct state new,untracked accept } } ]) FWD_CHECK([-q --add-service=sip]) NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-tcp"], 0, [m4_strip([dnl ct helper helper-sip-tcp { type "sip" protocol tcp l3proto inet } ])]) NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-udp"], 0, [m4_strip([dnl ct helper helper-sip-udp { type "sip" protocol udp l3proto inet } ])]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 21 ct state new,untracked accept tcp dport 5060 ct helper set "helper-sip-tcp" udp dport 5060 ct helper set "helper-sip-udp" tcp dport 5060 ct state new,untracked accept udp dport 5060 ct state new,untracked accept } } ]) FWD_END_TEST ]) firewalld-0.8.2/src/tests/regression/gh303.at0000664007115300711530000000103513620317435022142 0ustar00egarveregarver00000000000000FWD_START_TEST([unicode in XML]) AT_KEYWORDS(xml unicode service gh303) AT_CHECK([mkdir -p ./services]) AT_CHECK([cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Ё ώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE ]) LC_ALL="C" export LC_ALL FWD_RESTART FWD_CHECK([-q --permanent --add-service=unicode-service-test]) FWD_RELOAD FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh478.at0000664007115300711530000000177013620317435022165 0ustar00egarveregarver00000000000000FWD_START_TEST([rich rule marks every packet]) AT_KEYWORDS(rich mark gh478) FWD_CHECK([-q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10']) FWD_CHECK([-q --add-rich-rule='rule protocol value=icmp mark set=11']) FWD_CHECK([-q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12']) NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl table inet firewalld { chain mangle_PRE_public_allow { tcp dport 1234 mark set 0x0000000a meta l4proto icmp mark set 0x0000000b tcp sport 4321 mark set 0x0000000c } } ]) IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa MARK icmp ::/0 ::/0 MARK set 0xb MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc ]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/icmp_block_in_forward_chain.at0000664007115300711530000000205113620317435026773 0ustar00egarveregarver00000000000000FWD_START_TEST([ICMP block present FORWARD chain]) AT_KEYWORDS(icmp) FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) NFT_LIST_RULES([inet], [filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl table inet firewalld { chain filter_IN_public_deny { icmp type destination-unreachable icmp code host-prohibited reject with icmpx type admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FWDI_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl table inet firewalld { chain filter_FWDI_public_deny { icmp type destination-unreachable icmp code host-prohibited reject with icmpx type admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FWDI_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited ]) FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh567.at0000664007115300711530000000040513626005156022156 0ustar00egarveregarver00000000000000FWD_START_TEST([rich rule source w/ mark action]) AT_KEYWORDS(gh567 rich ipset) FWD_CHECK([-q --permanent --new-ipset=Teste --type=hash:net]) FWD_CHECK([-q --permanent --add-rich-rule "rule family=ipv4 source ipset=Teste mark set=2"]) FWD_RELOAD FWD_END_TEST firewalld-0.8.2/src/tests/regression/gh290.at0000664007115300711530000000231213620317435022146 0ustar00egarveregarver00000000000000FWD_START_TEST([invalid syntax in xml files]) AT_KEYWORDS(xml direct zone gh290) dnl direct.xml AT_CHECK([mkdir -p ./zones]) AT_CHECK([echo '' > ./direct.xml]) AT_CHECK([echo '' >> ./direct.xml]) AT_CHECK([echo '' >> ./direct.xml]) AT_CHECK([echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml]) dnl missing closing AT_CHECK([echo '' >> ./direct.xml]) dnl zone.xml AT_CHECK([mkdir -p ./zones]) AT_CHECK([echo '' > ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar.xml]) dnl port missing required protocol AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) FWD_RESTART FWD_GREP_LOG([ERROR:.*mismatched tag]) FWD_GREP_LOG([ERROR:.*Missing attribute protocol for port]) FWD_END_TEST([-e '/ERROR:.*mismatched tag.*/d' dnl -e '/ERROR:.*Missing attribute protocol for port.*/d']) firewalld-0.8.2/src/tests/regression/regression.at0000664007115300711530000000211413641106004023464 0ustar00egarveregarver00000000000000AT_BANNER([regression (FIREWALL_BACKEND)]) m4_include([regression/rhbz1514043.at]) m4_include([regression/rhbz1498923.at]) m4_include([regression/pr181.at]) m4_include([regression/gh287.at]) m4_include([regression/individual_calls.at]) m4_include([regression/rhbz1534571.at]) m4_include([regression/gh290.at]) m4_include([regression/icmp_block_in_forward_chain.at]) m4_include([regression/pr323.at]) m4_include([regression/rhbz1506742.at]) m4_include([regression/rhbz1594657.at]) m4_include([regression/rhbz1571957.at]) m4_include([regression/rhbz1404076.at]) m4_include([regression/gh366.at]) m4_include([regression/rhbz1601610.at]) m4_include([regression/gh303.at]) m4_include([regression/gh335.at]) m4_include([regression/gh482.at]) m4_include([regression/gh478.at]) m4_include([regression/gh453.at]) m4_include([regression/gh258.at]) m4_include([regression/rhbz1715977.at]) m4_include([regression/rhbz1723610.at]) m4_include([regression/rhbz1734765.at]) m4_include([regression/gh509.at]) m4_include([regression/gh567.at]) m4_include([regression/rhbz1779835.at]) m4_include([regression/gh330.at]) firewalld-0.8.2/src/tests/regression/rhbz1601610.at0000664007115300711530000000425013620317435023024 0ustar00egarveregarver00000000000000FWD_START_TEST([ipset duplicate entries]) AT_KEYWORDS(ipset rhbz1601610) CHECK_IPSET FWD_CHECK([-q --new-ipset=foobar --permanent --type=hash:net]) FWD_RELOAD FWD_CHECK([-q --ipset=foobar --add-entry=10.1.1.0/22]) FWD_CHECK([-q --ipset=foobar --add-entry=10.1.2.0/22], 13, ignore, ignore) FWD_CHECK([-q --ipset=foobar --add-entry=10.2.0.0/22]) FWD_CHECK([--ipset=foobar --get-entries], 0, [dnl 10.1.1.0/22 10.2.0.0/22 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.1.0.0/22, 10.2.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.1.0.0/22 10.2.0.0/22 ]) FWD_CHECK([-q --ipset=foobar --remove-entry=10.1.1.0/22]) FWD_CHECK([--ipset=foobar --get-entries], 0, [dnl 10.2.0.0/22 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.2.0.0/22 ]) FWD_CHECK([-q --permanent --ipset=foobar --add-entry=10.1.1.0/22]) FWD_CHECK([--permanent --ipset=foobar --get-entries], 0, [dnl 10.1.1.0/22 ]) FWD_CHECK([-q --permanent --ipset=foobar --remove-entry=10.1.1.0/22]) FWD_CHECK([--permanent --ipset=foobar --get-entries], 0, [ ]) dnl rhbz 1644834 FWD_CHECK([-q --ipset=foobar --add-entry=10.3.0.0/22]) FWD_CHECK([-q --runtime-to-permanent]) FWD_RELOAD NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 ]) dnl rhbz 1644834, again with IndividualCalls=yes AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 ]) FWD_END_TEST([-e '/ERROR: COMMAND_FAILED:.*already added.*/d'dnl -e '/ERROR: COMMAND_FAILED:.*element.*exists/d'dnl -e '/Kernel support protocol versions/d']) firewalld-0.8.2/src/tests/regression/rhbz1404076.at0000664007115300711530000000224313641106051023024 0ustar00egarveregarver00000000000000FWD_START_TEST([query single port added with range]) AT_KEYWORDS(port rhbz1404076) dnl add a set of ports by range, then query a specific port inside that range. FWD_CHECK([-q --add-port=8080-8090/tcp]) FWD_CHECK([-q --query-port=8085/tcp]) FWD_CHECK([-q --query-port=8085-8087/tcp]) FWD_CHECK([-q --query-port=8080-8090/tcp]) FWD_CHECK([-q --query-port=8080-8089/tcp]) FWD_CHECK([-q --query-port=8081-8090/tcp]) FWD_CHECK([-q --query-port=webcache/tcp]) dnl named port FWD_CHECK([-q --query-port=8091/tcp], 1) dnl negative test FWD_CHECK([-q --query-port=8085/udp], 1) dnl negative test dnl same thing, but for permanent configuration. FWD_CHECK([-q --permanent --add-port=8080-8090/tcp]) FWD_CHECK([-q --permanent --query-port=8085/tcp]) FWD_CHECK([-q --permanent --query-port=8085-8087/tcp]) FWD_CHECK([-q --permanent --query-port=8080-8090/tcp]) FWD_CHECK([-q --permanent --query-port=8080-8089/tcp]) FWD_CHECK([-q --permanent --query-port=8081-8090/tcp]) FWD_CHECK([-q --permanent --query-port=webcache/tcp]) dnl named port FWD_CHECK([-q --permanent --query-port=8091/tcp], 1) dnl negative test FWD_CHECK([-q --permanent --query-port=8085/udp], 1) dnl negative test FWD_END_TEST firewalld-0.8.2/src/tests/regression/individual_calls.at0000664007115300711530000000025313620317435024625 0ustar00egarveregarver00000000000000FWD_START_TEST([individual calls]) AT_KEYWORDS(individual_calls) AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) FWD_RELOAD FWD_END_TEST firewalld-0.8.2/src/tests/regression/rhbz1594657.at0000664007115300711530000000150013620317435023045 0ustar00egarveregarver00000000000000FWD_START_TEST([no log untracked passthrough queries]) AT_KEYWORDS(direct passthrough rhbz1594657) FWD_CHECK([--direct --passthrough eb -t filter -L dummy_chain], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough eb -t filter -L INPUT], 0, [ignore]) FWD_CHECK([--direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv4 -t filter -L dummy_chain], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv4 -t filter -L INPUT], 0, [ignore]) IF_HOST_SUPPORTS_IP6TABLES([ FWD_CHECK([--direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv6 -t filter -L dummy_chain], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv6 -t filter -L INPUT], 0, [ignore]) ]) FWD_END_TEST firewalld-0.8.2/src/tests/python/0000775007115300711530000000000013641123257020132 5ustar00egarveregarver00000000000000firewalld-0.8.2/src/tests/python/firewalld_config.py0000775007115300711530000003641313614563155024021 0ustar00egarveregarver00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2010-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import sys import unittest import firewall from firewall.client import FirewallClient, \ FirewallClientZoneSettings, \ FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings from firewall.core.base import DEFAULT_ZONE_TARGET class TestFirewallDInterfaceConfig(unittest.TestCase): """ For testing of permanent changes, ie. those that survive restart: """ def setUp(self): unittest.TestCase.setUp(self) self.fw = FirewallClient() def tearDown(self): unittest.TestCase.tearDown(self) def test_zones(self): """ /org/fedoraproject/FirewallD1/config listZones() getZoneByName(String name) addZone(String name, Dict of {String, Variant} zone_settings) /org/fedoraproject/FirewallD1/config/zone/ getSettings() loadDefaults() update() rename() remove() """ print ("\nGetting invalid zone") self.assertRaisesRegexp(Exception, 'INVALID_ZONE', self.fw.config().getZoneByName, "dummyname") zone_version = "1.0" zone_short = "Testing" zone_description = "this is just a testing zone" zone_target = DEFAULT_ZONE_TARGET zone_services = ["dhcpv6-client", "ssh"] zone_ports = [("123", "tcp"), ("666-667", "udp")] zone_icmpblocks = ["redirect", "echo-reply"] zone_masquerade = False zone_forward_ports = [("443", "tcp", "441", "192.168.0.2"), ("123", "udp", "321", "192.168.1.1")] settings = FirewallClientZoneSettings() settings.setVersion(zone_version) settings.setShort(zone_short) settings.setDescription(zone_description) settings.setTarget(zone_target) settings.setServices(zone_services) settings.setPorts(zone_ports) settings.setIcmpBlocks(zone_icmpblocks) settings.setMasquerade(zone_masquerade) settings.setForwardPorts(zone_forward_ports) print ("Adding zone with name that already exists") self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', self.fw.config().addZone, "home", settings) print ("Adding zone with empty name") self.assertRaisesRegexp(Exception, 'INVALID_NAME', self.fw.config().addZone, "", settings) zone_name = "test" print ("Adding proper zone") self.fw.config().addZone (zone_name, settings) print ("Checking the saved (permanent) settings") config_zone = self.fw.config().getZoneByName(zone_name) self.assertIsInstance(config_zone, firewall.client.FirewallClientConfigZone) zone_settings = config_zone.getSettings() self.assertIsInstance(zone_settings, firewall.client.FirewallClientZoneSettings) self.assertEquals(zone_settings.getVersion(), zone_version) self.assertEquals(zone_settings.getShort(), zone_short) self.assertEquals(zone_settings.getDescription(), zone_description) self.assertEquals(zone_settings.getTarget(), "default") self.assertEquals(zone_settings.getServices().sort(), zone_services.sort()) self.assertEquals(zone_settings.getPorts().sort(), zone_ports.sort()) self.assertEquals(zone_settings.getIcmpBlocks().sort(), zone_icmpblocks.sort()) self.assertEquals(zone_settings.getMasquerade(), zone_masquerade) self.assertEquals(zone_settings.getForwardPorts().sort(), zone_forward_ports.sort()) print ("Updating settings") zone_services.append("mdns") zone_settings.setServices(zone_services) config_zone.update(zone_settings) print ("Reloading firewalld") self.fw.reload() print ("Checking of runtime settings") self.assertTrue(zone_name in self.fw.getZones()) self.assertEquals(self.fw.getServices(zone_name).sort(), zone_services.sort()) self.assertEquals(self.fw.getPorts(zone_name).sort(), zone_ports.sort()) self.assertEquals(self.fw.getIcmpBlocks(zone_name).sort(), zone_icmpblocks.sort()) self.assertEquals(self.fw.queryMasquerade(zone_name), zone_masquerade) self.assertEquals(self.fw.getForwardPorts(zone_name).sort(), zone_forward_ports.sort()) print ("Renaming zone to name that already exists") config_zone = self.fw.config().getZoneByName(zone_name) self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', config_zone.rename, "home") new_zone_name = "renamed" print ("Renaming zone '%s' to '%s'" % (zone_name, new_zone_name)) config_zone.rename(new_zone_name) print ("Checking whether the zone '%s' is accessible (it shouldn't be)" % zone_name) self.assertRaisesRegexp(Exception, 'INVALID_ZONE', self.fw.config().getZoneByName, zone_name) print ("Checking whether the zone '%s' is accessible" % new_zone_name) config_zone = self.fw.config().getZoneByName(new_zone_name) zone_settings = config_zone.getSettings() self.assertEquals(zone_settings.getVersion(), zone_version) self.assertEquals(zone_settings.getShort(), zone_short) self.assertEquals(zone_settings.getDescription(), zone_description) self.assertEquals(zone_settings.getTarget(), "default") self.assertEquals(zone_settings.getServices().sort(), zone_services.sort()) self.assertEquals(zone_settings.getPorts().sort(), zone_ports.sort()) self.assertEquals(zone_settings.getIcmpBlocks().sort(), zone_icmpblocks.sort()) self.assertEquals(zone_settings.getMasquerade(), zone_masquerade) self.assertEquals(zone_settings.getForwardPorts().sort(), zone_forward_ports.sort()) print ("Removing the zone '%s'" % new_zone_name) config_zone.remove() print ("Checking whether the removed zone is accessible (it shouldn't be)") self.assertRaisesRegexp(Exception, 'INVALID_ZONE', self.fw.config().getZoneByName, new_zone_name) # TODO test loadDefaults() ? def test_services(self): """ /org/fedoraproject/FirewallD1/config listServices() getServiceByName(String name) addService(String name, Dict of {String, Variant} settings) /org/fedoraproject/FirewallD1/config/service/ getSettings() loadDefaults() update() rename() remove() """ print ("\nGetting invalid service") self.assertRaisesRegexp(Exception, 'INVALID_SERVICE', self.fw.config().getServiceByName, "dummyname") service_version = "1.0" service_short = "Testing" service_description = "this is just a testing service" service_ports = [("123", "tcp"), ("666-667", "udp")] service_modules = ["nf_conntrack_tftp"] service_destinations = {'ipv4': '1.2.3.4', 'ipv6': 'dead::beef'} settings = FirewallClientServiceSettings() # ["", "", "", [], [], {}] settings.setVersion(service_version) settings.setShort(service_short) settings.setDescription(service_description) settings.setPorts(service_ports) settings.setModules(service_modules) settings.setDestinations(service_destinations) print ("Adding service with name that already exists") self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', self.fw.config().addService, "mdns", settings) print ("Adding service with empty name") self.assertRaisesRegexp(Exception, 'INVALID_NAME', self.fw.config().addService, "", settings) service_name = "test" print ("Adding proper service") self.fw.config().addService (service_name, settings) print ("Checking the saved (permanent) settings") config_service = self.fw.config().getServiceByName(service_name) self.assertIsInstance(config_service, firewall.client.FirewallClientConfigService) service_settings = config_service.getSettings() self.assertIsInstance(service_settings, firewall.client.FirewallClientServiceSettings) print ("Updating settings") service_modules.append("nf_conntrack_sip") service_destinations["ipv6"] = "3ffe:501:ffff::" service_settings.setModules(service_modules) service_settings.setDestinations(service_destinations) config_service.update(service_settings) self.assertEquals(service_settings.getVersion(), service_version) self.assertEquals(service_settings.getShort(), service_short) self.assertEquals(service_settings.getDescription(), service_description) self.assertEquals(service_settings.getPorts().sort(), service_ports.sort()) self.assertEquals(service_settings.getModules().sort(), service_modules.sort()) self.assertDictEqual(service_settings.getDestinations(), service_destinations) print ("Renaming service to name that already exists") config_service = self.fw.config().getServiceByName(service_name) self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', config_service.rename, "mdns") new_service_name = "renamed" print ("Renaming service '%s' to '%s'" % (service_name, new_service_name)) config_service.rename(new_service_name) print ("Checking whether the service '%s' is accessible (it shouldn't be)" % service_name) self.assertRaisesRegexp(Exception, 'INVALID_SERVICE', self.fw.config().getServiceByName, service_name) print ("Checking whether the service '%s' is accessible" % new_service_name) config_service = self.fw.config().getServiceByName(new_service_name) service_settings = config_service.getSettings() self.assertEquals(service_settings.getVersion(), service_version) self.assertEquals(service_settings.getShort(), service_short) self.assertEquals(service_settings.getDescription(), service_description) self.assertEquals(service_settings.getPorts().sort(), service_ports.sort()) self.assertEquals(service_settings.getModules().sort(), service_modules.sort()) self.assertDictEqual(service_settings.getDestinations(), service_destinations) print ("Removing the service '%s'" % new_service_name) config_service.remove() print ("Checking whether the removed service is accessible (it shouldn't be)") self.assertRaisesRegexp(Exception, 'INVALID_SERVICE', self.fw.config().getServiceByName, new_service_name) # TODO test loadDefaults() ? def test_icmptypes(self): """ /org/fedoraproject/FirewallD1/config listIcmpTypes() getIcmpTypeByName(String name) addIcmpType(String name, Dict of {String, Variant} settings) /org/fedoraproject/FirewallD1/config/icmptype/ getSettings() loadDefaults() update() rename() remove() """ print ("\nGetting invalid icmp-type") self.assertRaisesRegexp(Exception, 'INVALID_ICMPTYPE', self.fw.config().getIcmpTypeByName, "dummyname") icmptype_version = "1.0" icmptype_short = "Testing" icmptype_description = "this is just a testing icmp type" icmptype_destinations = ['ipv4'] settings = FirewallClientIcmpTypeSettings() # ["", "", "", []] settings.setVersion(icmptype_version) settings.setShort(icmptype_short) settings.setDescription(icmptype_description) settings.setDestinations(icmptype_destinations) print ("Adding icmp type with name that already exists") self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', self.fw.config().addIcmpType, "echo-reply", settings) print ("Adding icmp type with empty name") self.assertRaisesRegexp(Exception, 'INVALID_NAME', self.fw.config().addIcmpType, "", settings) icmptype_name = "test" print ("Adding proper icmp type") self.fw.config().addIcmpType (icmptype_name, settings) print ("Checking the saved (permanent) settings") config_icmptype = self.fw.config().getIcmpTypeByName(icmptype_name) self.assertIsInstance(config_icmptype, firewall.client.FirewallClientConfigIcmpType) icmptype_settings = config_icmptype.getSettings() self.assertIsInstance(icmptype_settings, firewall.client.FirewallClientIcmpTypeSettings) print ("Updating settings") icmptype_destinations.append("ipv6") icmptype_settings.setDestinations(icmptype_destinations) config_icmptype.update(icmptype_settings) self.assertEquals(icmptype_settings.getVersion(), icmptype_version) self.assertEquals(icmptype_settings.getShort(), icmptype_short) self.assertEquals(icmptype_settings.getDescription(), icmptype_description) self.assertEquals(icmptype_settings.getDestinations().sort(), icmptype_destinations.sort()) print ("Renaming icmp type to name that already exists") config_icmptype = self.fw.config().getIcmpTypeByName(icmptype_name) self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', config_icmptype.rename, "echo-reply") new_icmptype_name = "renamed" print ("Renaming icmp type '%s' to '%s'" % (icmptype_name, new_icmptype_name)) config_icmptype.rename(new_icmptype_name) print ("Checking whether the icmp type '%s' is accessible (it shouldn't be)" % icmptype_name) self.assertRaisesRegexp(Exception, 'INVALID_ICMPTYPE', self.fw.config().getIcmpTypeByName, icmptype_name) print ("Checking whether the icmp type '%s' is accessible" % new_icmptype_name) config_icmptype = self.fw.config().getIcmpTypeByName(new_icmptype_name) icmptype_settings = config_icmptype.getSettings() self.assertEquals(icmptype_settings.getVersion(), icmptype_version) self.assertEquals(icmptype_settings.getShort(), icmptype_short) self.assertEquals(icmptype_settings.getDescription(), icmptype_description) self.assertEquals(icmptype_settings.getDestinations().sort(), icmptype_destinations.sort()) print ("Removing the icmp type '%s'" % new_icmptype_name) config_icmptype.remove() print ("Checking whether the removed icmp type is accessible (it shouldn't be)") self.assertRaisesRegexp(Exception, 'INVALID_ICMPTYPE', self.fw.config().getIcmpTypeByName, new_icmptype_name) # TODO test loadDefaults() ? if __name__ == '__main__': suite = unittest.TestLoader().loadTestsFromTestCase(TestFirewallDInterfaceConfig) results = unittest.TextTestRunner(verbosity=2).run(suite) sys.exit(0 if results.wasSuccessful() else 1) firewalld-0.8.2/src/tests/python/firewalld_rich.py0000775007115300711530000000627113614563155023500 0ustar00egarveregarver00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2013 Red Hat, Inc. # # Authors: # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import dbus from firewall.client import FirewallClientConfig, FirewallClientZoneSettings bus = dbus.SystemBus() fw_config = FirewallClientConfig(bus) rule = ['rule service name=ftp audit limit value="1/m" accept ', 'rule protocol value=ah accept ', 'rule protocol value=esp accept '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone1", zone.settings) nz.remove() rule = ['rule family=ipv4 source address="192.168.0.0/24" service name=tftp log prefix=tftp level=info limit value=1/m accept'] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone2", zone.settings) nz.remove() rule = ['rule family=ipv4 source not address=192.168.0.0/24 service name=dns log prefix=dns level=info limit value=2/m accept '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone3", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:6:: service name=radius log prefix=dns level=info limit value=3/m reject limit value=20/m '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone4", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:5:: port port=4011 protocol=tcp log prefix="port 4011/tcp" level=info limit value=4/m drop '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone5", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:6:: forward-port port=4011 protocol=tcp to-port=4012 to-addr=1::2:3:4:7 '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone6", zone.settings) nz.remove() rule = ['rule family=ipv4 source address=192.168.0.0/24 icmp-block name=source-quench log level=info prefix=source-quench limit value=4/m '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone7", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:6:: icmp-block name=redirect log prefix=redirect level=info limit value=4/m '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone8", zone.settings) nz.remove() rule = ['rule family=ipv4 source address=192.168.1.0/24 masquerade ', 'rule family=ipv6 masquerade '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone9", zone.settings) nz.remove() firewalld-0.8.2/src/tests/python/firewalld_direct.py0000775007115300711530000001433013620317435024013 0ustar00egarveregarver00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import dbus import sys import unittest from firewall import config from firewall.dbus_utils import dbus_to_python class TestFirewallDInterfaceDirect(unittest.TestCase): def setUp(self): unittest.TestCase.setUp(self) bus = dbus.SystemBus() dbus_obj = bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH) dbus_obj_config = bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw = dbus.Interface(dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE) self.fw_direct = dbus.Interface( dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_DIRECT) self.config_properties = dbus.Interface(dbus_obj_config, dbus_interface='org.freedesktop.DBus.Properties') self.config_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG, "FlushAllOnReload", "no") self.fw.reload() # always have "direct_foo1" available self.fw_direct.addChain("ipv4", "filter", "direct_foo1") def tearDown(self): unittest.TestCase.tearDown(self) self.fw_direct.removeChain("ipv4", "filter", "direct_foo1") def test_add_removeChain(self): self.fw_direct.addChain("ipv4", "filter", "direct_foo2") # Re-adding self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_direct.addChain, "ipv4", "filter", "direct_foo2") ret = self.fw_direct.getChains("ipv4", "filter") self.assertTrue(len(ret)==2) # "direct_foo1" and "direct_foo2" #pprint (dbus_to_python(ret)) ret = self.fw_direct.queryChain("ipv4", "filter", "direct_foo2") self.assertTrue(dbus_to_python(ret)) self.fw_direct.removeChain("ipv4", "filter", "direct_foo2") # Re-removing self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_direct.removeChain, "ipv4", "filter", "direct_foo2") ret = self.fw_direct.getChains("ipv4", "filter") self.assertTrue(len(ret)==1) # "direct_foo1" ret = self.fw_direct.queryChain("ipv4", "filter", "direct_foo2") self.assertFalse(dbus_to_python(ret)) def test_add_removeRule(self): self.fw_direct.addRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "332", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "333", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "tcp", "-p", "tcp", "--dport", "331", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", -10, [ "-m", "tcp", "-p", "tcp", "--dport", "330", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) # Re-adding self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_direct.addRule, "ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) ret = self.fw_direct.queryRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) self.assertTrue(dbus_to_python(ret)) ret = self.fw_direct.getRules("ipv4", "filter", "direct_foo1") self.assertTrue(len(ret) == 6) #pprint (dbus_to_python(ret)) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", -10, [ "-m", "tcp", "-p", "tcp", "--dport", "330", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "tcp", "-p", "tcp", "--dport", "331", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "332", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "333", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) # Re-removing self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_direct.removeRule, "ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) ret = self.fw_direct.queryRule("ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) self.assertFalse(dbus_to_python(ret)) ret = self.fw_direct.getRules("ipv4", "filter", "direct_foo1") self.assertTrue(ret == []) def test_passthrough(self): self.fw_direct.passthrough("ipv4", [ "-t", "filter", "-N", "foobar" ]) #fw_direct.passthrough("ipv4", [ "-t", "filter", "-L" ]) def test_reload(self): self.fw.reload() if __name__ == '__main__': suite = unittest.TestLoader().loadTestsFromTestCase(TestFirewallDInterfaceDirect) results = unittest.TextTestRunner(verbosity=2).run(suite) sys.exit(0 if results.wasSuccessful() else 1) firewalld-0.8.2/src/tests/python/python.at0000664007115300711530000000124713626005156022005 0ustar00egarveregarver00000000000000AT_BANNER([python (FIREWALL_BACKEND)]) FWD_START_TEST([firewalld_test.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON ${srcdir}/python/firewalld_test.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) FWD_START_TEST([firewalld_config.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON ${srcdir}/python/firewalld_config.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) FWD_START_TEST([firewalld_rich.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON ${srcdir}/python/firewalld_rich.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) FWD_START_TEST([firewalld_direct.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON ${srcdir}/python/firewalld_direct.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) firewalld-0.8.2/src/tests/python/firewalld_test.py0000775007115300711530000003253513620317435023527 0ustar00egarveregarver00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2010-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import dbus import sys import time import unittest from firewall.config.dbus import DBUS_PATH, DBUS_PATH_CONFIG, DBUS_INTERFACE, \ DBUS_INTERFACE_ZONE, DBUS_INTERFACE_CONFIG from firewall.dbus_utils import dbus_to_python from pprint import pprint class TestFirewallD(unittest.TestCase): """ For testing of temporary changes, ie. those that disappear with restart: adding/removing interfaces to zones, setting/changing of default zone adding/removing of services, ports, forward ports, icmp blocks """ def setUp(self): unittest.TestCase.setUp(self) bus = dbus.SystemBus() dbus_obj = bus.get_object(DBUS_INTERFACE, DBUS_PATH) dbus_obj_config = bus.get_object(DBUS_INTERFACE, DBUS_PATH_CONFIG) self.fw = dbus.Interface(dbus_obj, dbus_interface=DBUS_INTERFACE) self.fw_zone = dbus.Interface(dbus_obj, dbus_interface=DBUS_INTERFACE_ZONE) self.config_properties = dbus.Interface(dbus_obj_config, dbus_interface='org.freedesktop.DBus.Properties') self.config_properties.Set(DBUS_INTERFACE_CONFIG, "FlushAllOnReload", "no") self.fw.reload() def test_get_setDefaultZone(self): old_zone = dbus_to_python(self.fw.getDefaultZone()) print ("\nCurrent default zone is '%s'" % old_zone) self.fw_zone.addInterface("", "foo") self.fw_zone.addInterface(old_zone, "bar") print ("Setting default zone to 'external'") self.fw.setDefaultZone("external") # make sure the default zone was properly set self.assertEqual(self.fw.getDefaultZone(), "external") # check that *only* foo interface was moved to new default zone self.assertTrue(self.fw_zone.queryInterface("external", "foo")) self.assertTrue(self.fw_zone.queryInterface(old_zone, "bar")) print ("Re-setting default zone back to '%s'" % old_zone) self.fw.setDefaultZone(old_zone) self.fw_zone.removeInterface("", "foo") self.fw_zone.removeInterface("", "bar") def test_zone_getActiveZones(self): interface = "baz" zone = "home" print ("\nAdding interface '%s' to '%s' zone" % (interface, zone)) self.fw_zone.addInterface(zone, interface) print ("Getting active zones: ") ret = self.fw_zone.getActiveZones() self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) self.fw_zone.removeInterface(zone, interface) #cleanup def test_zone_getZones(self): z = self.fw_zone.getZones() print ("\nZones:") pprint(dbus_to_python(z)) def test_zone_add_remove_queryInterface(self): interface = "foo" zone = "trusted" print ("\nAdding interface '%s' to '%s' zone" % (interface, zone)) ret = self.fw_zone.addInterface(zone, interface) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryInterface(zone, interface)) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ZONE_ALREADY_SET', self.fw_zone.addInterface, zone, interface) zone = "block" print ("Re-adding interface '%s' to '%s' zone" % (interface, zone)) self.assertRaisesRegexp(Exception, 'ZONE_CONFLICT', self.fw_zone.addInterface, zone, interface) print ("Removing interface '%s' from '%s' zone" % (interface, zone)) self.assertRaisesRegexp(Exception, 'ZONE_CONFLICT', self.fw_zone.removeInterface, zone, interface) zone = "trusted" print ("Removing interface '%s' from '%s' zone" % (interface, zone)) ret = self.fw_zone.removeInterface(zone, interface) self.assertEqual(ret, zone) self.assertFalse(self.fw_zone.queryInterface(zone, interface)) print ("Re-removing") self.assertRaises(Exception, self.fw_zone.removeInterface, zone, interface) print ("Add again and remove interface '%s' from zone it belongs to" % interface) self.fw_zone.addInterface(zone, interface) self.assertTrue(self.fw_zone.queryInterface(zone, interface)) ret = self.fw_zone.removeInterface("", interface) self.assertEqual(ret, zone) self.assertFalse(self.fw_zone.queryInterface(zone, interface)) print ("Re-removing") self.assertRaises(Exception, self.fw_zone.removeInterface, "", interface) def test_zone_change_queryZone(self): interface = "foo" zone = "internal" print ("\nChanging zone of interface '%s' to '%s'" % (interface, zone)) ret = self.fw_zone.changeZone(zone, interface) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryInterface(zone, interface)) print ("Get zone of interface '%s': " % (interface)) ret = self.fw_zone.getZoneOfInterface(interface) self.assertEqual(ret, zone) print (dbus_to_python(ret)) self.fw_zone.removeInterface(zone, interface) #cleanup def test_zone_add_get_query_removeService(self): service = "samba" zone = "external" print ("\nAdding service '%s' to '%s' zone" % (service, zone)) ret = self.fw_zone.addService(zone, service, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addService, zone, service, 0) print ("Get services of zone '%s'" % (zone)) ret = self.fw_zone.getServices(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing service '%s' from '%s' zone" % (service, zone)) ret = self.fw_zone.removeService(zone, service) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeService, zone, service) zone = "dmz" timeout = 2 print ("Adding timed service '%s' to '%s' zone, active for %d seconds" % (service, zone, timeout)) ret = self.fw_zone.addService(zone, service, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryService(zone, service)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryService(zone, service)) def test_zone_add_get_query_removePort(self): port = "443" protocol="tcp" zone = "public" print ("\nAdding port '%s/%s' to '%s' zone" % (port, protocol, zone)) ret = self.fw_zone.addPort(zone, port, protocol, 0) self.assertEqual(ret, zone) print ("Re-adding port") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addPort, zone, port, protocol, 0) print ("Get ports of zone '%s': " % (zone)) ret = self.fw_zone.getPorts(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing port '%s/%s' from '%s' zone" % (port, protocol, zone)) ret = self.fw_zone.removePort(zone, port, protocol) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removePort, zone, port, protocol) port = "443-445" protocol="udp" zone = "dmz" timeout = 2 print ("Adding timed port '%s/%s' to '%s' zone, active for %d seconds" % (port, protocol, zone, timeout)) ret = self.fw_zone.addPort(zone, port, protocol, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryPort(zone, port, protocol)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryPort(zone, port, protocol)) def test_zone_add_query_removeMasquerade(self): zone = "public" print ("\nAdd masquerade to '%s' zone" % (zone)) ret = self.fw_zone.addMasquerade(zone, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addMasquerade, zone, 0) print ("Checking if masquerade is added to zone '%s'" % (zone)) self.assertTrue(self.fw_zone.queryMasquerade(zone)) print ("Remove masquerade from '%s' zone" % (zone)) ret = self.fw_zone.removeMasquerade(zone) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeMasquerade, zone) zone = "dmz" timeout = 2 print ("Add timed masquerade to '%s' zone, active for %d seconds" % (zone, timeout)) ret = self.fw_zone.addMasquerade(zone, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryMasquerade(zone)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryMasquerade(zone)) def test_zone_add_get_query_removeForwardPort(self): port = "443" protocol="tcp" toport = "441" toaddr = "192.168.0.2" zone = "public" print ("\nAdding forward port '%s/%s' to '%s:%s' to '%s' zone" % (port, protocol, toaddr, toport, zone)) ret = self.fw_zone.addForwardPort(zone, port, protocol, toport, toaddr, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addForwardPort, zone, port, protocol, toport, toaddr, 0) print ("Get forward ports of zone '%s': " % (zone)) ret = self.fw_zone.getForwardPorts(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing forward port '%s/%s' to '%s:%s' from '%s' zone" % (port, protocol, toaddr, toport, zone)) ret = self.fw_zone.removeForwardPort(zone, port, protocol, toport, toaddr) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeForwardPort, zone, port, protocol, toport, toaddr) port = "443-445" protocol="udp" toport = "" toaddr = "192.168.0.3" zone = "dmz" timeout = 2 print ("Adding timed forward port '%s/%s' to '%s:%s' to '%s' zone, active for %d seconds" % (port, protocol, toaddr, toport, zone, timeout)) ret = self.fw_zone.addForwardPort(zone, port, protocol, toport, toaddr, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryForwardPort(zone, port, protocol, toport, toaddr)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryForwardPort(zone, port, protocol, toport, toaddr)) def test_zone_add_get_query_removeIcmpBlock(self): icmp = "parameter-problem" zone = "external" print ("\nAdding icmp block '%s' to '%s' zone" % (icmp, zone)) ret = self.fw_zone.addIcmpBlock(zone, icmp, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addIcmpBlock, zone, icmp, 0) print ("Get icmp blocks of zone '%s': " % (zone)) ret = self.fw_zone.getIcmpBlocks(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing icmp block '%s' from '%s' zone" % (icmp, zone)) ret = self.fw_zone.removeIcmpBlock(zone, icmp) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeIcmpBlock, zone, icmp) icmp = "redirect" zone = "dmz" timeout = 2 print ("Adding timed icmp block '%s' to '%s' zone, active for %d seconds: " % (icmp, zone, timeout)) ret = self.fw_zone.addIcmpBlock(zone, icmp, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryIcmpBlock(zone, icmp)) time.sleep(timeout+1) print ("Checking if timeout has been working: ") self.assertFalse(self.fw_zone.queryIcmpBlock(zone, icmp)) def test_reload(self): interface = "foo" zone = "work" self.fw_zone.addInterface(zone, interface) self.fw.reload() print ("\nChecking if interface remains in zone after service reload: ") self.assertTrue(self.fw_zone.queryInterface(zone, interface)) self.fw_zone.removeInterface(zone, interface) #cleanup if __name__ == '__main__': suite = unittest.TestLoader().loadTestsFromTestCase(TestFirewallD) results = unittest.TextTestRunner(verbosity=2).run(suite) sys.exit(0 if results.wasSuccessful() else 1) firewalld-0.8.2/firewalld.spec0000664007115300711530000022256613641112411017510 0ustar00egarveregarver00000000000000%if (0%{?fedora} >= 13 || 0%{?rhel} > 7) %global with_python3 1 %if (0%{?fedora} >= 23 || 0%{?rhel} >= 8) %global use_python3 1 %endif %endif Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 0.8.2 Release: 1%{?dist} URL: http://firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildArch: noarch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils BuildRequires: gettext BuildRequires: intltool # glib2-devel is needed for gsettings.m4 BuildRequires: glib2, glib2-devel BuildRequires: systemd-units BuildRequires: docbook-style-xsl BuildRequires: libxslt BuildRequires: python2-devel BuildRequires: iptables, ebtables, ipset %if 0%{?with_python3} BuildRequires: python3-devel %endif #0%{?with_python3} Requires: iptables, ebtables, ipset Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Requires: firewalld-filesystem = %{version}-%{release} %if 0%{?use_python3} Requires: python3-firewall = %{version}-%{release} %else #0%{?use_python3} Requires: python-firewall = %{version}-%{release} %endif #0%{?use_python3} %description firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. %package -n python-firewall Summary: Python2 bindings for firewalld Provides: python2-firewall Obsoletes: python2-firewall Requires: dbus-python Requires: python-slip-dbus Requires: python-decorator Requires: pygobject3-base Requires: python-nftables %description -n python-firewall Python2 bindings for firewalld. %if 0%{?with_python3} %package -n python3-firewall Summary: Python3 bindings for firewalld Requires: python3-dbus Requires: python3-slip-dbus Requires: python3-decorator Requires: python3-nftables %if (0%{?fedora} >= 23 || 0%{?rhel} >= 8) Requires: python3-gobject-base %else Requires: python3-gobject %endif %description -n python3-firewall Python3 bindings for firewalld. %endif #0%{?with_python3} %package -n firewalld-filesystem Summary: Firewalld directory layout and rpm macros %description -n firewalld-filesystem This package provides directories and rpm macros which are required by other packages that add firewalld configuration files. %package -n firewall-applet Summary: Firewall panel applet Requires: %{name} = %{version}-%{release} Requires: firewall-config = %{version}-%{release} Requires: hicolor-icon-theme %if 0%{?use_python3} Requires: python3-qt5 Requires: python3-gobject %else Requires: python-qt5 Requires: pygobject3-base %endif Requires: libnotify Requires: NetworkManager-libnm Requires: dbus-x11 %description -n firewall-applet The firewall panel applet provides a status information of firewalld and also the firewall settings. %package -n firewall-config Summary: Firewall configuration application Requires: %{name} = %{version}-%{release} Requires: hicolor-icon-theme Requires: gtk3 %if 0%{?use_python3} Requires: python3-gobject %else Requires: pygobject3-base %endif Requires: NetworkManager-libnm Requires: dbus-x11 %description -n firewall-config The firewall configuration application provides an configuration interface for firewalld. %prep %autosetup ./autogen.sh %if 0%{?with_python3} rm -rf %{py3dir} cp -a . %{py3dir} %endif #0%{?with_python3} %build %configure --enable-sysconfig --enable-rpmmacros %if 0%{?use_python3} make -C src %{?_smp_mflags} %else make %{?_smp_mflags} %endif %if 0%{?with_python3} pushd %{py3dir} %configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3} %if 0%{?use_python3} make %{?_smp_mflags} %else make -C src %{?_smp_mflags} %endif popd %endif #0%{?with_python3} %install %if 0%{?use_python3} make -C src install-nobase_dist_pythonDATA PYTHON=%{__python2} DESTDIR=%{buildroot} %else make install PYTHON=%{__python2} DESTDIR=%{buildroot} %endif #0%{?use_python3} %if 0%{?with_python3} pushd %{py3dir} %if 0%{?use_python3} make install PYTHON=%{__python3} DESTDIR=%{buildroot} %else make -C src install-nobase_dist_pythonDATA PYTHON=%{__python3} DESTDIR=%{buildroot} %endif #0%{?use_python3} popd %endif #0%{?with_python3} desktop-file-install --delete-original \ --dir %{buildroot}%{_sysconfdir}/xdg/autostart \ %{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop desktop-file-install --delete-original \ --dir %{buildroot}%{_datadir}/applications \ %{buildroot}%{_datadir}/applications/firewall-config.desktop %find_lang %{name} --all-name %post %systemd_post firewalld.service %preun %systemd_preun firewalld.service %postun %systemd_postun_with_restart firewalld.service %post -n firewall-applet /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : %postun -n firewall-applet if [ $1 -eq 0 ] ; then /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : fi %posttrans -n firewall-applet /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %post -n firewall-config /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : %postun -n firewall-config if [ $1 -eq 0 ] ; then /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : fi %posttrans -n firewall-config /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %files -f %{name}.lang %doc COPYING README %{_sbindir}/firewalld %{_bindir}/firewall-cmd %{_bindir}/firewall-offline-cmd %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/firewall-cmd %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_firewalld %{_prefix}/lib/firewalld/icmptypes/*.xml %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/services/*.xml %{_prefix}/lib/firewalld/zones/*.xml %{_prefix}/lib/firewalld/helpers/*.xml %attr(0750,root,root) %dir %{_sysconfdir}/firewalld %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones %defattr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/firewalld #%attr(0755,root,root) %{_initrddir}/firewalld %{_unitdir}/firewalld.service %config(noreplace) %{_datadir}/dbus-1/system.d/FirewallD.conf %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy %{_mandir}/man1/firewall*cmd*.1* %{_mandir}/man1/firewalld*.1* %{_mandir}/man5/firewall*.5* %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf %{_sysconfdir}/logrotate.d/firewalld %files -n python-firewall %attr(0755,root,root) %dir %{python2_sitelib}/firewall %attr(0755,root,root) %dir %{python2_sitelib}/firewall/config %attr(0755,root,root) %dir %{python2_sitelib}/firewall/core %attr(0755,root,root) %dir %{python2_sitelib}/firewall/core/io %attr(0755,root,root) %dir %{python2_sitelib}/firewall/server %{python2_sitelib}/firewall/*.py* %{python2_sitelib}/firewall/config/*.py* %{python2_sitelib}/firewall/core/*.py* %{python2_sitelib}/firewall/core/io/*.py* %{python2_sitelib}/firewall/server/*.py* %if 0%{?with_python3} %files -n python3-firewall %attr(0755,root,root) %dir %{python3_sitelib}/firewall %attr(0755,root,root) %dir %{python3_sitelib}/firewall/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/config %attr(0755,root,root) %dir %{python3_sitelib}/firewall/config/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/server %attr(0755,root,root) %dir %{python3_sitelib}/firewall/server/__pycache__ %{python3_sitelib}/firewall/__pycache__/*.py* %{python3_sitelib}/firewall/*.py* %{python3_sitelib}/firewall/config/*.py* %{python3_sitelib}/firewall/config/__pycache__/*.py* %{python3_sitelib}/firewall/core/*.py* %{python3_sitelib}/firewall/core/__pycache__/*.py* %{python3_sitelib}/firewall/core/io/*.py* %{python3_sitelib}/firewall/core/io/__pycache__/*.py* %{python3_sitelib}/firewall/server/*.py* %{python3_sitelib}/firewall/server/__pycache__/*.py* %endif #0%{?with_python3} %files -n firewalld-filesystem %dir %{_prefix}/lib/firewalld %dir %{_prefix}/lib/firewalld/helpers %dir %{_prefix}/lib/firewalld/icmptypes %dir %{_prefix}/lib/firewalld/ipsets %dir %{_prefix}/lib/firewalld/services %dir %{_prefix}/lib/firewalld/zones %{_rpmconfigdir}/macros.d/macros.firewalld %files -n firewall-applet %attr(0755,root,root) %dir %{_sysconfdir}/firewall %{_bindir}/firewall-applet %defattr(0644,root,root) %{_sysconfdir}/xdg/autostart/firewall-applet.desktop %{_sysconfdir}/firewall/applet.conf %{_datadir}/icons/hicolor/*/apps/firewall-applet*.* %{_mandir}/man1/firewall-applet*.1* %files -n firewall-config %{_bindir}/firewall-config %defattr(0644,root,root) %{_datadir}/firewalld/firewall-config.glade %{_datadir}/firewalld/gtk3_chooserbutton.py* %{_datadir}/firewalld/gtk3_niceexpander.py* %{_datadir}/applications/firewall-config.desktop %{_datadir}/metainfo/firewall-config.appdata.xml %{_datadir}/icons/hicolor/*/apps/firewall-config*.* %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml %{_mandir}/man1/firewall-config*.1* %changelog * Wed Apr 01 2020 Eric Garver - 0.8.2-1 - bump package to v0.8.2 * Tue Jan 07 2020 Eric Garver - 0.8.1-1 - bump package to v0.8.1 * Tue Nov 05 2019 Eric Garver - 0.8.0-1 - bump package to v0.8.0 * Fri Apr 20 2018 Eric Garver - 0.6.0-1 - bump package to v0.6.0 * Thu Jan 25 2018 Eric Garver - 0.5.0-1 - rebase package to v0.5.0 * Tue Jun 6 2017 Thomas Woerner - 0.4.4.5-1 - Fix build from spec without fedorahosted.org archives - firewalld.spec: Add missing autotools dependencies - firewall-offline-cmd: Fix --remove-service-from-zone option RHBZ#1438127 - Merge pull request 213 from hwoarang/add-missing-autotools - Support sctp and dccp in ports, source-ports, forward-ports, helpers and rich rules - firewall-cmd: Fix --{set,get}-{short,description} for zone - firewall.core.ipXtables: Use new wait option for restore commands if available - Merge pull request 212 from leongold/ovirt-imageio-service - config/Makefile.am: Install new ovirt-imageio service - README: Use firewalld.org/documentation as documentation link - Fix misspelled word in documentation - Merge pull request 216 from tobiasvl/fix-protocol-spelling - Man pages: Mention sctp and dccp protocols for remaining ports, .. - Adding ovirt-vmconsole service file - Adding oVirt storage-console service. - Adding ctdb service file. - Merge pull request 219 from leongold/ctdb-service - Fixing incorrect port number - Merge pull request 217 from leongold/ovirt-vmconsole - Merge pull request 218 from leongold/ovirt-storageconsole - config/Makefile.am: New services ctdb, ovirt-storageconsole and ovirt-vmconsole - Adding service file for nrpe. - Merge pull request 220 from leongold/nrpe-service - config/Makefile.am: New services nrpe - Rename extension for policy choices (server and desktop) to .policy.choice (RHBZ#1449754) - D-Bus interfaces: Fix GetAll for interfaces without properties (RHBZ#1452017) - firewall.core.fw_config: Fix wrong variable use in repr output - firewall.core.fw_icmptype: Add missing import for copy - firewall.core.fw_test: Fix wrong format string in repr - firewall.core.io.zone: Fix __getattr__ use on super(Zone) - firewall.functions: New function get_nf_nat_helpers - firewall.core.fw: Get NAT helpers and store them internally. - firewall.core.fw_zone: Load NAT helpers with conntrack helpers - firewalld.dbus: Add missing properties nf_conntrach_helper_setting and nf_conntrack_helpers - firewall.server.firewalld: New property for NAT helpers supported by the kernel - Translation updates * Mon Mar 27 2017 Thomas Woerner - 0.4.4.4-1 - Drop references to fedorahosted.org from spec file and Makefile.am - Fix inconsistent ordering of rules in INPUT_ZONE_SOURCE (issue#166) - Fix ipset overloading from /etc/firewalld/ipsets - Fix permanent rich rules using icmp-type elements (RHBZ#1434594) - firewall-config: Deactivate edit, remove, .. buttons if there are no items - Check if ICMP types are supported by kernel before trying to use them - firewall-config: Show invalid ipset type in the ipset configuration dialog in a special label * Thu Feb 9 2017 Thomas Woerner - 0.4.4.3-1 - New service freeipa-trust (RHBZ#1411650) - Complete icmp types for IPv4 and IPv6 - New h323 helper container - Support helper container: h323 - firewall.server.decorators: ALREADY_ errors should be logged as warnings - firewall.command: ALREADY_SET should also result in zero exit code - tests/firewall-offline-cmd_test.sh: Only use firewall-offline-cmd - Support more ipset types: hash:ip,port, hash:ip,port,ip, hash:ip,port,net, hash:ip,mark, hash:net,net, hash:net,port, hash:net,port,net, hash:net,iface - New checks for ipset entry validation - Use ipset dimension for match - firewall.core.base: New ZONE_SOURCE_IPSET_TYPES list - New firewall.core.icmp providing names and types for icmp and icmpv6 values - firewall.core.fw_ipset: New methods to get ipset dimension and applied state - firewall.errors: New error NOT_APPLIED - firewall-cmd man page: Add missing --get-ipset-types - firewall.core.fw_nm: No trace back on failed get_connection call (RHBZ#1413345) - firewall.core.prog: Fix addition of the error output in runProg - Speed up ipset handling, (re)loading and import from file - Support --family option for --new-ipset - Handle FirewallError for query sequences in command line tools - Fail to alter entries of ipsets with timeout - Extended tests for ipset options - Return empty list for ipsets using timeouts - firewall.functions: Fix checks in checkIPnMask and checkIP6nMask (issue#186) - firewalld.conf man page: New section about AutomaticHelpers - firewall-offline-cmd man page: Added -v and -q options, fixed section ids - firewall{-cmd, ctl}: Fix scope of final return in try_set_zone_of_interface - firewall.core.fw_zone: Limit masquerading forward rule to new connections - firewall-config: Update active zones on reloaded signal - firewall-applet: Update active zones and tooltip on reloaded signal - firewall.core.fw_zone: Fix missing chain for helper in rich rules using service (RHBZ#1416578) - Support icmp-type usage in rich rules (RHBZ#1409544) - firewall[-offline]-cmd: Fix --{set,get}-{short,description} for ipset and helper (RHBZ#1416325) - firewall.core.ipset: Solve ipset creation issues with -exist and more flag tests - Speed up start and restart for ipsets with lots of entries (RHBZ#1416817) - Speed up of ipset alteration by adding and removing entries using a file (RHBZ#1416817) - Code cleanup and minor bug fixes - firewall.core.prog: Fix addition of the error output in runProg - New services mssql, kibana, elasticsearch, quassel, bitcoin-rpc, bitcoin-testnet-rpc, bitcoin-testnet, bitcoin and spideroak-lansync - Translation updates * Thu Dec 1 2016 Thomas Woerner - 0.4.4.2-1 - firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem - firewall.core.fw_nm: create NMClient lazily - Do not use hard-coded path for modinfo, use autofoo to detect it - firewall.core.io.ifcfg: Dropped invalid option warning with bad format string - firewall.core.io.ifcfg: Properly handle quoted ifcfg values - firewall.core.fw_zone: Do not reset ZONE with ifdown - Updated translations from zanata - firewall-config: Extra grid at bottom to visualize firewalld settings * Wed Nov 9 2016 Thomas Woerner - 0.4.4.1-1 - firewall-config: Use proper source check in sourceDialog (fixes issue#162) - firewallctl: New support for helpers - Translation updates * Fri Oct 28 2016 Thomas Woerner - 0.4.4-1 - Fix dist-check - src/Makefile.am: Install new helper files - config/Makefile.am: Install helpers - Merged translations - Updated translations from zanata - firewalld.spec: Adapt requires for PyQt5 - firewall-applet: Fix fromUTF8 for python2 PyQt5 usage - firewall-applet: Use PyQt5 - firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers D-Bus property - shell-completion/bash/firewall-cmd: Updates for helpers and also some fixes - src/tests/firewall-[offline-]cmd_test.sh: New helper tests, adapted module tests for services - doc/xml/seealso.xml: Add firewalld.helper(5) man page - doc/xml/seealso.xml: Add firewalld.ipset(5) man page - Fixed typo in firewalld.ipset(5) man page - Updated firewalld.dbus(5) man page - New firewalld.helper(5) man page - doc/xml/firewall-offline-cmd.xml: Updated firewall-offline-cmd man page - doc/xml/firewall-cmd.xml: Updated firewall-cmd man page - firewall-offline-cmd: New support for helpers - firewall-cmd: New support for helpers - firewall.command: New check_helper_family, check_module and print_helper_info methods - firewall.core.fw_test: Add helpers also to offline backend - firewall.server.config: New AutomaticHelpers property (rw) - firewall.server.config: Fix an dict size changed error for firewall.conf file changes - firewall.server.config: Make LogDenied property readwrite to be consistent - Some renames of nf_conntrack_helper* functions and structures, helpers is a dict - firewall.core.fw: Properly check helper setting in set_automatic_helpers - firewall.errors: Add missing BUILTIN_HELPER error code - No extra interface for helpers needed in runtime, dropped DBUS_INTERFACE_HELPER - firewall.server.firewalld: Drop unused queryHelper D-Bus method - New helpers Q.931 and RAS from nf_conntrack_h323 - firewall.core.io.helper: Allow dots in helper names, remove underscore - firewall.core.io.firewalld_conf: Fixed typo in FALLBACK_AUTOMATIC_HELPERS - firewall-[offline-]cmd: Use sys.excepthook to force exception_handler usage always - firewall.core.fw_config: new_X methods should also check builtins - firewall.client: Set helper family to "" if None - firewall.client: Add missing module string to FirewallClientHelperSettings.settings - config/firewalld.conf: Add possible values description for AutomaticHelpers - helpers/amanda.xml: Fix typo in helper module - firewall-config: Added support for helper module setting - firewall.client: Added support for helper module setting - firewall.server.config_helper: Added support for helper module setting - firewall.core.io.service, firewall.server.config_service: Only replace underscore by dash if module start with nf_conntrack_ - firewall.core.fw_zone: Use helper module instead of a generated name from helper name - helpers: Added kernel module - firewall.core.io.helper: Add module to helper - firewall-cmd: Removed duplicate --get-ipset-types from help output - firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table - firewall.core.ipXtables: Add PREROUTING default rules for zones in raw table - firewall-config: New support to handle helpers, new dialogs, new helper tab, .. - config/org.fedoraproject.FirewallConfig.gschema.xml.in: New show-helpers setting - firewall.client: New helper management for runtime and permanent configuration - firewall.server.firewalld: New runtime helper management, new nf_conntrack_helper property - firewall.server.config_service: Fix module name handling (no nf_conntrack_ prefix needed) - firewall.server.config: New permanent D-Bus helper management - New firewall.server.config_helper to provide the permanent D-Bus interface for helpers - firewall.core.fw_zone: Use helpers fw.nf_conntrack_helper for services using helpers - firewall.core.fw: New helper management, new _automatic_helpers and nf_conntrack_helper settings - firewall.core.fw_config: Add support for permanent helper handling - firewall.core.io.service: The module does not need to start with nf_conntrack_ anymore - firewall.functions: New functions to get and set nf_conntrack_helper kernel setting - firewall.core.io.firewalld_conf: New support for AutomaticHelpers setting - firewall.config.dbus: New D-Bus definitions for helpers, new DBUS_INTERFACE_REVISION 12 - New firewall.core.fw_helper providing FirewallHelper backend - New firewall.core.helper with HELPER_MAXNAMELEN definition - config/firewalld.conf: New AutomaticHelpers setting with description - firewall.config.__init__.py.in: New helpers variables - firewalld.spec: Add new helpers directory - config/Makefile.am: Install new helpers - New helper configuration files for amanda, ftp, irc, netbios-ns, pptp, sane, sip, snmp and tftp - firewall.core.io.helper: New IO handler for netfilter helpers - firewall.errors: New INVALID_HELPER error code - firewall.core.io.ifcfg: Use .bak for save files - firewall-config: Set internal log_denied setting after changing - firewall.server.config: Copy props before removing items - doc/xml/firewalld.ipset: Replaced icmptype name remains with ipset - firewall.core.fw_zone: Fix LOG rule placement for LogDenied - firewall.command: Use "source-ports" in print_zone_info - firewall.core.logger: Use syslog.openlog() and syslog.closelog() - firewall-[offline-]cmd man pages: Document --path-{zone,icmptype,ipset,service} - firewall-cmd: Enable --path-{zone,icmptype,service} options again - firewall.core.{ipXtables,ebtables}: Copy rule before extracting items in set_rules - firewall.core.fw: Do not abort transaction on failed ipv6_rpfilter rules - config/Makefile.am: Added cfengine, condor-collector and smtp-submission services - Makefile.am: New dist-check used in the archive target - src/Makefile.am: Reordered nobase_dist_python_DATA to be sorted - config/Makefile.am: New CONFIG_FILES variable to contain the config files - Merge pull request #150 from hspaans/master - Merge pull request #146 from canvon/bugfix/spelling - Merge pull request #145 from jcpunk/condor - Command line tools man pages: New section about sequence options and exit codes - Creating service file for SMTP-Submission. - Creating service file for CFEngine. - Fix typo in documentation: iptables mangle table - Only use sort on lists of main items, but not for item properties - firewall.core.io.io_object: import_config should not change ordering of lists - firewall.core.fw_transaction: Load helper modules in FirewallZoneTransaction - firewall.command: Fail with NOT_AUTHORIZED if authorization fails (RHBZ#1368549) - firewall.command: Fix sequence exit code with at least one succeeded item - Add condor collector service - firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones - firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED sequences * Tue Aug 16 2016 Thomas Woerner - 0.4.3.3-1 - Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIG_INFO - Update AppData configuration file. - tests/firewalld_rich.py: Use new import structure and FirewallClient classes - tests/firewalld_direct.py: Use new import structure - tests: firewalld_direct: Fix assert to check for True instead of False - tests: firewalld_config: Fix expected value when querying the zone target - tests: firewalld_config: Use real nf_conntrack modules - firewalld.spec: Added comment about make call for %build - firewall-config: Use also width_request and height_request with default size - Updated firewall-config screenshot - firewall-cmd: Fixed typo in help output (RHBZ#1367171) - test-suite: Ignore stderr to get default zone also for missing firewalld.conf - firewall.core.logger: Warnings should be printed to stderr per default - firewall.core.fw_nm: Ignore NetworkManager if NM.Client connect fails - firewall-cmd, firewallctl: Gracefully fail if SystemBus can not be aquired - firewall.client: Generate new DBUS_ERROR if SystemBus can not be aquired - test-suite: Do not fail on ALREADY_ENABLED --add-destination tests - firewall.command: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings - doc/xml/firewalld.dbus.xml: Removed undefined reference - doc/xml/transform-html.xsl.in: Fixed references in the document - doc/xml/firewalld.{dbus,zone}.xml: Embed programlisting in para - doc/xml/transform-html.xsl.in: Enhanced html formatting closer to the man page - firewall: core: fw_nm: Instantiate the NM client only once - firewall/core/io/*.py: Do not traceback on a general sax parsing issue - firewall-offline-cmd: Fix --{add,remove}-entries-from-file - firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file - firewall.core.prog: Do not output stderr, but return it in the error case - firewall.core.io.ifcfg.py: Fix ifcfg file reader and writer (RHBZ#1362171) - config/firewall.service.in: use KillMode=mixed - config/firewalld.service.in: use network-pre.target - firewall-config: Add missing gettext.textdomain call to fix translations - Add UDP to transmission-client.xml service - tests/firewall-[offline-]cmd_test.sh: Hide errors and warnings - firewall.client: Fix ALREADY_ENABLED errors in icmptype destination calls - firewall.client: Fix NOT_ENABLED errors in icmptype destination calls - firewall.client: Use {ALREADY,NOT}_ENABLED errors in icmptype destination calls - firewall.command: Add the removed FirewallError handling to the action (a17ce50) - firewall.command: Do not use query methods for sequences and also single options - Add missing information about MAC and ipset sources to man pages and help output - firewalld.spec: Add BuildRequires for libxslt to enable rebuild of man pages - firewall[-offline]-cmd, firewallctl, firewall.command: Use sys.{stdout,stderr} - firewallctl: Fix traceback if not connected to firewalld - firewall-config: Initialize value in on_richRuleDialogElementChooser_clicked - firewall.command: Convert errors to string for Python3 - firewall.command: Get proper firewall error code from D-BusExceptions - firewall-cmd: Fixed traceback without args - Add missing service files to Makefile.am - shell-completion: Add shell completion support for --{get,set}--{description,short} * Mon Jul 4 2016 Thomas Woerner - 0.4.3.2-1 - Fix regression with unavailable optional commands - All missing backend messages should be warnings - Individual calls for missing restore commands - Only one authenticate call for add and remove options and also sequences - New service RH-Satellite-6 * Tue Jun 28 2016 Thomas Woerner - 0.4.3.1-1 - firewall.command: Fix python3 DBusException message not interable error - src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing - firewallctl: Do not trace back on list command without further arguments - firewallctl (man1): Added remaining sections zone, service, .. - firewallctl: Added runtime-to-permanent, interface and source parser, IndividualCalls setting - firewall.server.config: Allow to set IndividualCalls property in config interface - Fix missing icmp rules for some zones - runProg: Fix issue with running programs - firewall-offline-cmd: Fix issues with missing system-config-firewall - firewall.core.ipXtables: Split up source and dest addresses for transaction - firewall.server.config: Log error in case of loading malformed files in watcher - Install and package the firewallctl man page * Wed Jun 22 2016 Thomas Woerner - 0.4.3-1 - New firewallctl utility (RHBZ#1147959) - doc.xml.seealso: Show firewalld.dbus in See Also sections - firewall.core.fw_config: Create backup on zone, service, ipset and icmptype removal (RHBZ#1339251) - {zone,service,ipset,icmptype}_writer: Do not fail on failed backup - firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd - firewall-cmd: Dropped duplicate setType call in --new-ipset - radius service: Support also tcp ports (RBZ#1219717) - xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset sources - config.xmlschema.service.xsd: Fix service destination conflicts (RHBZ#1296573) - firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg - firewall.command: Only print summary and description in print_X_info with verbose - firewall.command: print_msg should be able to print empty lines - firewall-config: No processing of runtime passthroughs signals in permanent - Landspace.io fixes and pylint calm downs - firewall.core.io.zone: Add zone_reader and zone_writer to __all__, pylint fixes - firewall-config: Fixed titles of command and context dialogs, also entry lenths - firewall-config: pylint calm downs - firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit - firewall-config: Use self.active_zoens in conf_zone_added_cb - firewall.command: New parse_port, extended parse methods with more checks - firewall.command: Fixed parse_port to use the separator in the split call - firewall.command: New [de]activate_exception_handler, raise error in parse_X - services ha: Allow corosync-qnetd port - firewall-applet: Support for kde5-nm-connection-editor - tests/firewall-offline-cmd_test.sh: New tests for service and icmptype modifications - firewall-offline-cmd: Use FirewallCommand for simplification and sequence options - tests/firewall-cmd_test.sh: New tests for service and icmptype modifications - firewall-cmd: Fixed set, remove and query destination options for services - firewall.core.io.service: Source ports have not been checked in _check_config - firewall.core.fw_zone: Method check_source_port is not used, removed - firewall.core.base: Added default to ZONE_TARGETS - firewall.client: Allow to remove ipv:address pair for service destinations - tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent - firewall-cmd: Landscape.io fixes, pylint calm downs - firewall-cmd: Use FirewallCommand for simplification and sequence options - firewall.command: New FirewallCommand for command line client simplification - New services: kshell, rsh, ganglia-master, ganglia-client - firewalld: Cleanup of unused imports, do not translate some deamon messages - firewalld: With fd close interation in runProg, it is not needed here anymore - firewall.core.prog: Add fd close iteration to runProg - firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface function - firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib - firewall-config: New add/remove ipset entries from file, remove all entries - firewall-applet: Fix tooltip after applet start with connection to firewalld - firewall-config: Select new zone, service or icmptype if the view was empty - firewalld.spec: Added build requires for iptables, ebtables and ipset - Adding nf_conntrack_sip module to the service SIP - firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist - Drop unneeded python shebangs - Translation updates * Mon May 30 2016 Thomas Woerner - 0.4.2-1 - New module to search for and change ifcfg files for interfaces not under control of NM - firewall_config: Enhanced messages in status bar - firewall-config: New message window as overlay if not connected - firewall-config: Fix sentivity of option, view menus and main paned if not connected - firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls, some cleanup - firewall-[offline]cmd: Show target in zone information - D-Bus: Completed masquerade methods in FirewallClientZoneSettings - Fixed log-denied rules for icmp-blocks - Keep sorting of interfaces, services, icmp-blocks and other settings in zones - Fixed runtime-to-permanent not to save interfaces under control of NM - New icmp-block-inversion flag in the zones - ICMP type filtering in the zones - New services: sip, sips, managesieve - rich rules: Allow destination action (RHBZ#1163428) - firewall-offline-cmd: New option -q/--quiet - firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file - firewall-[offline-]cmd: Fix option for setting the destination address - firewall-config: Fixed resizing behaviour - New transaction model for speed ups in start, restart, stop and other actions - firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults - Fixed memory leak in dbus_introspection_add_properties - Landscape.io fixes, pylint calm downs - New D-Bus getXnames methods to speed up firewall-config and firewall-cmd - ebtables-restore: No support for COMMIT command - Source port support in services, zones and rich rules - firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets - firewall-config: New active bindings side bar for simple binding changes - Reworked NetworkManager module - Proper default zone handling for NM connections - Try to set zone binding with NM if interface is under control of NM - Code cleanup and bug fixes - Include test suite in the release and install in /usr/share/firewalld/tests - New Travis-CI configuration file - Fixed more broken frensh translations - Translation updates * Wed Apr 20 2016 Thomas Woerner - 0.4.1.2-1 - Install fw_nm module - firewalld: Do not fail if log file could not be opened - Make ipsets visible per default in firewall-config - Fixed translations with python3 * Tue Apr 19 2016 Thomas Woerner - 0.4.1.1-1 - Fixed broken frensh translation * Tue Apr 19 2016 Thomas Woerner - 0.4.1-1 - Enhancements of ipset handling - No cleanup of ipsets using timeouts while reloading - Only destroy conflicting ipsets - Only use ipset types supported by the system - Add and remove several ipset entries in one call using a file - Reduce time frame where builtin chains are on policy DROP while reloading - Include descriptions in --info-X calls - Command line interface support to get and alter descriptions of zones, services, ipsets and icmptypes with permanent option - Properly watch changes in combined zones - Fix logging in rich rule forward rules - Transformed direct.passthrough errors into warnings - Rework of import structures - Reduced calls to get ids for port and protocol names (RHBZ#1305434) - Build and installation fixes by Markos Chandras - Provide D-Bus properties in introspection data - Fix for flaws found by landscape.io - Fix for repeated SUGHUP - New NetworkManager module to get and set zones of connections, used in firewall-applet and firewall-config - configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset) - Code cleanups - Bug fixes * Fri Jan 29 2016 Thomas Woerner - 0.4.0-1 - Several new services - Lots of bug fixes - Speed up: Using -restore commands - Optimizations - ipset support - MAC address support - Enhancements - Rich language - documentation - firewall-config - firewall-applet - Command line tools - Log of denied packets * Tue Jun 16 2015 Thomas Woerner - 0.3.14.2-0 - fixed requirements for -applet and -config - adapted firewall-applet man page to new version - firewall-applet, firewall-config: Only honour active connections - firewall-applet: Change QSettings path and file names - Updated translations, marked translations for "Connections" as fuzzy * Fri Jun 12 2015 Thomas Woerner - 0.3.14.1-0 - spec file adaptions from Fedora - dropped gtk applet remain: org.fedoraproject.FirewallApplet.gschema.xml * Fri Jun 12 2015 Thomas Woerner - 0.3.14-1 - firewalld: - print real zone names in error messages - iptables 1.4.21 does not accept limits of 1/day, minimum is 2/day now - rate limit fix for rich rules - fix readdition of removed permanent direct settings - adaption of the polkit domains to use PK_ACTION_DIRECT_INFO - fixed two minor Python3 issues in firewall.core.io.direct - fixed use of fallback configuration values - fixed use without firewalld.conf - firewalld main restructureization - IPv6_rpfilter now also available as a property on D-Bus in the config interface - fixed wait option use for ipXtables - added --concurrent support for ebtables - richLanguage: allow masquerading with destination - richLanguage: limit masquerading forward rule to new connections - ipXtables: No dns lookups in available_tables and _detect_wait_option - full ebtables support: start, stop, reload, panic mode, direct chains and rules - fix for reload with direct rules - fix or flaws found by landscape.io - pid file handling fixes in case of pid file removal - fix for client issue in case of a dbus NoReply error - configuration - new services: dropbox-lansync, ptp - new icmptypes: timestamp-request, timestamp-reply - man pages: - firewalld.zones(5): fixed typos - firewalld.conf(5): Fixed wrong reference to firewalld.lockdown-whitelist page - firewall-applet: - new version using Qt4 fixing several issues with the Gtk version - spec file: - enabled Python3 support: new backends python-firewall and python3-firewall - some cleanup - git: - migrated to github - translations: - migrated to zanata - build environment: - no need for autoconf-2.69, 2.68 is sufficient * Wed Jan 28 2015 Thomas Woerner - 0.3.14-0 - enable python2 and python3 bindings for fedora >= 20 and rhel >= 7 - use python3 bindings on fedora >= 22 and rhel >= 8 for firewalld, firewall-config and firewall-applet * Thu Dec 04 2014 Jiri Popelka - 0.3.13-1 - firewalld: - ipXtables: use -w or -w2 if supported (RHBZ#1161745, RHBZ#1151067) - DROP INVALID packets (RHBZ#1169837) - don't use ipv6header for protocol matching. (RHBZ#1065565) - removeAllPassthroughs(): remove passthroughs in reverse order (RHBZ#1167100) - fix config.service.removeDestination() (RHBZ#1164584) - firewall-config: - portProtoDialog: other protocol excludes port number/range - better fix for updating zoneStore also in update_active_zones() - fix typo in menu - configuration: - new services: tinc, vdsm, mosh, iscsi-target, rsyncd - ship and install XML Schema files. (#8) - man pages: - firewalld.dbus, firewalld.direct, firewalld, firewall-cmd - spec file: - filesystem subpackage - make dirs&files in /usr/lib/ world-readable (RHBZ#915988) * Tue Oct 14 2014 Jiri Popelka - 0.3.12-1 - firewalld: - new runtimeToPermanent and tracked passsthrough support - make permanent D-Bus interfaces more fine grained like the runtime versions (RHBZ#1127706) - richLanguage: allow using destination with forward-port - Rich_Rule.check(): action can't be used with icmp-block/forward-port/masquerade - fixed Python specific D-Bus exception (RHBZ#1132441) - firewall-cmd: - new --runtime-to-permanent to create permanent from runtime configuration - use new D-Bus methods for permanent changes - show target REJECT instead of %%REJECT%% (RHBZ#1058794) - --direct: make fail messages consistent (RHBZ#1141835) - firewall-config: - richRuleDialog - OK button tooltip indicates problem - use new D-Bus methods for permanent changes - show target REJECT instead of %%REJECT%% (RHBZ#1058794) - update "Change Zones of Connections" menu on default zone change (RHBZ#11120212) - fixed rename of zones, services and icmptypes to not create new entry (RBHZ#1131064) - configuration: - new service for Squid HTTP proxy server - new service for Kerberos admin server - new services for syslog and syslog-tls - new services for SNMP and SNMP traps - add Keywords to .desktop to improve software searchability - docs: - updated translations - firewalld.richlanguage: improvements suggested by Rufe Glick - firewalld.dbus: various improvements - firewalld.zone: better description of Limit tag - mention new homepage everywhere * Mon Aug 25 2014 Jiri Popelka - 0.3.11-2 - add few Requires to spec (RHBZ#1133167) * Wed Aug 20 2014 Jiri Popelka - 0.3.11-1 - firewalld: - improve error messages - check built-in chains in direct chain handling functions (RHBZ#1120619) - dbus_to_python() check whether input is of expected type (RHBZ#1122018) - handle negative timeout values (RHBZ#1124476) - warn when Command/Uid/Use/Context already in lockdown whitelist (RHBZ#1126405) - make --lockdown-{on,off} work again (RHBZ#1111573) - firewall-cmd: - --timeout now accepts time units (RHBZ#994044) - firewall-config: - show active (not default) zones in bold (RHBZ#993655) - configuration: - remove ipp-client service from all zones (RHBZ#1105639). - fallbacks for missing values in firewalld.conf - create missing dirs under /etc if needed - add -Es to python command in lockdown-whitelist.xml (RHBZ#1099065) - docs: - 'direct' methods concern only chains/rules added via 'direct' (RHBZ#1120619) - --remove-[interface/source] don't need a zone to be specified (RHBZ#1125851) - various fixes in firewalld.zone(5), firewalld.dbus(5), firewalld.direct(5) - others: - rpm macros for easier packaging of e.g. services * Wed May 28 2014 Jiri Popelka - 0.3.10-1 - new services: freeipa-*, puppermaster, amanda-k5, synergy, xmpp-*, tor, privoxy, sane - do not use at_console in D-Bus policies (RHBZ#1094745) - apply all rich rules for non-default targets - AppData file (RHBZ#1094754) - separate Polkit actions for desktop & server (RHBZ#1091068) - sanitize missing ip6t_rpfilter (RHBZ#1074427) - firewall/core/io/*: few improvements (RHBZ#1065738) - no load failed error for absent direct.xml file - new DBUS_INTERFACE.getZoneSettings to get all run-time zone settings - fixed creation and deletion of zones, services and icmptypes over D-Bus signals - FirewallClientZoneSettings: Set proper default target - if Python2 then encode strings from sax parser (RHBZ#1059104, RHBZ#1058853) - firewall-cmd: - don't colour output of query commands (RHBZ#1097841) - use "default" instead of {chain}_{zone} (RHBZ#1075675) - New --get-target and --set-target - Create and remove permanent zones, services and icmptypes - firewall-config: - Adding services and icmptypes resulted in duplicates in UI - Use left button menu of -applet in Option menu - firewall-offline-cmd: same functionality as 'firewall-cmd --permanent' - firewall-applet: ZoneConnectionEditor was missing the Default Zone entry - bash-completion: getting zones/services/icmps is different with/without --permanent - firewalld.zone(5): removed superfluous slash (RHBZ#1091575) - updated translations * Wed Feb 05 2014 Jiri Popelka - 0.3.9.3-1 - Fixed persistent port forwarding (RHBZ#1056154) - Stop default zone rules being applied to all zones (RHBZ#1057875) - Enforce trust, block and drop zones in the filter table only (RHBZ#1055190) - Allow RAs prior to applying IPv6_rpfilter (RHBZ#1058505) - Fix writing of rule.audit in zone_writer() * Fri Jan 17 2014 Jiri Popelka - 0.3.9.2-1 - fix regression introduced in 0.3.9 (RHBZ#1053932) * Thu Jan 16 2014 Jiri Popelka - 0.3.9.1-1 - fix regressions introduced in 0.3.9 (RHBZ#1054068, RHBZ#1054120) * Mon Jan 13 2014 Jiri Popelka - 0.3.9-1 - translation updates - New IPv6_rpfilter setting to enable source address validation (RHBZ#847707) - Do not mix original and customized zones in case of target changes, apply only used zones - firewall-cmd: fix --*_lockdown_whitelist_uid to work with uid 0 - Don't show main window maximized. (RHBZ#1046811) - Use rmmod instead of 'modprobe -r' (RHBZ#1031102) - Deprecate 'enabled' attribute of 'masquerade' element - firewall-config: new zone was added twice to the list - firewalld.dbus(5) - Enable python shebang fix again - firewall/client: handle_exceptions: Use loop in decorator - firewall-offline-cmd: Do not mask firewalld service with disabled option - firewall-config: richRuleDialogActionRejectType Entry -> ComboBox - Rich_Rule: fix parsing of reject element (RHBZ#1027373) - Show combined zones in permanent configuration (RHBZ#1002016) - firewall-cmd(1): document exit code 2 and colored output (RHBZ#1028507) - firewall-config: fix RHBZ#1028853 * Tue Nov 05 2013 Jiri Popelka - 0.3.8-1 - fix memory leaks - New option --debug-gc - Python3 compatibility - Better non-ascii support - several firewall-config & firewall-applet fixes - New --remove-rules commands for firewall-cmd and removeRules methods for D-Bus - Fixed FirewallDirect.get_rules to return proper list - Fixed LastUpdatedOrderedDict.keys() - Enable rich rule usage in trusted zone (RHBZ#994144) - New error codes: INVALID_CONTEXT, INVALID_COMMAND, INVALID_USER and INVALID_UID * Thu Oct 17 2013 Jiri Popelka - 0.3.7-1 - Don't fail on missing ip[6]tables/ebtables table. (RHBZ#967376) - bash-completion: --permanent --direct options - firewall/core/fw.py: fix checking for iptables & ip6tables (RHBZ#1017087) - firewall-cmd: use client's exception_handler instead of catching exceptions ourselves - FirewallClientZoneSettings: fix {add|remove|query}RichRule() - Extend amanda-client service with 10080/tcp (RHBZ#1016867) - Simplify Rich_Rule()_lexer() by using functions.splitArgs() - Fix encoding problems in exception handling (RHBZ#1015941) * Fri Oct 04 2013 Jiri Popelka - 0.3.6.2-1 - firewall-offline-cmd: --forward-port 'toaddr' is optional (RHBZ#1014958) - firewall-cmd: fix variable name (RHBZ#1015011) * Thu Oct 03 2013 Jiri Popelka - 0.3.6.1-1 - remove superfluous po files from archive * Wed Oct 02 2013 Jiri Popelka - 0.3.6-1 - firewalld.richlanguage.xml: correct log levels (RHBZ#993740) - firewall-config: Make sure that all zone settings are updated properly on firewalld restart - Rich_Limit: Allow long representation for duration (RHBZ#994103 - firewall-config: Show "Changes applied." after changes (RHBZ#993643) - Use own connection dialog to change zones for NM connections - Rename service cluster-suite to high-availability (RHBZ#885257) - Permanent direct support for firewall-config and firewall-cmd - Try to avoid file descriptor leaking (RHBZ#951900) - New functions to split and join args properly (honoring quotes) - firewall-cmd(1): 2 simple examples - Better IPv6 NAT checking. - Ship firewalld.direct(5). * Mon Sep 30 2013 Jiri Popelka - 0.3.5-1 - Only use one PK action for configuration (RHBZ#994729) - firewall-cmd: indicate non-zero exit code with red color - rich-rule: enable to have log without prefix & log_level & limit - log-level warn/err -> warning/error (RHBZ#1009436) - Use policy DROP while reloading, do not reset policy in restart twice - Add _direct chains to all table and chain combinations - documentation improvements - New firewalld.direct(5) man page docbook source - tests/firewall-cmd_test.sh: make rich language tests work - Rich_Rule._import_from_string(): improve error messages (RHBZ#994150) - direct.passthrough wasn't always matching out_signature (RHBZ#967800) - firewall-config: twist ICMP Type IP address family logic. - firewall-config: port-forwarding/masquerading dialog (RHBZ#993658) - firewall-offline-cmd: New --remove-service= option (BZ#969106) - firewall-config: Options->Lockdown was not changing permanent. - firewall-config: edit line on doubleclick (RHBZ#993572) - firewall-config: System Default Zone -> Default Zone (RHBZ#993811) - New direct D-Bus interface, persistent direct rule handling, enabled passthough - src/firewall-cmd: Fixed help output to use more visual parameters - src/firewall-cmd: New usage output, no redirection to man page anymore - src/firewall/core/rich.py: Fixed forwad port destinations - src/firewall-offline-cmd: Early enable/disable handling now with mask/unmask - doc/xml/firewalld.zone.xml: Added more information about masquerade use - Prefix to log message is optional (RHBZ#998079) - firewall-cmd: fix --permanent --change-interface (RHBZ#997974) - Sort zones/interfaces/service/icmptypes on output. - wbem-https service (RHBZ#996668) - applet&config: add support for KDE NetworkManager connection editor - firewall/core/fw_config.py: New method update_lockdown_whitelist - Added missing file watcher for lockdown whitelist in config D-Bus interface - firewall/core/watcher: New add_watch_file for lockdown-whitelist and direct - Make use of IPv6 NAT conditional, based on kernel number (RHBZ#967376) * Tue Jul 30 2013 Thomas Woerner 0.3.4-1 - several rich rule check enhancements and fixes - firewall-cmd: direct options - check ipv4|ipv6|eb (RHBZ#970505) - firewall-cmd(1): improve description of direct options (RHBZ#970509) - several firewall-applet enhancements and fixes - New README - several doc and man page fixes - Service definitions for PCP daemons (RHBZ#972262) - bash-completion: add lockdown and rich language options - firewall-cmd: add --permanent --list-all[-zones] - firewall-cmd: new -q/--quiet option - firewall-cmd: warn when default zone not active (RHBZ#971843) - firewall-cmd: check priority in --add-rule (RHBZ#914955) - add dhcpv6 (for server) service (RHBZ#917866) - firewall-cmd: add --permanent --get-zone-of-interface/source --change-interface/source - firewall-cmd: print result (yes/no) of all --query-* commands - move permanent-getZoneOf{Interface|Source} from firewall-cmd to server - Check Interfaces/sources when updating permanent zone settings. - FirewallDConfig: getZoneOfInterface/Source can actually return more zones - Fixed toaddr check in forward port to only allow single address, no range - firewall-cmd: various output improvements - fw_zone: use check_single_address from firewall.functions - getZoneOfInterface/Source does not need to throw exception - firewall.functions: Use socket.inet_pton in checkIP, fixed checkIP*nMask - firewall.core.io.service: Properly check port/proto and destination address - Install applet desktop file into /etc/xdg/autostart - Fixed option problem with rich rule destinations (RHBZ#979804) - Better exception creation in dbus_handle_exceptions() decorator (RHBZ#979790) - Updated firewall-offline-cmd - Use priority in add, remove, query and list of direct rules (RHBZ#979509) - New documentation (man pages are created from docbook sources) - firewall/core/io/direct.py: use prirority for rule methods, new get_all_ methods - direct: pass priority also to client.py and firewall-cmd - applet: New blink and blink-count settings - firewall.functions: New function ppid_of_pid - applet: Check for gnome3 and fix it, use new settings, new size-changed cb - firewall-offline-cmd: Fix use of systemctl in chroot - firewall-config: use string.ascii_letters instead of string.letters - dbus_to_python(): handle non-ascii chars in dbus.String. - Modernize old syntax constructions. - dict.keys() in Python 3 returns a "view" instead of list - Use gettext.install() to install _() in builtins namespace. - Allow non-ascii chars in 'short' and 'description' - README: More information for "Working With The Source Repository" - Build environment fixes - firewalld.spec: Added missing checks for rhel > 6 for pygobject3-base - firewall-applet: New setting show-inactive - Don't stop on reload when lockdown already enabled (RHBZ#987403) - firewall-cmd: --lockdown-on/off did not touch firewalld.conf - FirewallApplet.gschema.xml: Dropped unused sender-info setting - doc/firewall-applet.xml: Added information about gsettings - several debug and log message fixes - Add chain for sources so they can be checked before interfaces (RHBZ#903222) - Add dhcp and proxy-dhcp services (RHBZ#986947) - io/Zone(): don't error on deprecated family attr of source elem - Limit length of zone file name (to 12 chars) due to Netfilter internals. - It was not possible to overload a zone with defined source(s). - DEFAULT_ZONE_TARGET: {chain}_ZONE_{zone} -> {chain}_{zone} - New runtime getSettings for services and icmptypes, fixed policies callbacks - functions: New functions checkUser, checkUid and checkCommand - src/firewall/client: Fixed lockdown-whitelist-updated signal handling - firewall-cmd(1): move firewalld.richlanguage(5) reference in --*-rich-rule - Rich rule service: Only add modules for accept action - firewall/core/rich: Several fixes and enhanced checks - Fixed reload of direct rules - firewall/client: New functions to set and get the exception handler - firewall-config: New and enhanced UI to handle lockdown and rich rules - zone's immutable attribute is redundant - Do not allow to set settings in config for immutable zones. - Ignore deprecated 'immutable' attribute in zone files. - Eviscerate 'immutable' completely. - FirewallDirect.query_rule(): fix it - permanent direct: activate firewall.core.io.direct:Direct reader - core/io/*: simplify getting of character data - FirewallDirect.set_config(): allow reloading * Thu Jun 20 2013 Jiri Popelka - Remove migrating to a systemd unit file from a SysV initscript - Remove pointless "ExclusiveOS" tag * Fri Jun 7 2013 Thomas Woerner 0.3.3-2 - Fixed rich rule check for use in D-Bus * Thu Jun 6 2013 Thomas Woerner 0.3.3-1 - new service files - relicensed logger.py under GPLv2+ - firewall-config: sometimes we don't want to use client's exception handler - When removing Service/IcmpType remove it from zones too (RHBZ#958401) - firewall-config: work-around masquerade_check_cb() being called more times - Zone(IO): add interfaces/sources to D-Bus signature - Added missing UNKNOWN_SOURCE error code - fw_zone.check_source: Raise INVALID_FAMILY if family is invalid - New changeZoneOfInterface method, marked changeZone as deprecated - Fixed firewall-cmd man page entry for --panic-on - firewall-applet: Fixed possible problems of unescaped strings used for markup - New support to bind zones to source addresses and ranges (D-BUS, cmd, applet - Cleanup of unused variables in FirewallD.start - New firewall/fw_types.py with LastUpdatedOrderedDict - direct.chains, direct.rules: Using LastUpdatedOrderedDict - Support splitted zone files - New reader and writer for stored direct chains and rules - LockdownWhitelist: fix write(), add get_commands/uids/users/contexts() - fix service_writer() and icmptype_writer() to put newline at end of file - firewall-cmd: fix --list-sources - No need to specify whether source address family is IPv4 or IPv6 - add getZoneOfSource() to D-Bus interface - Add tests and bash-completion for the new "source" operations - Convert all input args in D-Bus methods - setDefaultZone() was calling accessCheck() *after* the action - New uniqify() function to remove duplicates from list whilst preserving order - Zone.combine() merge also services and ports - config/applet: silence DBusException during start when FirewallD is not running (RHBZ#966518) - firewall-applet: more fixes to make the address sources family agnostic - Better defaults for lockdown white list - Use auth_admin_keep for allow_any and allow_inactive also - New D-Bus API for lockdown policies - Use IPv4, IPv6 and BRIDGE for FirewallD properties - Use rich rule action as audit type - Prototype of string-only D-Bus interface for rich language - Fixed wrongly merged source family check in firewall/core/io/zone.py - handle_cmr: report errors, cleanup modules in error case only, mark handling - Use audit type from rule action, fixed rule output - Fixed lockdown whitelist D-Bus handling method names - New rich rule handling in runtime D-Bus interface - Added interface, source and rich rule handling (runtime and permanent) - Fixed dbus_obj in FirewallClientConfigPolicies, added queryLockdown - Write changes in setLockdownWhitelist - Fixed typo in policies log message in method calls - firewall-cmd: Added rich rule, lockdown and lockdown whitelist handling - Don't check access in query/getLockdownWhitelist*() - firewall-cmd: Also output masquerade flag in --list-all - firewall-cmd: argparse is able to convert argument to desired type itself - firewall-cmd_test.sh: tests for permanent interfaces/sources and lockdown whitelist - Makefile.am: add missing files - firewall-cmd_test.sh: tests for rich rules - Added lockdown, source, interface and rich rule docs to firewall-cmd - Do not masquerade lo if masquerade is enabled in the default zone (RHBZ#904098) - Use in metavar for firewall-cmd parser * Fri May 10 2013 Jiri Popelka - 0.3.2-2 - removed unintentional en_US.po from tarball * Tue Apr 30 2013 Jiri Popelka - 0.3.2-1 - Fix signal handling for SIGTERM - Additional service files (RHBZ#914859) - Updated po files - s/persistent/permanent/ (Trac Ticket #7) - Better behaviour when running without valid DISPLAY (RHBZ#955414) - client.handle_exceptions(): do not loop forever - Set Zone.defaults in zone_reader (RHBZ#951747) - client: do not pass the dbus exception name to handler - IO_Object_XMLGenerator: make it work with Python 2.7.4 (RHBZ#951741) - firewall-cmd: do not use deprecated BaseException.message - client.py: fix handle_exceptions() (RHBZ#951314) - firewall-config: check zone/service/icmptype name (RHBZ#947820) - Allow 3121/tcp (pacemaker_remote) in cluster-suite service. (RHBZ#885257) - firewall-applet: fix default zone hangling in 'shields-up' (RHBZ#947230) - FirewallError.get_code(): check for unknown error * Wed Apr 17 2013 Jiri Popelka - 0.3.1-2 - Make permanenent changes work with Python 2.7.4 (RHBZ#951741) * Thu Mar 28 2013 Thomas Woerner 0.3.1-1 - Use explicit file lists for make dist - New rich rule validation check code - New global check_port and check_address functions - Allow source white and black listing with the rich rule - Fix error handling in case of unsupported family in rich rule - Enable ip_forwarding in masquerade and forward-port - New functions to read and write simple files using filename and content - Add --enable-sysconfig to install Fedora-specific sysconfig config file. - Add chains for security table (RHBZ#927015) - firewalld.spec: no need to specify --with-systemd-unitdir - firewalld.service: remove syslog.target and dbus.target - firewalld.service: replace hard-coded paths - Move bash-completion to new location. - Revert "Added configure for new build env" - Revert "Added Makefile.in files" - Revert "Added po/Makefile.in.in" - Revert "Added po/LINGUAS" - Revert "Added aclocal.m4" - Amend zone XML Schema * Wed Mar 20 2013 Thomas Woerner 0.3.0-1 - Added rich language support - Added lockdown feature - Allow to bind interfaces and sources to zones permanently - Enabled IPv6 NAT support masquerading and port/packet forwarding for IPv6 only with rich language - Handle polkit errors in client class and firewall-config - Added priority description for --direct --add-rule in firewall-cmd man page - Add XML Schemas for zones/services/icmptypes XMLs - Don't keep file descriptors open when forking - Introduce --nopid option for firewalld - New FORWARD_IN_ZONES and FORWARD_OUT_ZONES chains (RHBZ#912782) - Update cluster-suite service (RHBZ#885257) - firewall-cmd: rename --enable/disable-panic to --panic-on/off (RHBZ#874912) - Fix interaction problem of changed event of gtk combobox with polkit-kde by processing all remaining events (RHBZ#915892) - Stop default zone rules being applied to all zones (RHBZ#912782) - Firewall.start(): don't call set_default_zone() - Add wiki's URL to firewalld(1) and firewall-cmd(1) man pages - firewalld-cmd: make --state verbose (RHBZ#886484) - improve firewalld --help (RHBZ#910492) - firewall-cmd: --add/remove-* can be used multiple times (RHBZ#879834) - Continue loading zone in case of wrong service/port etc. (RHBZ#909466) - Check also services and icmptypes in Zone() (RHBZ#909466) - Increase the maximum length of the port forwarding fields from 5 to 11 in firewall-config - firewall-cmd: add usage to fail message - firewall-cmd: redefine usage to point to man page - firewall-cmd: fix visible problems with arg. parsing - Use argparse module for parsing command line options and arguments - firewall-cmd.1: better clarify where to find ACTIONs - firewall-cmd Bash completion - firewall-cmd.1: comment --zone= usage and move some options - Use zone's target only in %s_ZONES chains - default zone in firewalld.conf was set to public with every restart (#902845) - man page cleanup - code cleanup * Thu Mar 07 2013 Jiri Popelka - 0.2.12-5 - Another fix for RHBZ#912782 * Wed Feb 20 2013 Jiri Popelka - 0.2.12-4 - Stop default zone rules being applied to all zones (RHBZ#912782) * Wed Feb 13 2013 Fedora Release Engineering - 0.2.12-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Jan 22 2013 Jiri Popelka - 0.2.12-2 - Default zone in firewalld.conf was reseted with every restart (RHBZ#902845) - Add icon cache related scriptlets for firewall-config (RHBZ#902680) - Fix typo in firewall-config (RHBZ#895812) - Fix few mistakes in firewall-cmd(1) man page * Mon Jan 14 2013 Thomas Woerner 0.2.12-1 - firewall-cmd: use -V instead of -v for version info (RHBZ#886477) - firewall-cmd: don't check reload()'s return value (RHBZ#886461) - actually install firewalld.zones.5 - firewall-config: treat exceptions when adding new zone/service/icmp (RHBZ#886602) - firewalld.spec: Fixed requirements of firewall-config to use gtk2 and pygobject3 - Fail gracefully when running in non X environment.(RHBZ#886551) - offline-cmd: fail gracefully when no s-c-f config - fix duplicated iptables rules (RHBZ#886515) - detect errors and duplicates in config file (RHBZ#886581) - firewall-config: don't make 'Edit Service' and 'Edit ICMP Type' insensitive - firewalld.spec: fixed requirements, require pygobject3-base - frewall-applet: Unused code cleanup - firewall-applet: several usability fixes and enhancements (RHBZ#886531) (RHBZ#886534) - firewall/server/server.py: fixed KeyboardInterrupt message (RHBZ#886558) - Moved fallback zone and minimal_mark to firewall.config.__init__ - Do not raise ZONE_ALREADY_SET in change_zone if old zone is set again (RHBZ#886432) - Make default zone default for all unset connections/interfaces (RHBZ#888288) (RHBZ#882736) - firewall-config: Use Gtk.MessageType.WARNING for warning dialog - firewall-config: Handle unknown services and icmptypes in persistent mode - firewall-config: Do not load settings more than once - firewall-config: UI cleanup and fixes (RHBZ#888242) - firewall-cmd: created alias --change-zone for --change-interface - firewall-cmd man page updates (RHBZ#806511) - Merged branch 'build-cleanups' - dropped call to autogen.sh in build stage, not needed anymore due to 'build-cleanups' merge * Thu Dec 13 2012 Thomas Woerner 0.2.11-2 - require pygobject3-base instead of pygobject3 (no cairo needed) (RHBZ#874378) - fixed dependencies of firewall-config to use gtk3 with pygobject3-base and not pygtk2 * Tue Dec 11 2012 Thomas Woerner 0.2.11-1 - Fixed more _xmlplus (PyXML) incompatibilities to python xml - Several man page updates - Fixed error in addForwardPort, removeForwardPort and queryForwardPort - firewall-cmd: use already existing queryForwardPort() - Update firewall.cmd man page, use man page as firewall-cmd usage (rhbz#876394) - firewall-config: Do not force to show labels in the main toolbar - firewall-config: Dropped "Change default zone" from toolbar - firewall-config: Added menu entry to change zones of connections - firewall-applet: Zones can be changed now using nm-connection-editor (rhbz#876661) - translation updates: cs, hu, ja * Tue Nov 20 2012 Thomas Woerner 0.2.10-1 - tests/firewalld_config.py: tests for config.service and config.icmptype - FirewallClientConfigServiceSettings(): destinations are dict not list - service/zone/icmptype: do not write deprecated name attribute - New service ntp - firewall-config: Fixed name of about dialog - configure.in: Fixed getting of error codes - Added coding to all pyhton files - Fixed copyright years - Beautified file headers - Force use of pygobject3 in python-slip (RHBZ#874378) - Log: firewall.server.config_icmptype, firewall.server.config_service and firewall.server.config_zone: Prepend full path - Allow ":" in interface names for interface aliases - Add name argument to Updated and Renamed signal - Disable IPv4, IPv6 and EB tables if missing - for IPv4/IPv6 only environments - firewall-config.glade file cleanup - firewall-config: loadDefaults() can throw exception - Use toolbars for Add/Edit/Remove/LoadDefaults buttons for zones, services and icmp types - New vnc-server service, opens ports for displays :0 to :3 (RHBZ#877035) - firewall-cmd: Fix typo in help output, allow default zone usage for permanenent options - Translation updates: cs, fr, ja, pt_BR and zh_CN * Wed Oct 17 2012 Thomas Woerner 0.2.9-1 - firewall-config: some UI usability changes - firewall-cmd: New option --list-all-zones, output of --list-all changed, more option combination checks - firewall-applet: Replaced NMClient by direct DBUS calls to fix python core dumps in case of connection activates/deactivates - Use fallback 'C' locale if current locale isn't supported (RHBZ#860278) - Add interfaces to zones again after reload - firewall-cmd: use FirewallClient().connected value - firewall-cmd: --remove-interface was not working due to a typo - Do not use restorecon for new and backup files - Fixed use of properties REJECT and DROP - firewalld_test.py: check interfaces after reload - Translation updates - Renamed firewall-convert-scfw-config to firewall-offline-cmd, used by anaconda for firewall configuration (e.g. kickstart) - Fix python shebang to use -Es at installation time for bin_SCRIPTS and sbin_SCRIPTS and at all times in gtk3_chooserbutton.py - tests/firewalld_config.py: update test_zones() test case - Config interface: improve renaming of zones/services/icmp_types - Move emiting of Added signals closer to source. - FirewallClient(): config:ServiceAdded signal was wrongly mapped - Add argument 'name' to Removed signal - firewall-config: Add callbacks for config:[service|icmp]-[added|removed] - firewall-config: catch INVALID_X error when removing zone/service/icmp_type - firewall-config: remove unused code - Revert "Neutralize _xmlplus instead of conforming it" - firewall-applet: some UI usability changes - firewall-cmd: ALREADY_ENABLED, NOT_ENABLED, ZONE_ALREADY_SET are warnings * Fri Sep 7 2012 Thomas Woerner 0.2.8-1 - Do not apply old settings to zones after reload - FirewallClient: Added callback structure for firewalld signals - New firewall-config with full zone, service and icmptype support - Added Shields Up/Down configuration dialog to firewall-applet - Name attribute of main tag deprecated for zones, services and icmptypes, will be ignored if present - Fixed wrong references in firewalld man page - Unregister DBus interfaces after sending out the Removed signal - Use proper DBus signature in addIcmpType, addService and addZone - New builtin property for config interfaces - New test case for Config interface - spec: use new systemd-rpm macros (rhbz#850110) - More config file verifications - Lots of smaller fixes and enhancements * Tue Aug 21 2012 Jiri Popelka 0.2.7-2 - use new systemd-rpm macros (rhbz#850110) * Mon Aug 13 2012 Thomas Woerner 0.2.7-1 - Update of firewall-config - Some bug fixes * Tue Aug 7 2012 Thomas Woerner 0.2.6-1 - New D-BUS interface for persistent configuration - Aded support for persistent zone configuration in firewall-cmd - New Shields Up feature in firewall-applet - New requirements for python-decorator and pygobject3 - New firewall-config sub-package - New firewall-convert-scfw-config config script * Fri Apr 20 2012 Thomas Woerner 0.2.5-1 - Fixed traceback in firewall-cmd for failed or canceled authorization, return proper error codes, new error codes NOT_RUNNING and NOT_AUTHORIZED - Enhanced firewalld service file (RHBZ#806868) and (RHBZ#811240) - Fixed duplicates in zone after reload, enabled timed settings after reload - Removed conntrack --ctstate INVALID check from default ruleset, because it results in ICMP problems (RHBZ#806017). - Update interfaces in default zone after reload (rhbz#804814) - New man pages for firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5) and firewalld.zone(5), updated firewall-cmd man page (RHBZ#811257) - Fixed firewall-cmd help output - Fixed missing icon for firewall-applet (RHBZ#808759) - Added root user check for firewalld (RHBZ#767654) - Fixed requirements of firewall-applet sub package (RHBZ#808746) - Update interfaces in default zone after changing of default zone (RHBZ#804814) - Start firewalld before NetworkManager (RHBZ#811240) - Add Type=dbus and BusName to service file (RHBZ#811240) * Fri Mar 16 2012 Thomas Woerner 0.2.4-1 - fixed firewalld.conf save exception if no temporary file can be written to /etc/firewalld/ * Thu Mar 15 2012 Thomas Woerner 0.2.3-1 - firewall-cmd: several changes and fixes - code cleanup - fixed icmp protocol used for ipv6 (rhbz#801182) - added and fixed some comments - properly restore zone settings, timeout is always set, check for 0 - some FirewallError exceptions were actually not raised - do not REJECT in each zone - removeInterface() don't require zone - new tests in firewall-test script - dbus_to_python() was ignoring certain values - added functions for the direct interface: chains, rules, passthrough - fixed inconsistent data after reload - some fixes for the direct interface: priority positions are bound to ipv, table and chain - added support for direct interface in firewall-cmd: - added isImmutable(zone) to zone D-Bus interface - renamed policy file - enhancements for error messages, enables output for direct.passthrough - added allow_any to firewald policies, using at leas auth_admin for policies - replaced ENABLE_FAILED, DISABLE_FAILED, ADD_FAILED and REMOVE_FAILED by COMMAND_FAILED, resorted error codes - new firewalld configuration setting CleanupOnExit - enabled polkit again, found a fix for property problem with slip.dbus.service - added dhcpv6-client to 'public' (the default) and to 'internal' zones. - fixed missing settings form zone config files in "firewall-cmd --list=all --zone=" call - added list functions for services and icmptypes, added --list=services and --list=icmptypes to firewall-cmd * Tue Mar 6 2012 Thomas Woerner 0.2.2-1 - enabled dhcpv6-client service for zones home and work - new dhcpv6-client service - firewall-cmd: query mode returns reversed values - new zone.changeZone(zone, interface) - moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded by files in /etc/firewalld (no overload of immutable zones block, drop, trusted) - reset MinimalMark in firewalld.cnf to default value - fixed service destination (addresses not used) - fix xmlplus to be compatible with the python xml sax parser and python 3 by adding __contains__ to xml.sax.xmlreader.AttributesImpl - use icon and glib related post, postun and posttrans scriptes for firewall - firewall-cmd: fix typo in state - firewall-cmd: fix usage() - firewall-cmd: fix interface action description in usage() - client.py: fix definition of queryInterface() - client.py: fix typo in getInterfaces() - firewalld.service: do not fork - firewall-cmd: fix bug in --list=port and --port action help message - firewall-cmd: fix bug in --list=service * Mon Mar 5 2012 Thomas Woerner - moved zones, services and icmptypes to /usr/lib/firewalld, can be overloaded by files in /etc/firewalld (no overload of immutable zones block, drop, trusted) * Tue Feb 21 2012 Thomas Woerner 0.2.1-1 - added missing firewall.dbus_utils * Tue Feb 7 2012 Thomas Woerner 0.2.0-2 - added glib2-devel to build requires, needed for gsettings.m4 - added --with-system-unitdir arg to fix installaiton of system file - added glib-compile-schemas calls for postun and posttrans - added EXTRA_DIST file lists * Mon Feb 6 2012 Thomas Woerner 0.2.0-1 - version 0.2.0 with new FirewallD1 D-BUS interface - supports zones with a default zone - new direct interface as a replacement of the partial virt interface with additional passthrough functionality - dropped custom rules, use direct interface instead - dropped trusted interface funcionality, use trusted zone instead - using zone, service and icmptype configuration files - not using any system-config-firewall parts anymore * Mon Feb 14 2011 Thomas Woerner 0.1.3-1 - new version 0.1.3 - restore all firewall features for reload: panic and virt rules and chains - string fixes for firewall-cmd man page (by Jiri Popelka) - fixed firewall-cmd port list (by Jiri Popelka) - added firewall dbus client connect check to firewall-cmd (by Jiri Popelka) - translation updates: de, es, gu, it, ja, kn, ml, nl, or, pa, pl, ru, ta, uk, zh_CN * Mon Jan 3 2011 Thomas Woerner 0.1.2-1 - fixed package according to package review (rhbz#665395): - non executable scripts: dropped shebang - using newer GPL license file - made /etc/dbus-1/system.d/FirewallD.conf config(noreplace) - added requires(post) and (pre) for chkconfig * Mon Jan 3 2011 Thomas Woerner 0.1.1-1 - new version 0.1.1 - fixed source path in POTFILES* - added missing firewall_config.py.in - added misssing space for spec_ver line - using firewall_config.VARLOGFILE - added date to logging output - also log fatal and error logs to stderr and firewall_config.VARLOGFILE - make log message for active_firewalld fatal * Mon Dec 20 2010 Thomas Woerner 0.1-1 - initial package (proof of concept implementation) firewalld-0.8.2/autogen.sh0000775007115300711530000000050613620317435016662 0ustar00egarveregarver00000000000000#! /bin/sh srcdir=`dirname $0` test -z "$srcdir" && srcdir=. ORIGDIR=`pwd` cd $srcdir rm -rf $srcdir/autom* rm -f $srcdir/config.* # create po/LINGUAS ls po/*.po | sed -e 's/.po//' | sed -e 's/po\///' > po/LINGUAS intltoolize --force --automake autoreconf --force -v --install --symlink || exit 1 cd $ORIGDIR || exit $? firewalld-0.8.2/po/0000775007115300711530000000000013641123257015276 5ustar00egarveregarver00000000000000firewalld-0.8.2/po/cs.po0000664007115300711530000017001313641112250016234 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Adam Pribyl , 2007-2010 # zdenek , 2013 # zdenek , 2015 # Jan Varta , 2012 # Jiří Popelka , 2013 # Jiří Popelka , 2013 # Jiří Popelka , 2013 # Michal Procházka , 2013 # Milan Kerslager , 2009-2010 # Miloslav Trmač , 2002-2005,2008 # Nikola Štohanzl , 2006 # zdenek , 2013 # zdenek , 2013 # zdenek , 2013 # Josef Hruška , 2016. #zanata # Zdenek , 2016. #zanata # Zdenek , 2017. #zanata # Eric Garver , 2018. #zanata # Robert Chudý , 2018. #zanata # Pavel Borecki , 2019. #zanata, 2020. # Eric Garver , 2020. # Tomáš Doležal , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-01-13 14:38-0500\n" "PO-Revision-Date: 2020-02-02 19:16+0000\n" "Last-Translator: Pavel Borecki \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" "X-Generator: Weblate 3.10.3\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Aplet brány firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Brána firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Nastavení brány firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;síť;zabezpečení;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Vyberte zónu pro rozhraní „%s“" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Výchozí zóna" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Vyberte zónu pro připojení „%s“" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Nepodařilo se nastavit zónu {zone} pro připojení {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Vyberte zónu pro zdroj „%s“" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Nastavit zóny zapnutých/vypnutých štítů" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Zde můžete vybrat zóny použité pro zapnuté štíty a vypnuté štíty." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Tato funkce je užitečná pro ty, kteří využívají převážně výchozí zóny. Pro " "uživatele, kteří mění zóny připojení, může být toto použití omezující." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zóna zapnutých štítů:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Obnovit výchozí nastavení" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zóna vypnutých štítů:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "O %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autoři" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licence" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Zapnout štíty" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Povolit upozornění" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Upravit nastavení brány firewall…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Nastavení zón připojení…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Nastavit zóny zapnutých/vypnutých štítů…" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokovat veškerý síťový provoz" #: ../src/firewall-applet.in:500 msgid "About" msgstr "O aplikaci" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Připojení" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Rozhraní" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Zdroje" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Ověření se nezdařilo." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Neplatný název" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Název už existuje" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zóna: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Výchozí zóna: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nepodařilo se získat spojení z NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "K dispozici nejsou žádné importy NetworkManager" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Není spojení s procesem služby brány firewall" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Veškerý síťový provoz je blokován." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Základní zóna: „%s“" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Výchozí zóna „{default_zone}“ je aktivní pro připojení „{connection}“ na " "rozhraní „{interface}“" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zóna „{zone}“ aktivní pro spojení „{connection}“ přes rozhraní „{interface}“" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zóna „{zone}“ aktivní pro rozhraní „{interface}“" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zóna „{zone}“ aktivní pro zdroj {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Žádné aktivní zóny." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Komunikace s FirewallD aktivní." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Komunikace s FirewallD ztracena." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "Nastavení FirewallD byla znovunačtena ze souboru." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Základní zóna se změnila na „%s“." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Síťový provoz už není blokován." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktivováno" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deaktivováno" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Základní zóna „{default_zone} {activated_deactivated}“ pro připojení " "„{connection}“ na rozhraní „{interface}“" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zóna „{zone}“ {activated_deactivated} pro spojení „{connection}“ na rozhraní " "„{interface}“" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zóna „{zone}“ {activated_deactivated} pro rozhraní „{interface}“" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zóna „%s“ aktivována pro rozhraní „%s“" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zóna „{zone}“ {activated_deactivated} pro zdroj „{source}“" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zóna „%s“ aktivována pro zdroj „%s“" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Spojení s bránou firewalld navázáno." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Pokus o spojení se službou firewalld, čeká se…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Nepodařilo se spojit se službou firewalld. Zkontrolujte, zda byla služba " "správně spuštěna, a zkuste to znovu." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Změny uplatněny." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Využíváno síťovým připojením „%s“" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Výchozí zóna je využívána síťovým připojením „%s“" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "povolen" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "zakázán" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Nahrání ikon se nezdařilo." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Příkazový řádek" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Uživatelské jméno" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Identif. uživatele" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabulka" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Řetězec" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorita" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenty" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Provozovaná" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Trvalá" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Služba" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Cílový port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Cílová adresa" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vazby" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Položka" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp typ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Generace" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Akce" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Prvek" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Zdroj" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cíl" #: ../src/firewall-config.in:834 msgid "log" msgstr "záznam" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Rozhraní" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentář" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Zdroj" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Varování" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Chyba" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "přijmout" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "odmítnout" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "zahodit" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "označit" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "služba" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "IP maškaráda" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "přesměrování-portu" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "port zdroje" #: ../src/firewall-config.in:2097 msgid "level" msgstr "úroveň" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ano" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zóna" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Výchozí zóna: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zóna: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zóna „%s“: Služba „%s“ není dostupná." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Odebrat" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorovat" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zóna „%s“: ICMP typ „%s“ není dostupný." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Vestavěná zóna, přejmenování není možné." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekunda" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuta" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hodina" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "den" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "nouze" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "výstraha" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritický" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "chyba" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "varovaní" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "poznámka" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informace" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ladit" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Přeposílání na jiný systém je užitečné pouze pokud je rozhraní " "maškarádované.\n" "Přejete si zamaškarádovat tuto zónu?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Vestavěná služba, přejmenování není možné." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Zadejte IPv4 adresu podobě adresa[/maska]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Maska může být síťová maska nebo číslo." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Zadejte IPv6 adresu v podobě adresa[/maska]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Maska je číslo." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Zadejte IPv4 nebo IPv6 adresu v podobě adresa[/maska]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maska může být v případě IPv4 síťová maska nebo číslo.\n" "U IPv6 jen číslo." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Vestavěný IPset, přejmenování není podporováno." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Vyberte soubor" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Textové soubory" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Všechny soubory" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Vše" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Vestavěný pomocník, přejmenování nepodporováno." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Vestavěné Icmp, přejmenování není možné." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nepodařilo se načíst soubor „%s“: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Vyberte zónu pro zdroj %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresa" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatičtí pomocníci" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Vyberte hodnotu automatických pomocníků:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Přejděte na příkazový řádek." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Zadejte kontext." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Z níže uvedeného seznamu vyberte výchozí zónu." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Přímý řetězec" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Vyberte IPv a tabulku a zadejte název řetězce." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Řetězec:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "zabezpečení" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabulka:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Pravidlo Přímého Průchodu" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Vyberte IPv a zadejte argumenty." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumenty:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Přesměrování portů" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Zvolte zdrojové a cílové volby podle svých potřeb." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / rozsah portů:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresa:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cíl" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Pokud zapnete lokální přeposílání, je třeba určit port. U toho je třeba, aby " "byl odlišný od zdrojového portu." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Místní přeposílání" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Přeposlat na jiný port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Nastavení základního pomocníka" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Proveďte nastavení základního pomocníka:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Tučně psané je povinné, ostatní je volitelné." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Název:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Verze:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Krátce:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Popis:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Generace:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Pomocník" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Vyberte pomocníka:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Nastavení hlavního typu ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Nastavte hlavní nastavení typu ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Vyberte typ ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Přidat položku" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Přidat položky ze souboru" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Odebrat označenou položku" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Odebrat všechny položky" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Odebrat položky ze souboru" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Soubor" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "M_ožnosti" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Znovu načíst Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Provede znovunačtení pravidel pro bránu firewall ze souboru s nastaveními. " "Těmi bude nahrazeno nastavení, se kterým byla brána doposud provozována " "(běhové). Pokud předtím byly v provozovaném nastavení brány provedeny nějaké " "změny za chodu, ale nebyly uloženy zpět do souboru s nastaveními, budou " "ztraceny." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Změní zónu, do které síťové připojení spadá." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Změnit výchozí zónu" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Změnit výchozí zónu pro připojení nebo rozhraní." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Přístup k záznamu zamítnutí" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Změní hodnotu záznamu zamítnutí." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Nastavit přiřazení automatického pomocníka" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Provést nastavení přiřazení automatického pomocníka." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Režim paniky znamená, že veškeré příchozí a odchozí pakety budou zahozeny." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Režim paniky" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Uzamčení zablokuje změny nastavení brány firewall tak, že ho budou moci " "měnit pouze aplikace, které se nacházejí na seznamu povolených." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Uzamčení" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" "Uložit nastavení, se kterým je nyní provozováno, do souboru s nastaveními " "(stanou se trvalými)" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Provozované do trvalého" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Zobrazit" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPsety" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Typy ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Pomocníci" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Přímé nastavení" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Seznam výjimek z uzamčení" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktivní vazby" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Nápověda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Změnit zónu" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Změnit zónu vazby" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "Skrýt aktivní běžící vazby připojení, rozhraní a zdrojů k zónám" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "Zobrazit aktivní běžící vazby připojení, rozhraní a zdrojů k zónám" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Nastavení:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Nyní viditelné nastavení. Nastavení, se kterým je nyní provozováno, je to " "nyní aktivní. Trvalé nastavení (to v souboru s nastaveními) začne platit po " "znovunačtení služby nebo restartu služby/systému." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld zóna definuje úroveň důvěryhodnosti pro připojení k sítím, " "rozhraním a zdrojovým adresám vázaných na zóny. Zóna kombinuje servisy, " "porty, protokoly, maškarádování, přesměrování portů a paketů, filtrování " "icmp a bohatá pravidla. Zóna může být vázána na rozhraní a zdrojové adresy." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Přidat zónu" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Upravit zónu" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Smazat zónu" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Načíst výchozí nastavení zóny" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Zde lze nadefinovat, které servisy budou v zóně důvěryhodné. Důvěryhodné " "servisy jsou přístupné ze všech počítačů a sítí, které mohou dosáhnout stroj " "z připojení, rozhraní a zdrojů vázaných na tuto zónu." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Služby" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Přidat další porty nebo rozsahy portů, které je nutné ponechat přístupné pro " "všechny počítače a počítačové sítě, které se mohou připojit ke stroji." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Přidat port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Upravit port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Smazat port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porty" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "Přidat protokoly, které musí být přístupné pro všechny storje a sítě." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Přidat protokol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Upravit protokol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Odebrat protokol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoly" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Přidat další zdrojové porty nebo rozsahy portů, které je nutné ponechat " "přístupné pro všechny stroje a sítě, které se mohou připojit ke stroji." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Zdrojové porty" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maškarádování je užitečné, pokud nastavujete počítač nebo směrovač, který " "spojuje vaši lokální síť s internetem. Vaše lokální síť nebude z internetu " "dostupná a všechny vnitřní počítače budou vystupovat jako jedna IP adresa " "jednoho počítače. Maškarádování funguje pouze pro IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Povolit maškarádu v zóně" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Pokud povolíte maškarádu, IP forwarding bude povolen pro vaše IPv4 sítě." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maškarádování" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Přidat záznamy pro přeposílání portů buď z jednoho portu na druhý na " "lokálním systému nebo z lokálního portu do portu na jiném systému. " "Přeposílání na jiný systém je užitečné pouze pokud je rozhraní " "maškarádované. Přeposílání portů funguje pouze na IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Přidat přesměrování portu" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Upravit přesměrování portu" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Odebrat přesměrování portu" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP protokol (Internet Control Message Protocol) je používán především pro " "posílání chybových zpráv mezi počítači v síti, ale také pro informační " "zprávy typ požadavek a odpověď (ping)." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Označte v seznamu typy ICMP zpráv, které mají být odmítnuty. Všechny ostatní " "ICMP typy budou procházet firewallem. Implicitně jsou zprávy vpouštěny bez " "omezení." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Pokud je invertní filtr povolen, jsou označené položky ICMP přijímány a " "ostatní jsou odmítnuty. V zóně s cílem DROP jsou upuštěny." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertní filtr" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filtr" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Zde můžete získat bohatá jazyková pravidla pro zónu." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Přidat bohaté pravidlo" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Upravit bohaté pravidlo" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Odebrat bohaté pravidlo" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Bohatá pravidla" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Přidat položky pro provázání rozhraní do zóny. V případě, že bude rozhraní " "využito spojením, bude zóna nastavena na zónu uvedenou v připojení." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Přidat rozhraní" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Upravit rozhraní" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Odebrat rozhraní" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Přidat položky k provázání zdrojové adresy nebo oblastí k zóně. Provázat lze " "také zdrojovou MAC adresu, ale jen s omezením. Přesměrování portu a " "maskování nebude fungovat pro vázáné zdrojové MAC adresy." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Přidat zdroj" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Upravit zdroj" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Odebrat zdroj" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zóny" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Služba firewalld je kombinací portů, protokolů, modulů a cílových adres." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Přidat službu" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Upravit službu" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Odstranit službu" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Načíst výchozí nastavení služby" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Přidejte další porty nebo rozsahy portů, které mají být přístupné pro " "všechny stroje a sítě." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Upravit položku" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Odstranit položku" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Přidat další zdrojové porty nebo rozsahy portů, které je nutné ponechat " "přístupné pro všechny počítače a počítačové sítě." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Zdrojový port" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Pomocné moduly netfilteru jsou nutné pro některé služby." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduly" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Pokud určíte cílové adresy, vložené služby jsou vztaženy k cílové adrese a " "typu. Pokud nejsou obě položky vyplněné, nejsou uplatňována žádná omezení." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Služby lze změnit jen v trvalém konfiguračním rozhraní. Běžící konfigurace " "servisů je fixní." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet lze využít k vytvoření povolených nebo zakázaných seznamů a je schopen " "uložit například IP adresy, čísla portů nebo MAC adresy." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Přidat IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Upravit IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Odebrat IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Nahrát výchozí IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Položky v IPSetu. Je možné vidět jen ty položky IPSetu, které nepoužívají " "volbu časového limitu a které přidal firewalld. Položky přidané příkazem " "ipset se zde nezobrazí." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Tento IPSet používá volbu časového limitu a díky tomu zde nejsou vidět žádné " "položky. O položky by se mělo postarat přímo pomocí příkazu ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Přidat" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Položky" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSet lze vytvořit nebo odstranit pouze v trvalém konfiguračním rozhraní." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Typ firewalld icmptype poskytuje informace pro Internet Control Message " "Protocol (ICMP)." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Přidat typ ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Upravit typ ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Odstranit typ ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Načíst výchozí typ ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Určit, zda je typ ICMP dostupný pro IPv4 nebo IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Typy ICMP lze změnit pouze v trvalém konfiguračním rozhraní. Běžící " "konfigurace ICMP typů je fixní." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Pomocník sledování spojení napomáhá ve fungování protokolů, které používají " "různé toky pro signalizaci a přenosy dat. Přenosy dat využívají porty, které " "nesouvisí se signalizací spojení, a proto jsou bez pomocníka firewallem " "blokovány." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Určit porty nebo rozsah portů, které jsou sledovány pomocníkem." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Přímé nastavení poskytuje přímější přístup k bráně firewall. Tyto možnosti " "vyžadují, aby uživatel znal základní koncepty iptables, např. tabulky, " "řetězy, příkazy, parametry a cíle. Přímé nastavení by mělo být použito pouze " "jako poslední možnost, kdy už není možné použít jiné funkce firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Argument ipv každé volby musí být IPv4 nebo IPv6 nebo eb. S IPv4 bude pro " "iptables, s IPv6 pro ip6tables a s eb pro ethernetové mosty (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Dodatečné řetězy pro použití s pravidly." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Přidat řetězec" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Editovat řetězec" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Odebrat řetězec" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Řetězce" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Přidat pravidlo s argumenty args k řetězu v tabulce s prioritou." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Priorita se používá k určení pořadí pravidla. Priorita 0 znamená přidání " "pravidla do horní části řetězce, s vyšší prioritou bude pravidlo přiřazováno " "dále dolů. Pravidla se stejnou prioritou budou na stejné úrovni a pořadí " "těchto pravidel není fixní a může se měnit. Pokud se má pravidlo přiřadit za " "jiné, je nutné použít nižší prioritu pro první a vyšší prioritu pro " "následující pravidlo." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Přidat pravidlo" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Upravit pravidlo" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Odebrat pravidlo" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Pravidla" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Pravidla přímého průchodu prochází přímo k firewallu a nejsou umístěna ve " "speciálních řetězcích. Lze použít všechny volby pro iptables, ip6tables a " "ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "S pravidly přímého průchodu buďte opatrní, abyste bránu firewall celou " "neúmyslně nevyřadili." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Přidat přímý průchod" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Upravit přímý průchod" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Odebrat přímý průchod" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Přímý průchod" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funkce uzamčení je odlehčená verze uživatelských a aplikačních politik pro " "firewalld. Omezuje změny na firewallu. Seznam povolených výjimek uzamčení " "může obsahovat příkazy, kontext, uživatele a identif. uživatelů." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontext je kontext zabezpečení (SELinux) spuštěné aplikace nebo služby. Pro " "získání kontextu běžící aplikace je nutné použít ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Přidat kontext" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Upravit kontext" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Odebrat kontext" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexty" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Pokud položka příkazu na seznamu povolených vyjímek končí hvězdičkou '*', " "pak se všechny příkazové řádky začínající příkazem budou shodovat. Pokud tam " "'*' není, musí se absolutní příkaz zahrnující argumenty shodovat." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Přidat příkazový řádek" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Upravit příkazový řádek" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Odebrat příkazový řádek" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Příkazové řádky" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Uživatelská jména." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Přidat uživatelské jméno" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Upravit uživatelské jméno" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Odebrat uživatelské jméno" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Uživatelská jména" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identif. uživatelů." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Přidat identif. uživatele" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Upravit identif. uživatele" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Odebrat identif. uživatele" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identif. uživatelů" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Stávající výchozí zóna systému." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Záznam zamítnutí:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Režim paniky:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatičtí pomocníci:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Uzamčení:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Výchozí zóna:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Zadejte název rozhraní:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Nastavení základního IPSetu" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Nakonfigurujte základní nastavení ipsetu:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Časový limit:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Délka otisku:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Hodnota časového limitu v sekundách" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Počáteční délka otisku, výchozí hodnota 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximální počet prvků, výchozí 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Vyberte IPSet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Zadejte položku ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Záznam zamítnutí" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Vyberte hodnotu záznamu zamítnutí:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Označení" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Zadejte označení s volitelnou maskou." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Kolonky označení a masky jsou obě 32 bitů dlouhá čísla bez znaménka." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Označení:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maska:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Vyberte pomocníka netfilter conntrack:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Vybrat -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Jiný modul:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port a protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Zadejte port a protokol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Přímé pravidlo" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Vyberte ipv a tabulku, prioritu řetězce a zadejte argumenty." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorita:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Zadejte protokol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Další protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Košaté pravidlo" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Zadejte bohaté pravidlo." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Seznam povolených nebo zakázaných výjimek deaktivuje element pro počítač " "nebo síť." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Zdroj:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cíl:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Záznam událostí:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 a IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "obrácený" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "K povolení tohoto musí být Akce nastavena na „odmítnout“ a generace buď " "„IPv4“ nebo „IPv6“ (ne obojí)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "s Typem:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "S Limitem:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Předpona:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Úroveň:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Prvek:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Akce:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Nastavení hlavní služby" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Nastavte základní službu:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Vyberte službu." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Zadejte zdroj." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Identif. uživatele" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Zadejte identif. uživatele." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Zadejte uživatelské jméno." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "štítek" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Nastavení hlavní zóny" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Zadejte nastavení hlavní zóny:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Výchozí cíl" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cíl:" firewalld-0.8.2/po/bn_IN.po0000664007115300711530000021253713641112250016624 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Saibal Ray, 2014 # Jamil Ahmed , 2003 # Runa Bhattacharjee , 2008 # runab , 2004-2010 # Saibal Ray, 2014 # Saibal Ray, 2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:43+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Bengali (India) (http://www.transifex.com/projects/p/" "firewalld/language/bn_IN/)\n" "Language: bn_IN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ফায়ারওয়াল অ্যাপ্লেট" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ফায়ারওয়াল" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ফায়ারওয়াল কনফিগারেশন" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "ইন্টারফেস '%s' এর জন্য অঞ্চল নির্বাচন করুন" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ডিফল্ট অঞ্চল" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' সংযোগের জন্য অঞ্চল নির্বাচন করুন" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "শিল্ড ঊর্ধ্বে/নিম্নে অঞ্চল কনফিগার করুন" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "শিল্ড ঊর্ধ্ব এবং শিল্ড নিম্নের জন্য ব্যবহৃত অঞ্চলগুলি অাপনি এখানে নির্বাচন করতে পারবেন।" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "অধিকাংশ ক্ষেত্রে ডিফল্ট অঞ্চল ব্যবহারকারীদের কাছে এই বৈশিষ্টটি উপযোগী। " "ব্যবহারকারীদের জন্য, যা সংযোগের পরিবর্তনশীল অঞ্চল, ব্যবহার সীমাবদ্ধ হতে পারে।" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "শিল্ড ঊর্ধ্ব অঞ্চল:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "শিল্ড নিম্ন অঞ্চল:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "শিল্ড ঊর্ধ্বে" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "বিজ্ঞপ্তি সক্রিয় করুন" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ফায়ারওয়াল সেটিং সম্পাদন করুন..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "সংযোগের অঞ্চল পরিবর্তন করুন..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "শিল্ড ঊর্ধ্বে/নিম্নে অঞ্চল কনফিগার করুন..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "সকল নেটওয়ার্ক ট্র্যাফিক অবরুদ্ধ করুন" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "সংযোগ" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ইন্টারফেস" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "উৎস" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "অনুমোদন ব্যর্থ।" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "অবৈধ নাম" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "নাম ইতিমধ্যেই উপস্থিত" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ফায়ারওয়াল ডিমোনে কোনো সংযোগ নেই" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "সকল নেটওয়ার্ক ট্র্যাফিক অবরুদ্ধ।" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "ডিফল্ট অঞ্চল: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "অঞ্চল '{zone}' '{connection}' সংযোগের জন্য সক্রিয়, '{interface}' ইন্টারফেসে" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "অঞ্চল '{zone}' '{interface}' ইন্টারফেসের জন্য সক্রিয়" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "অঞ্চল '{zone}' {source} সোর্সের জন্য সক্রিয়" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "কোনো সক্রিয় অঞ্চল নেই।" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD এ সংযোগ স্থাপিত হয়েছে।" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD এ সাথে সংযোগ বিচ্ছিন্ন হয়েছে।" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD অাবার লোড করা হয়েছে।" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "ডিফল্ট অঞ্চল '%s' এ পরিবর্তন করা হয়েছে।" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "নেটওয়ার্ক ট্র্যাফিক অার অবরুদ্ধ নেই।" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "সক্রিয় করা হয়েছে" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "নিষ্ক্রিয়" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "অঞ্চল '{zone}' {activated_deactivated} '{connection}' সংযোগের জন্য, " "'{interface}' ইন্টারফেসে" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "অঞ্চল '{zone}' {activated_deactivated} '{interface}' ইন্টারফেসে জন্য" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "অঞ্চল '%s' '%s' ইন্টারফেসের জন্য সক্রিয় করা হয়েছে" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "অঞ্চল '{zone}' {activated_deactivated} '{source}' সোর্সের জন্য" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "অঞ্চল '%s' '%s' সোর্সের জন্য সক্রিয় করা হয়েছে" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "পরিবর্তনগুলি প্রযোজ্য হয়েছে।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "'%s' নেটওয়ার্ক সংযোগের দ্বারা ব্যবহৃত" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "সক্রিয়" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "নিষ্ক্রিয়" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "অাইকনগুলি লোড করতে ব্যর্থ।" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ব্যবহারকারীর নাম" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "রানটাইম" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "স্থায়ী" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "পরিসেবা" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "পোর্ট" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "প্রোটোকল" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "উদ্দিষ্ট পোর্ট" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "উদ্দিষ্ট ঠিকানা" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ধরন" #: ../src/firewall-config.in:822 msgid "Family" msgstr "পরিবার" #: ../src/firewall-config.in:826 msgid "Action" msgstr "কাজ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "উপাদান" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "লগ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "অডিট" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "উৎস" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "সতর্কবার্তা" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ত্রুটি" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "গ্রহণ করুন" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "প্রত্যাখ্যান করুন" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ছাড়ুন" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "সীমা" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "পরিষেবা" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "পোর্ট" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "প্রোটোকল" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ফরোয়ার্ড-পোর্ট" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "স্তর" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "হ্যাঁ" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "অঞ্চল" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "অঞ্চল '%s': '%s' পরিষেবা উপলব্ধ নয়।" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "অপসারণ" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "অগ্রাহ্য করা হবে" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "অঞ্চল '%s': ICMP ধরন '%s' উপলব্ধ নয়।" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "বিল্ট-ইন অঞ্চল, নাম পরিবর্তন সমর্থিত নয়।" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "দ্বিতীয়" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "মিনিট" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ঘন্টা" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "দিন" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "জরুরি" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "সাবধানবাণী" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "গুরুত্বপূর্ণ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ত্রুটি" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "সতর্কবার্তা" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "সূচনা" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "তথ্য" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ডিবাগ" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ইন্টারফেস ছদ্মবেশ ধারণ করলে শুধুমাত্র তখনই অন্য সিস্টেমে ফরোয়ার্ডিং উপযোগী।\n" "অাপনি কি এই অঞ্চলকে ছদ্মবেশ পড়াতে চান?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "বিল্ট-ইন পরিষেবা, নাম পরিবর্তন সমর্থিত নয়।" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "বিল্ট-ইন icmp, নাম পরিবর্তন সমর্থিত নয়।" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "সোর্স '%s' এর জন্য অঞ্চল নির্বাচন করুন" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ঠিকানা" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "অনুগ্রহ করে কম্যান্ড লাইন উল্লেখ করুন।" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "অনুগ্রহ করে প্রসঙ্গ উল্লেখ করুন।" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "অনুগ্রহ করে নীচের তালিকা থেকে ডিফল্ট অঞ্চল নির্বাচন করুন।" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "সরাসারি চেন" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "অনুগ্রহ করে ipv এবং সারণী নির্বাচন করুন এবং চেনের নাম লিখুন।" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "চেন:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "নিরাপত্তা" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "সারণী:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ডাইরেক্ট Passthrough নিয়ম" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "অনুগ্রহ করে ipv নির্বাচন করুন এবং args প্রবেশ করান।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "পোর্ট ফরওয়ার্ডিং" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "প্রয়োজন অনুসারে উৎস ও গন্তব্য সংক্রান্ত বিবিধ বিকল্পগুলি নির্বাচন করুন।" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "পোর্ট / পোর্টের সীমা:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ঠিকানা:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "প্রোটোকল:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "গন্তব্যস্থল" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "স্থানীয়রূপে ফরওয়ার্ডিং করতে ইচ্ছুক হলে, একটি পোর্ট নির্দেশ করা আবশ্যক। উদ্দিষ্ট পোর্টটি " "উৎস পোর্টের থেকে পৃথক হওয়া আবশ্যক।" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "স্থানীয়রূপে ফরওয়ার্ডিং" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "কোনো পৃথক পোর্টে ফরওয়ার্ড করা হবে" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "মোটা হরফে লেখা বাধ্যতামূলক, বাকি সব বৈকল্পিক।" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "নাম:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "সংস্করণ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "সংক্ষিপ্ত:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "বিবরণ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "পরিবার:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "প্রাথমিক ICMP ধরন সেটিং" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "অনুগ্রহ করে প্রাথমিক ICMP ধরন সেটিং কনফিগার করুন:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP প্রকৃতি" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "অনুগ্রহ করে একটি ICMP ধরন নির্বাচন করুন" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "এনট্রি যোগ করুন" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ফাইল (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "বিবিধ বিকল্প (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld পুনরায় লোড করুন" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ফায়ারওয়াল নিয়ম পুনঃলোড করে। বর্তমান স্থায়ী কনফিগারেশন নতুন রানটাইম কনফিগারেশন " "হবে। অর্থাৎ, পুনঃলোড পর্যন্ত হওয়া সমস্ত শুধুমাত্র রানটাইম পরিবর্তনগুলি পুনঃলোডের সাথে " "নষ্ট হয়ে যায়। যদি না তারা স্থায়ী কনফিগারেশনেও থেকে থাকে।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "একটি নেটওয়ার্ক সংযোগ কোন অঞ্চলের সংগে সংযুক্ত তা পরিবর্তন করুন।" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ডিফল্ট অঞ্চল পরিবর্তন করুন" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "সংযোগ বা ইন্টারফেসের জন্য ডিফল্ট অঞ্চল পরিবর্তন করুন।" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "প্যানিক মোডের অর্থ হল, সকল ইনকামিং এবং অাউটগোয়িং প্যাকেট ড্রপ করা হয়।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "প্যানিক মোড" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown ফায়ারওয়াল কনফিগারেশন লক করে, যাতে কিনা শুধুমাত্র lockdown whitelist এ " "অ্যাপ্লিকেশন তার পরিবর্তন করতে পারে।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "লকডাউন" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "রানটাইম কনফিগারেশন স্থায়ী করুন" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "রানটাইম থেকে স্থায়ী" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "প্রদর্শন (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP প্রকৃতি" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ডাইরেক্ট কনফিগারেশন" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "লকডাউন হোয়াইটলিস্ট" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "সাহায্য (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "কনফিগারেশন:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "বর্তমানে দৃশ্যমান কনফিগারেশন। রানটাইম কনফিগারেশন হল প্রকৃত সক্রিয় কনফিগারেশন। " "স্থায়ী কনফিগারেশন পরিষেবা বা সিস্টেম পুনঃলোড বা বন্ধ হয়ে চালু হওয়ার পরে সক্রিয় হবে।" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "একটি ফায়ারওয়াল দিয়ে ঘেরা অঞ্চল তার মধ্যস্ত নেটওয়ার্ক সংযোগ, ইন্টারফেস এবং সোর্স " "ঠিকানার বিশ্বস্তের স্তরকে নির্ধারণ করে। অঞ্চলের মধ্যে অন্তর্ভুক্ত হল পরিষেবাদি, পোর্ট, " "প্রোটোকল, ম্যাসকোয়ারডিং, পোর্ট/প্যাকেট ফরোয়ার্ডিং, icmp ফিল্টার এবং রিচ রুল। অঞ্চল " "ইন্টারফেস এবং সোর্স ঠিকানার মধ্যে অাবদ্ধ থাকতে পারে।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "অঞ্চল যোগ করুন" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "অঞ্চল সম্পাদন করুন" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "অঞ্চল সরান" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "অঞ্চল ডিফল্ট লোড করুন" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "অঞ্চলে কোন পরিষেবাগুলি বিশ্বস্ত তা অাপনি এখানে নির্দিষ্ট করতে পারবেন। এই অঞ্চলের " "সংযোগ, ইন্টারফেস এবং সোর্স থেকে মেশিনে পৌঁছাতে পারে এমন সকল হোস্ট এবং নেটওয়ার্ক " "থেকে বিশ্বস্ত পরিষেবাগুলি অ্যাক্সেসযোগ্য।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "পরিষেবা" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "অতিরিক্ত পোর্ট বা পোর্ট রেঞ্জ যোগ করুন, যা মেশিনের সংগে সংযুক্ত করা যায় এমন সকল " "হোস্ট বা নেটওয়ার্কের জন্য অ্যাক্সেস হওয়া প্রয়োজন।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "পোর্ট যোগ করুন" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "পোর্ট সম্পাদনা করুন" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "পোর্ট অপসারণ করুন" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "পোর্ট" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "স্থানীয় নেটওয়ার্ক, ইন্টারনেটের সাথে সংযুক্ত করার জন্য হোস্ট অথবা রাউটার প্রস্তুতির সময় " "Masquerading সহয়াক। আপনার স্থানীয় নেটওয়ার্ক প্রকাশিত হবে না ও ইন্টারনেটে একটি " "হোস্ট রূপে প্রস্তুত করা হবে। Masquerading শুধুমাত্র IPv4-র ক্ষেত্রে প্রযোজ্য।" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Masquerade অঞ্চল" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "অাপনি ম্যাসকিউরেডিং সক্রিয় করলে, IP ফরোয়ার্ডিং অাপনার IPv4 নেটওয়ার্কগুলির জন্য " "সক্রিয় করা হবে।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "স্থানীয় সিস্টেমের মধ্যে অন্য পোর্টে অথবা স্থানীয় সিস্টেম থেকে অন্য সিস্টেমে পোর্ট " "ফরওয়ার্ড করার জন্য মান লিখুন। ইন্টারফেস masquerade করা থাকলে পৃথক সিস্টেমে পোর্ট " "ফরওয়ার্ড করা উপকারী হবে। পোর্ট ফরওয়ার্ডিং ব্যবস্থা শুধুমাত্র IPv4-র ক্ষেত্রে প্রযোজ্য।" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ফরোয়ার্ড পোর্ট যোগ করুন" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ফরোয়ার্ড পোর্ট সম্পাদনা করুন" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ফরোয়ার্ড পোর্ট অপসারণ করুন" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ইন্টারনেট কন্ট্রোল মেসেজ প্রোটকল (ICMP) প্রয়োগ করে নেটওয়ার্কের মধ্যে উপস্থিত " "কম্পিউটারগুলির মধ্যে ত্রুটি বার্তা আদান প্রদান করা হয়। উপরন্তু, বিবিধ তথ্য যেমন ping-র " "অনুরোধ ও উত্তর প্রভৃতিও বিনিময় করার জন্য এটি ব্যবহৃত হয়।" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "প্রত্যাখ্যানের উদ্দেশ্যে, তালিকার মধ্যে ICMP-র ধরনগুলি চিহ্নিত করুন। অন্যান্য সকল ICMP-" "র ধরনগুলি ফায়ারওয়ালের মধ্যে প্রবেশ করতে সক্ষম হবে। ডিফল্টরূপে কোনো প্রতিরোধ করা হয় " "না।" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ফিল্টার" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "এখানে অাপনি অঞ্চলের জন্য সমৃদ্ধ ভাষা নিয়ম নির্দিষ্ট করতে পারবেন।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "সমৃদ্ধ নিয়ম যোগ করুন" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "সমৃদ্ধ নিয়ম সম্পাদনা করুন" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "সমৃদ্ধ নিয়ম সরান" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "সমৃদ্ধ নিয়মগুলি" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "অঞ্চলে ইন্টারফেসগুলি অাবদ্ধ করতে এন্ট্রিগুলি যোগ করুন। ইন্টারফেস একটি সংযোগের দ্বারা " "ব্যবহৃত হলে, অঞ্চল সংযোগের দ্বারা নির্দিষ্ট অঞ্চলে নির্দিষ্ট হবে।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ইন্টারফেস যোগ করুন" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ইন্টারফেস সম্পাদন করুন" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ইন্টারফেস সরান" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "সোর্স যোগ করুন" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "সোর্স সম্পাদন করুন" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "সোর্স সরান" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "অঞ্চল" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "একটি firewalld পরিষেবা হল পোর্ট, প্রোটোকল, মডিউল এবং গন্তব্য ঠিকানার সমন্বয়।" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "পরিষেবা যোগ করুন" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "পরিষেবা সম্পাদন করুন" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "পরিষেবা অপসারণ করুন" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "পরিষেবা ডিফল্ট লোড করুন" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "এনট্রি সম্পাদনা" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "এনট্রি অপসারণ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "মডিউল" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "অাপনি গন্তব্য ঠিকানাগুলি নির্দিষ্ট করলে, পরিষেবা এন্ট্রি গন্তব্য ঠিকানা এবং ধরনের " "মধ্যেই সীমাবদ্ধ থাকবে। উভয় এন্ট্রিই খালি থাকলে, কোনো সীমাবদ্ধতা থাকে না।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "পরিষেবাগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। পরিষেবাগুলির " "রানটাইম কনফিগারেশন নির্দিষ্ট।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "একটি firewalld icmptype, firewalld এর জন্য একটি ইন্টারনেট কন্ট্রোল মেসেজ প্রোটোকল " "(ICMP) ধরনের জন্য তথ্য প্রদান করে।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ধরন যোগ করুন" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ধরন সম্পাদন করুন" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ধরন অপসারণ করুন" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ধরন ডিফল্ট যোগ করুন" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "IPv4 এবং/অথবা IPv6 এর জন্য এই ICMP ধরন উপলব্ধ কিনা তা নির্দিষ্ট করুন।" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ধরনগুলি শুধুমাত্র স্থায়ী কনফিগারেশন রূপে পরিবর্তন করা যেতে পারে। ICMP ধরনগুলির " "রানটাইম কনফিগারেশন নির্দিষ্ট।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ডাইরেক্ট কনফিগারেশন ফায়ারওয়ালে অারো সরাসারি অ্যাক্সেস দেয়। এই বিকল্পের ক্ষেত্রে " "ব্যবহারকারীকে প্রাথমিক iptables কনসেপ্ট, অর্থাৎ সারণী, চেন, কম্যান্ড, প্যারামিটার " "এবং টার্গেট জানতে হবে। অন্যান্য firewalld বৈশিষ্ট্য ব্যবহার করা সম্ভব না হলে, " "শুধুমাত্র তখনই শেষ মাধ্যম হিসাবে ডাইরেক্ট কনফিগারেশন ব্যবহার করা হবে।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "প্রত্যেক বিকল্পের ipv অার্গুমেন্ট ipv4 বা ipv6 বা eb হতে হবে। ipv4 এর ক্ষেত্রে এটি " "হবে iptables, ipv6 এর ক্ষেত্রে ip6tables এবং eb এর ক্ষেত্রে ইথারনেট ব্রিজ " "(ebtables)।" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "নিয়মের সংগে ব্যবহার করার অতিরিক্ত চেন।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "চেন যোগ করুন" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "চেন সম্পাদনা করুন" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "চেন সরান" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "চেন" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "অগ্রাধিকার বিশিষ্ট একটি সারণীতে একটি চেনে অার্গুমেন্ট args সমেত একটি নিয়ম যোগ করুন।" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "অগ্রাধিকার নিয়ম অর্ডার করতে ব্যবহার করা হয়। অগ্রাধিকার 0 এর অর্থ হল, চেনের উপরে " "নিয়ম যোগ করুন, অপেক্ষাকৃত বেশি অগ্রাধিকারের ক্ষেত্রে নিয়ম অারো নীচের দিকে যোগ হতে " "থাকবে। একই অগ্রাধিকারের নিয়মগুলি একই লেবেলে থাকে এবং এই নিয়মগুলির ক্রম নির্দিষ্ট " "নয় এবং পরিবর্তিত হতে পারে। একটির পরে অার একটি নিয়ম যোগ হোক তা অাপনি নিশ্চিত " "করতে চাইলে, প্রথমটির জন্য একটি কম অগ্রাধিকার ব্যবহার করুন এবং নিম্নলিখিতের জন্য " "অপেক্ষাকৃত বেশি।" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "নিয়ম যোগ করুন" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "নিয়ম সম্পাদন করুন" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "নিয়ম সরান" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "নিয়ম" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "passthrough নিয়ম ফায়ারওয়াল দিয়ে সরাসারি চালনা করা হয় এবং বিশেষ চেনে রাখা হয় " "না। সকল iptables, ip6tables এবং ebtables বিকল্প ব্যবহার করা যেতে পারে।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "ফায়ারওয়াল যাতে ক্ষতিগস্থ না হয় তার জন্য অনুগ্রহ করে passthrough নিয়মের ক্ষেত্রে " "যত্নবান হোন।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Passthrough যোগ করুন" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Passthrough সম্পাদনা করুন" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Passthrough সরান" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "লকডাউন বৈশিষ্ট্য firewalld এর জন্য ব্যবহারকারী এবং অ্যাপ্লিকেশন নীতির একটি ক্ষুদ্র " "সংস্করণ। এটি ফায়ারওয়ালের পরিবর্তনগুলিকে সীমাবদ্ধ করে। লকডাউন হোয়াইটলিস্টের মধ্যে " "কম্যান্ড, কনটেক্স, ব্যবহারকারী এবং ব্যবহারকারী অাইডি থাকতে পারে।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "কনটেক্সট যোগ করুন" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "কনটেক্সট সম্পাদনা করুন" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "কনটেক্সট সরান" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "কনটেক্সট" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "whitelist এ কোনো কম্যান্ড এন্ট্রি তারকা চিহ্ন '*' দিয়ে সমাপ্ত হলে, কম্যান্ড দিয়ে শুরু " "হওয়া সমস্ত কম্যান্ড লাইন মিলবে। '*' উপস্থিত না থাকলে, অার্গুমেন্ট সমেত চরম কম্যান্ড " "অবশ্যই মিলতে হবে।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "কমান্ড-লাইন যোগ করুন" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "কমান্ড-লাইন সম্পাদন করুন" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "কমান্ড-লাইন সরান" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "কম্যান্ড লাইন" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ব্যবহারকারীর নাম‌।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ব্যবহারকারীর নাম যোগ করুন" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ব্যবহারকারীর নাম সম্পাদন করুন" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ব্যবহারকারীর নাম সরান" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ব্যবহারকারীর নাম" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ব্যবহারকারীর অাইডি।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ব্যবহারকারী অাইডি যোগ করুন" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ব্যবহারকারীর অাইডি সম্পাদন করুন" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ব্যবহারকারীর অাইডি সরান" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ব্যবহারকারীর অাইডি" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "সিস্টেমের বর্তমান ডিফল্ট অঞ্চল।" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "প্যানিক মোড:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "লকডাউন:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ডিফল্ট অঞ্চল:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "পোর্ট এবং প্রোটোকল" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "অনুগ্রহ করে একটি পোর্ট এবং প্রোটোকল দিন।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ডাইরেক্ট নিয়ম" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "অনুগ্রহ করে ipv এবং সারণী, চেন অগ্রাধিকার নির্বাচন করুন এবং args প্রবেশ করান।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "অগ্রাধিকার:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "অনুগ্রহ করে একটি প্রোটোকল দিন।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "অন্য প্রোটোকল:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "সমৃদ্ধ নিয়ম" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "অনুগ্রহ করে একটি সমৃদ্ধ নিয়ম দিন।" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "হোস্ট বা নেটওয়ার্ক হোয়াইট বা কালো তালিকাভুক্তকরণের ক্ষেত্রে উপাদান নিষ্ক্রিয় করুন।" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "উৎসস্থল:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "গন্তব্য:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "লগ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "অডিট:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 এবং ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "উল্টানো" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "এটিকে সক্ষম করতে হলে, অ্যাকশন 'রিজেক্ট' হতে হবে এবং ফ্যামিলি হয় 'ipv4' বা " "'ipv6' (উভয়ই নয়) হতে হবে।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ধরন সমেত:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "সীমা সমেত:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "প্রেফিক্স:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "স্তর:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "উপাদান:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "কাজ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "প্রাথমিক পরিষেবা সেটিং" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "অনুগ্রহ করে প্রাথমিক পরিষেবা সেটিং কনফিগার করুন:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "অনুগ্রহ করে একটি পরিষেবা নির্বাচন করুন।" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ব্যবহারকারীর ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "অনুগ্রহ করে ব্যবহারকারীর অাইডি লিখুন।" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "অনুগ্রহ করে ব্যবহারকারীর নাম লিখুন।" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "প্রাথমিক অঞ্চল সেটিং" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "অনুগ্রহ করে প্রাথমিক অঞ্চল সেটিং কনফিগার করুন:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ডিফল্ট টার্গেট" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "টার্গেট:" firewalld-0.8.2/po/bg.po0000664007115300711530000014575113641112250016232 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Valentin Laskov , 2012-2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:43+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/firewalld/" "language/bg/)\n" "Language: bg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Аплет на защитната стена" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Защитна стена" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Конфигуриране на защитната стена" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Зона '%s' активирана за интерфейс '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Зона по подразбиране" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Конфигуриране зоните за вдигане/сваляне на защитата" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Тук можете да изберете зоните, използвани за вдигане и сваляне на защитите." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Тази функция е полезна основно за хора, използващи подразбиращата се зона. " "За потребители, сменящи зоните за връзки, използването може да е ограничено." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Зона с вдигнати щитове:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Зона със свалени щитове:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Вдигни защитите" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Разреши уведомленията" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Редактиране настройките на защитната стена..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Промяна зоните на връзките..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Конфигуриране зоните за вдигане/сваляне на защитата..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Блокира целия мрежови трафик" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Няма връзка." #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Източници" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Удостоверяването не успя." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Невалиден аргумент %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Името вече съществува" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Няма връзка с демона на защитната стена" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Целият мрежови трафик е блокиран." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Зона по подразбиране: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона '{zone}' е активна за връзка '{connection}' на интерфейс '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Зона '{zone}' е активна за интерфейс '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Зона '{zone}' активна за източник {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Няма активни зони." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Връзката с FirewallD е осъществена." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Връзката с FirewallD е изгубена." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD беше презареден." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Подразбиращата се зона е сменена на '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Мрежовият трафик вече не е блокиран." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "активиран" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "деактивиран" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона '{zone}' е {activated_deactivated} за връзка '{connection}' през " "интерфейс '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зона '{zone}' е {activated_deactivated} за интерфейс '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Зона '%s' е активирана за интерфейс '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зона '{zone}' е {activated_deactivated} за източник '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зона '%s' е активирана за източник '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Неуспех при зареждане на икони." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Услуга" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Към порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Към адрес" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp тип" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Източник" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Внимание" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Грешка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона '%s': Услуга '%s' е недостъпна." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Премахване на зона" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Игнорирай" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона '%s': ICMP тип '%s' е недостъпен." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Вградена зона, преименуване не се поддържа." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Вградена услуга, преименуване не се поддържа." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Вграден icmp, преименуване не се поддържа." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Избор на зона за източник %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Адрес" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Моля, изберете подразбиращата се зона от списъка по-долу." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Пренасочване на порт" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Моля, задайте настройките за източник и цел, според нуждите Ви." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт / Диапазон портове:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP адрес:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Назначение" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ако разрешите локалното пренасочване, ще трябва да зададете порт. Той ще " "трябва да е различен от първоначалния порт." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локално пренасочване" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Пренасочване към друг порт" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Почернените елементи са задължителни, всички останали - не." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Име:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Версия:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Кратко:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Описание:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Основни настройки на ICMP типове" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Моля, конфигурирайте основните настройки на ICMP типове:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP тип" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Добавяне на запис" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Файл" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Опции" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Презареди " #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Смяна на подразбиращата се зона." #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Помощ" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Текущо видима конфигурация. Работната конфигурация е истински активната " "конфигурация. Постоянната конфигурация ще бъде активна след рестартиране на " "услугата или системата." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Добавяне на зона" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Редактиране на зона" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Премахване на зона" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Зареждане на подразбиращото се за зоната" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Услуги" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Към порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Редактиране на зона" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Премахване на зона" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Портове" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Маскирането позволява чрез хост или рутер да свържете Вашата локална мрежа " "към Интернет. Вашата локална мрежа ще бъде невидима и хостовете в нея ще се " "представят с един единствен адрес в Интернет. Маскирането е само за IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Зона с маскиране" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ако разрешите маскирането, ще бъде разрешен и IP forwarding за Вашите IPv4 " "мрежи." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Маскиране" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Добавяне на правила за пренасочване на портове от един порт към друг на " "локалната система или от локалната към друга система. Пренасочването към " "друга система работи само ако интерфейсът е маскиран. Пренасочването е само " "за IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Добавяне пренасочване на порт" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Редактиране пренасочването на порт" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Премахване пренасочването на порт" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протоколът Internet Control Message Protocol (ICMP) се използва основно за " "изпращане на съобщения за грешки между компютри в мрежата, както и за " "информационни съобщения като ping запитвания и отговори." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Маркирайте в списъка ICMP типовете, които да бъдат отхвърляни. За всички " "други ICMP типове преминаването през защитната стена е разрешено. По " "подразбиране ограничения няма." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP филтър" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зони" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Добавяне на услуга" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Редактиране на услуга" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Премахване на услуга" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Зарежда подразбиращото се за услугата" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Редактиране на запис" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Премахване на запис" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модули" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ако зададете целеви адреси, услугите ще бъдат ограничени според целевия " "адрес и тип. Ако и двете са празни, ограничения няма." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Добавя ICMP тип" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Редактира ICMP типа" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Премахва ICMP типа" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Зарежда подразбиращите се ICMP типове" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Текуща зона по подразбиране на системата." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Зона по подразбиране:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт и Протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Моля, въведете порт и протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Друг протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Основни настройки на услугата" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Моля, конфигурирайте основните настройки на услугата:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Основни настройки на зоната" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Моля, конфигурирайте основните настройки на зоната:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Цел по подразбиране" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Цел:" firewalld-0.8.2/po/mr.po0000664007115300711530000020650113641112251016250 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Automatically generated, 2004 # Rahul Bhalerao , 2006 # Rahul Bhalerao , 2006 # sandeep shedmake , 2007-2008 # Sandeep Shedmake , 2008-2009 # sandeeps , 2009-2010 # sandeeps , 2013-2014 # sandeeps , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 10:00+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Marathi (http://www.transifex.com/projects/p/firewalld/" "language/mr/)\n" "Language: mr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "फायरवॉल ॲपलेट" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "फायरवॉल" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "फायरवॉल संयोजना" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "फायरवॉल;नेटवर्क;सुरक्षा;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "संवाद '%s' करिता क्षेत्र निवडा" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "पूर्वनिर्धारित झोन" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "जोडणी '%s' करिता झोन निवडा" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "शिल्डस् अप किंवा डाउन क्षेत्र संरचीत करा" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "शिल्डस् अप व शिल्डस् डाउनकरिता तुम्ही येथे क्षेत्र निवडू शकता." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "हे गुणधर्म पूर्वनिर्धारित झोन्सचा वापर करणाऱ्यांना उपयोगी ठरेल. वापरकर्त्यांना, जे जोडणींचे " "झोन्स बदलतात, याचा मर्यादीत वापर ठरू शकतो." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "शिल्डस् अप क्षेत्र:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "शिल्डस् डाउन क्षेत्र:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "शिल्डस् अप" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "सूचना सुरू करा" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "फायरवॉल सेटिंग्ज संपादित करा..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "जोडणींचे क्षेत्रांमध्ये बदल करा..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "शिल्डस् अप किंवा डाउन क्षेत्र संरचीत करा..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "सर्व नेटवर्क ट्राफिक अडवा" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "जोडणी" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "सोअर्सेस" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ओळख पटवणे अपयशी." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "अवैध बाब %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "नाव आधीपासूनच अस्तित्वात आहे" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "firewall डिमनकरिता जोडणी नाही" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "सर्व नेटवर्क ट्राफिक अडवले आहे." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "पूर्वनिर्धारित क्षेत्र: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र '{zone}' सक्रीय" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "संवाद '{interface}' करिता क्षेत्र '{zone}' सक्रीय" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "स्रोत {source} करिता क्षेत्र '{zone}' सक्रीय" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "सक्रीय क्षेत्र नाही." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD करिता जोडणी स्थापीत केले." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD करिता जोडणी हरवले." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD पुन्हा लोड केले आहे." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "पूर्वनिर्धारित क्षेत्रला '%s' करिता बदलले आहे." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "नेटवर्क ट्राफिक यापुढे अडवले जात नाही." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "सक्रीय केले" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "निष्क्रीय केले" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "संवाद '{interface}' वरील जोडणी '{connection}' करिता क्षेत्र " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "संवाद '{interface}' करिता क्षेत्र '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "क्षेत्र '%s' सक्रीय केले, संवाद '%s' करिता" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "सोअर्स '{source}' करिता क्षेत्र '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "सोअर्स '%s' करिता क्षेत्र '%s' सक्रीय केले" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "बदल लागू केले." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "नेटवर्क जोडणी '%s' तर्फे वापरले जाते" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "सुरू केले" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "बंद केले" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "चिन्ह लोड करण्यास अपयशी." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "वापरकर्ता नाव" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "रनटाइम" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "कायम" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "सेवा" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "पोर्ट" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "शिष्टाचार" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "प्रति पोर्ट" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "प्रति पत्ता" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP प्रकार" #: ../src/firewall-config.in:822 msgid "Family" msgstr "फॅमिली" #: ../src/firewall-config.in:826 msgid "Action" msgstr "कृती" #: ../src/firewall-config.in:828 msgid "Element" msgstr "घटक" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "लक्ष्य" #: ../src/firewall-config.in:834 msgid "log" msgstr "लॉग" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ऑडिट" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "सोअर्स" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "ताकीद" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "त्रुटी" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "स्वीकार करा" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "नकारा" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "वगळा" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "मर्यादा" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "सर्व्हिस" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "पोर्ट" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "प्रोटोकॉल" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "मास्क्युरेड" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "स्तर" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "होय" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "क्षेत्र" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "क्षेत्र '%s': सर्व्हिस '%s' अनुपलब्ध." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "काढून टाका" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "दुर्लक्ष करा" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "क्षेत्र '%s': ICMP प्रकार '%s' अनुपलब्ध." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "बिल्ट-इन झोन, पुनःनाव देणे समर्थीत नाही." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "सेकंद" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "मिनिट" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "तास" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "दिवस" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "संकट" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "सावधानता" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "गंभीर" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "त्रुटी" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "सावधानता" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "सूचना" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "माहिती" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "डिबग करा" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "संवाद संक्रमीत झाले असल्यावरच इतर प्रणालीकरिता फॉरवर्ड करणे उपयोगी ठरते.\n" "तुम्हाला हे झोन मास्क्युरेड करायचे ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "बिल्ट-इन सर्व्हिस, पुनःनामांकन समर्थीत नाही." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "बिल्ट-इन icmp, पुनःनाव देणे समर्थीत नाही." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "सोअर्स %s करिता क्षेत्र निवडा" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "पत्ता" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "कृपया आदेश ओळ द्या." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "कृपया संदर्भ द्या." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "कृपया खालील सूचीपासून पूर्वनिर्धारित झोन निवडा." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "डाइरेक्ट चैन" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "कृपया ipv आणि तक्ता निवडा आणि चैनचे नाव द्या." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "चैन:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "रॉ" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "सुरक्षा" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "तक्ता:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "डाइरेक्ट पासथ्रु नियम" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "कृपया ipv निवडा आणि बाबी द्या." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "बाबी:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "पोर्ट फॉरवर्डीग" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "कृपया स्त्रोत व लक्ष्य पर्याय तुमच्या आवश्यकतेप्रणाणे वापरा." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "पोर्ट / पोर्ट क्षेत्र:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP पत्ता:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "प्रोटोकॉल:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "लक्ष्य" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "स्थानीक फॉर्वडींग कार्यान्वीत केल्यास, तुम्हाला पोर्ट निर्देशीत करावे लागेल. स्त्रोत पोर्ट " "करीता हे पोर्ट वेगळे असायला हवे." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "स्थानीक फॉरवर्डीग" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "पुढच्या पोर्ट करीता पाठवा" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ठलक नोंदणी आवश्यक आहे, इतर सर्व वैकल्पिक आहे." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "नाव:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "आवृत्ती:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "छोटे:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "वर्णन:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "फॅमिली:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "बेस ICMP प्रकार सेटिंग्ज" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "कृपया बेस ICMP प्रकार सेटिंग्ज संरचीत करा:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP प्रकार" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "कृपया ICMP प्रकार पसंत करा" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "नोंदणी समावेश करा" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "फाइल (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "पर्याय (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld पुन्हा लोड करा" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "फायरवॉल रूल्स पुन्हा लोड करतो. सध्याची कायम संरचना नविन रनटाइम संचरना बनेल. म्हणजेच " "कायम संरचनामध्ये न आढळल्यास रिलोड पर्यंतचे फक्त रनटाइम बदल गमवले जातात." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "नेटवर्क जोडणी कोणत्या झोनच्या मालकीचे आहे, ते बदला." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "पूर्वनिर्धारित क्षेत्र बदला" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "जोडण्या किंवा संवादकरिता पूर्वनिर्धारित झोन बदला." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "पॅनिक मोड म्हणजे सर्व येणारे आणि बाहेर जाणारे पॅकेट्स वगळले जातात." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "पॅनिक मोड" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "लॉकडाऊन फायरवॉल संरचना कुलूपबंद करते जेणेकरूण फक्त लॉकडाऊनकरिता ॲप्लिकेशन्स त्यास बदलू शकेल." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "कुलूपबंद करा" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "रनटाइम संरचना कायमचे करा" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "रनटाइम कायमचे करा" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "अवलोकन (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP प्रकार" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "डाइरेक्ट संरचना" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "लॉकडाऊन वाइटलिस्ट" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "मदत (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "संरचना:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "सध्या दृश्यास्पद संरचना. रनटाइम संरचना वास्तविक सक्रीय संरचना आहे. सर्व्हिस किंवा " "प्रणालीला पुन्हा लोड किंवा पुन्हा सुरू केल्यानंतर कायम संरचना सक्रीय केली जाईल." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld क्षेत्र नेटवर्क जोडणींकरिता विश्वासर्हता स्तर, इंटरफेसेस व झोनकरिता बांधणी असलेले " "सोअर्स पत्ता ठरवतो. क्षेत्र सर्व्हिसेस, पोर्टस, प्रोटोकॉल्स, मॅस्क्युरेडिंग, पोर्ट किंवा पॅकेट " "फॉरवर्डिंग, icmp फिल्टर्स व रिच रूल्स एकत्रीत करतो. क्षेत्र इंटरफेसेस व सोअर्स पत्त्यांकरिता " "बांधणी करतो." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "क्षेत्र समावेश करा" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "क्षेत्र संपादित करा" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "क्षेत्र काढून टाका" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "क्षेत्र पूर्वनिर्धारित लोड करा" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "येथे तुम्ही झोनमध्ये कोणती सर्व्हिसेस विश्वासर्ह आहेत ते ठरवू शकता. विश्वासर्ह सर्व्हिसेस सर्व " "यजमानांपासून व ह्या झोनकरिता बांधीत असलेल्या जोडणी, संवाद व सोअर्सेसपासून मशीनपर्यंत " "पोहचण्याजोगी नेटवर्कसकरिता प्रवेशजोगी आहेत." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "सर्व्हिसेस" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "अगाऊ पोर्टस् किंवा पोर्ट व्याप्ति समाविष्ट करा, जे सर्व यजमान किंवा मशनसह जोडणीजोगी " "नेटवर्ककरिता प्रवेशजोगी असायला हवे." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "प्रति पोर्ट" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "पोर्ट संपादित करा" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "पोर्ट काढून टाका" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "पोर्टस्" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "मास्क्युरेडींग यजमान स्थापीत करण्यास किंवा इंटरनेटवरील स्थानीक संजाळ जुळवणीकरीता राऊटरला " "परवानगी देतो. तुमचे स्थानीक संजाळ दिसणार नाही व इंटरनेटवर यजमान एक पत्ता म्हणूनच दिसून " "येईल. मास्क्युरेडींग फक्त IPv4 करीता आहे." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "मास्क्युरेड क्षेत्र" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "मास्क्युरेडिंग सुरू करताना, IP फॉर्वरर्डिंग IPv4 नेटवर्क्सकरिता सुरू केले जाईल." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "मास्क्युरेडींग" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "स्थानीक प्रणालीवरील किंवा एका स्थानीक प्रणली वरून अन्य प्रणाली करीता एका पोर्ट पासून " "इतर पोर्ट पर्यंत पोर्ट फॉर्वड करण्यासाठी नोंदणी जोडा. अन्य प्रणाली करीता फॉर्वडींग " "तेव्हाच उपयोगी ठरेल जेव्हा संवाद लपविला जाईल. पोर्ट फॉर्वडींग फक्त IPv4 करीता आहे." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "फॉरवर्ड पोर्ट समाविष्ट करा" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "फॉरवर्ड पोर्ट संपादित करा" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "फॉरवर्ड पोर्ट काढून टाका" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) चा वापर संभाव्यतः त्रुटी संदेश " "पाठविण्याकीरता केला जातो, पण अगाऊरित्या माहिती संदेश करीता देखील वापरला जातो जसे की " "पींग विनंती किंवा प्रतिसाद." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "यादीतील ICMP प्रकार, जे स्वीकारले नाही पाहिजे. इतर सर्व ICMP प्रकार फायरवॉल ला भेदून " "जाऊ शकतात. पूर्वनिर्धारीतवर मर्यादा नाही." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP फिल्टर" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "क्षेत्रकरिता तुम्ही येथे रिच लँगवेज रूल्स सेट करू शकता." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "रिच रूल समाविष्ट करा" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "रिच रूल संपादित करा" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "रिच रूल काढून टाका" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "रिच रूल्स" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "संवादांना झोनकरिता बांधणी करण्यासाठी नोंदणी समाविष्ट करा. जोडणीतर्फे संवादचा वापर " "करायचे असल्यास, जोडणीमध्ये निर्देशीत झोनकरिता झोन सेट केले जाईल." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "संवाद समाविष्ट करा" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "संवाद संपादित करा" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "संवाद काढून टाका" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "सोअर्स समाविष्ट करा" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "सोअर्स संपादित करा" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "सोअर्स काढून टाका" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "झोन्स" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld सर्व्हिस पोर्टस्, प्रोटोकॉल्स, घटक व लक्ष्य पत्त्यांचे एकत्रीकरण आहे." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "सर्व्हिस समाविष्ट करा" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "सर्व्हिस संपादित करा" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "सर्व्हिस काढून टाका" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "सर्व्हिस पूर्वनिर्धारित लोड करा" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "नोंदणी संपादीत करा" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "नोंदणी हटवा" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "घटक" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "लक्ष्य पत्ता निर्देशीत केल्यास, सर्व्हिस नोंदणी लक्ष्य पत्ता व प्रकारकरिता मर्यादीत राहेल. " "दोंही नोंदणी रिकामे असल्यास, कुठलिही मर्यादा राहत नाही." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "सर्व्हिसेसला फक्त नेहमीच्या संरचना दृष्यमध्ये बदलणे शक्य आहे. सर्व्हिसेसची रनटाइम संरचना ठरवले " "आहे." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalldसाठी इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) प्रकारकरिता firewalld icmptype " "माहिती पुरवते." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP प्रकार समाविष्ट करा" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP प्रकार संपादित करा" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP प्रकार काढून टाका" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP प्रकार पूर्वनिर्धारित लोड करा" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "IPv4 आणि किंवा IPv6 करिता हे ICMP प्रकार उपलब्ध आहे किंवा नाही ते निर्देशीत करा." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP प्रकारला कायमस्वरूपी संरचना दृष्यमध्ये बदलणे शक्य आहे. ICMP प्रकारची रनटाइम संरचना " "ठरवली आहे." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "डाइरेक्ट संरचना फायरवॉलकरिता प्रत्यक्ष प्रवेश देते. ह्या पर्यायमुळे वापरकर्त्याला मूळ " "iptables तत्व, जसे कि तक्ता, चैन्स, आदेश, बाबी आणि लक्ष्य माहिती असणे आवश्यक आहे. " "प्रत्यक्ष संरचनेचा वापर शेवटचा पर्याय म्हणून करावा जेव्हा इतर फायरवॉल्ड गुणविशेषांचा वापर " "शक्य होत नाही." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "प्रत्येक पर्यायचे ipv बाब ipv4 किंवा ipv6 किंवा eb पाहिजे. ipv4 असल्यास ते iptables " "करिता, ipv6 असल्यास ip6tables करिता आणि eb असल्यास for इथरनेट ब्रिजेसकरिता " "(ebtables) असायला हवे." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "नियमसह वापरण्याजोगी अगाऊ चैन्स." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "चैन समाविष्ट करा" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "चैन संपादित करा" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "चैन काढून टाका" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "चैन्स" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "प्राधान्यतासह तक्तामध्ये चैनकरिता आर्ग्युमेंट्स args सह नियम समाविष्ट करा." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "नियमांना क्रमवारित लावण्याकरिता प्राधान्यता. प्राधान्यता 0 म्हणजे चैनच्या शीर्षमध्ये नियम " "समाविष्ट करा , जास्त प्राधान्यता असणाऱ्या नियमाला अखेरीस समाविष्ट केले जाईल. समान " "प्राधान्यता असलेले नियम एकाच स्तारावर असतात आणि या नियमांची क्रमवारी निश्चीत नसते आणि " "कदाचित बदलू शकते. एका नियम नंतर इतर समाविष्ट केले जाईल, याची खात्री करायचे असल्यास, " "पहिल्या नियमकरिता किमान प्राधान्यताचा वापर करा आणि खालीलकरिता जास्त प्राधान्यताचा " "वापर करा." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "नियम समाविष्ट करा" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "नियम संपादित करा" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "नियम काढून टाका" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "नियम" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "फायरवॉलकरिता पासथ्रु नियम प्रत्यक्षरित्या पुरवले जातात आणि त्यास विशेष चैनमध्ये स्थित केले " "जात नाही. सर्व iptables, ip6tables आणि ebtables पर्यायांचा वापर शक्य आहे." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "कृपया फायरवॉल नष्ट होणार नाही याची पासथ्रु नियमतर्फे काळजी घ्या." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "पासथ्रु समाविष्ट करा" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "पासथ्रु संपादित करा" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "पासथ्रु काढून टाका" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "पासथ्रु" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "firewalld करिता लॉकडाऊन वापरकर्ता व ॲप्लिकेशन करारचे लाइटवेट गुणधर्म आहे. ते " "फायरवॉलकरिता बदल मर्यादीत ठेवते. लॉकडाउन वाइटलिस्टमध्ये आदेश, संदर्भ, वापरकर्ते व युजर " "आयडीज समाविष्टीत असू शकते." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "संदर्भ समाविष्ट करा" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "संदर्भ संपादित करा" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "संदर्भ काढून टाका" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "संदर्भ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "वाइटलिस्ट वरील आदेश नोंदणी ॲस्टेरिस्क '*' सह समाप्त होत असल्यास, आदेश पासून सुरू होणारे " "सर्व आदेश ओळ जुळतील. '*' हे ॲबसोल्युट आदेश अंतर्गत न आढळल्यास परस्पर बाबी जुळायला पाहिजे." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "आदेश ओळ समाविष्ट करा" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "आदेश ओळ संपादित करा" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "आदेश ओळ काढून टाका" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "आदेश ओळ" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "वापरकर्ता नावे." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "वापरकर्ता नाव समाविष्ट करा" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "वापरकर्ता नाव संपादित करा" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "वापरकर्ता नाव काढून टाका" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "वापरकर्ता नावे" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "युजर आयडीज." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "वापरकर्ता Id समाविष्ट करा" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "वापरकर्ता Id संपादित करा" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "वापरकर्ता Id काढून टाका" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "युजर आयडीज" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "प्रणालीचे सध्याचे पूर्वनिर्धारित क्षेत्र." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "पॅनिक मोड:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "लॉकडाउन:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "पूर्वनिर्धारित क्षेत्र:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "पोर्ट व शिष्टाचार" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "कृपया पोर्ट व प्रोटोकॉल भरा." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "डाइरेक्ट नियम" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "कृपया ipv आणि तक्ता, चैन प्राधान्यता आणि बाबी निवडा." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "प्राधान्यता:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "कृपया प्रोटोकॉल द्या." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "इतर प्रोटोकॉल:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "रिच रूल" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "कृपया रिच रूल भरा." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "यजमान किंवा नेटवर्ककरिता घटकांना निष्क्रीय करण्यासाठी वाइट किंवा ब्लॅकलिस्ट करा." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "सोअर्स:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "1लक्ष्य:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "लॉग:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ऑडिट:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 आणि ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "इनवर्टेड" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "सुरू करण्यासाठी ह्या कृतीला 'reject' करा आणि फॅमिलि एकतर 'ipv4' किंवा 'ipv6' (दोन्ही " "नाही) पाहिजे." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "प्रकार सह:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "मर्यादा सह:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "प्रिफिक्स:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "स्तर:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "घटक:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "कृती:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "बेस सर्व्हिस सेटिंग्ज" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "कृपया बेस सर्व्हिस सेटिंग्ज संरचीत करा:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "कृपया सर्व्हिस निवडा." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "युजर ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "कृपया युजर id द्या." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "कृपया वापरकर्ता नाव द्या." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "बेस क्षेत्र सेटिंग्ज" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "कृपया बेस क्षेत्र सेटिंग्ज संरचीत करा:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "पूर्वनिर्धारित लक्ष्य" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "लक्ष्य:" firewalld-0.8.2/po/sk.po0000664007115300711530000016622313641112251016255 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Dušan Kazik , 2012-2013 # Marcel Telka , 2004 # Mike Karas , 2006 # feonsu , 2008-2010 # feonsu , 2016. #zanata # feonsu , 2017. #zanata # feonsu , 2018. #zanata # Matej Marusak , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-01-13 14:38-0500\n" "PO-Revision-Date: 2020-01-19 08:15+0000\n" "Last-Translator: Matej Marusak \n" "Language-Team: Slovak \n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" "X-Generator: Weblate 3.10.3\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Aplet pre firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Nastavenia firewallu" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;sieť;bezpečnosť;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Vyberte zónu pre rozhranie „%s“" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Predvolená zóna" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Vyberte zónu pre rozhranie '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Nepodarilo sa nastaviť zónu {zone} pre pripojenie {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Vyberte zónu pre zdroj '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Konfigurácia zóny pre zapnutý/vypnutý štít" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Tu môžete vybrať zóny, ktoré budú použité pre zapnutý a vypnutý štít." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Táto funkcia je užitočná pre ľudí, ktorí prevažne využívajú predvolené zóny. " "Pre používateľov, ktorí menia zóny pripojení, môže byť použitie obmedzené." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zóna pre zapnutý štít:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Obnoviť predvolené" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zóna pre vypnutý štít:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "O %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autori" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licencia" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Zapnúť štít" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Povoliť upozornenia" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Upraviť nastavenia firewallu..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Zmeniť zóny pripojení…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Nastaviť zóny pre zapnutý/vypnutý štít..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokovať všetky sieťové prenosy" #: ../src/firewall-applet.in:500 msgid "About" msgstr "O aplikácii" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Pripojenia" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Rozhrania" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Zdroje" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Overenie zlyhalo." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Neplatný názov" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Názov už existuje" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zóna: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Predvolená zóna: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nepodarilo sa získať pripojenia z NetworkManagera" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nie sú dostupné žiadne importy NetworkManagera" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Žiadne pripojenie k službe firewallu" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Všetky sieťové prenosy sú blokované." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Predvolená zóna: „%s“" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Predvolená zóna '{default_zone}' je aktívna pre pripojenie '{connection}' na " "rozhraní '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zóna '{zone}' je aktívna pre pripojenie '{connection}' na rozhraní " "'{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zóna '{zone}' je aktívna pre rozhranie '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zóna '{zone}' je aktívna pre zdroj {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Žiadne aktívne zóny." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Pripojenie k službe FirewallD bolo nadviazané." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Pripojenie k službe FirewallD bolo stratené." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "Služba FirewallD bola znovu načítaná." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Predvolená zóna bola zmenená na „%s“." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Sieťové prenosy už nie sú blokované." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktivovaná" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deaktivovaná" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Predvolená zóna '{default_zone}' je {activated_deactivated} pre pripojenie " "'{connection}' na rozhraní '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zóna '{zone}' je {activated_deactivated} pre pripojenie '{connection}' na " "rozhraní '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zóna '{zone}' je {activated_deactivated} pre rozhranie '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zóna '%s' je aktivovaná pre rozhranie „%s“" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zóna '{zone}' je {activated_deactivated} pre zdroj '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zóna '%s' je aktivovaná pre zdroj '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Pripojenie k službe FirewallD bolo nadviazané." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Pokus o pripojenie k firewalld, čaká sa..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Zlyhalo pripojenie k firewalld. Uistite sa, že bola služba spustená správne " "a skúste to znovu." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Zmeny boli aplikované." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Použité sieťovým pripojením '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Predvolená zóna používaná sieťovým pripojením '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "povolené" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "zakázané" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Nepodarilo sa načítať ikony." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Príkazový riadok" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Používateľské meno" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID používateľa" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabuľka" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Reťaz" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorita" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenty" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Bežiaca" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Trvalá" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Služba" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Cieľový port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Cieľová adresa" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Väzby" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Položka" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Typ Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Rodina" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Akcia" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Zdroj" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cieľ" #: ../src/firewall-config.in:834 msgid "log" msgstr "záznam" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Rozhranie" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentár" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Zdroj" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Varovanie" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Chyba" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "prijať" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "odmietnuť" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "zahodiť" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "označit" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "služba" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maškaráda" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "zdrojový port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "úroveň" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "áno" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zóna" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Predvolená zóna: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zóna: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zóna „%s“: Služba „%s“ nie je dostupná." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Odstrániť" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorovať" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zóna „%s“: Typ ICMP „%s“ nie je dostupný." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Integrovaná zóna, premenovanie nie je podporované." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekunda" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minúta" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hodina" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "deň" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "núdzové" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "výstraha" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritické" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "chyba" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "upozornenie" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "oznámenie" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informácia" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ladenie" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Preposielanie na iný systém je užitočné len ak je na rozhraní maškaráda. \n" "Chcete zamaskovať túto zónu?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Integrovaná služba, premenovanie nie je podporované." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Zadajte ipv4 adresu v tvare adresa[/maska]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Maska môže byť maska siete alebo číslo." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Zadajte ipv6 adresu v tvare adresa[/maska]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Maska je číslo." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Zadajte ipv4 alebo ipv6 adresu v tvare adresa[/maska]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maska môže byť maska siete alebo číslo pre ipv4.\n" "Maska je číslo pre ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Integrované ipset, premenovanie nie je podporované." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Vyberte súbor" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Textové súbory" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Všetky súbory" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Všetko" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Integrovaný pomocník, premenovanie nie je podporované." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Integrované icmp, premenovanie nie je podporované." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nepodarilo sa načítať súbor '%s': %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Vyberte zónu pre zdroj %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresa" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatický pomocníci" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Prosím vyberte hodnotu automatického pomocníka:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Prosím, zadajte príkazový riadok." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Prosím, zadajte kontext." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Prosím vyberte predvolenú zónu zo zoznamu nižšie." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Priama reťaz" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Prosím vyberte ipv a tabuľku a zadajte názov reťaze." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Reťaz:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "security" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabuľka:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Priame pravidlo priechodu" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Prosím vyberte ipv a zadajte parametre." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Parametre:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Presmerovanie portov" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Prosím zadajte zdrojové a cieľové možnosti podľa vašich potrieb." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Rozsah portov:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresa:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cieľ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ak povolíte lokálne preposielanie, musíte zadať port. Tento port musí byť " "iný ako zdrojový port." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokálne preposielanie" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Preposlať na iný port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Základné nastavenia pomocníka" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Prosím, nakonfigurujte základné nastavenia pomocníka:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" "Položky zobrazené tučným písmom sú povinné, všetky ostatné sú voliteľné." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Názov:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Verzia:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Skrátené:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Popis:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Rodina:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Pomocník" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Vyberte pomocníka:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Základné nastavenia typu ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Prosím, nakonfigurujte základné nastavenia typu ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Prosím, vyberte typ ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Pridať položku" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Pridať položky zo súboru" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Odstrániť vybrané položky" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Odstrániť všetky položky" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Odstrániť položky zo súboru" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Súbor" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "M_ožnosti" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Znovu načítať službu FirewallD" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Znovu načíta pravidlá firewallu. Aktuálna trvalá konfigurácia sa stane novou " "bežiacou konfiguráciou. Teda všetky zmeny vykonané v bežiacej konfigurácii " "pred znovu načítaním budú stratené, ak už neboli súčasťou trvalej " "konfigurácie." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Zmení zónu patriacu sieťovému pripojeniu." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Zmeniť predvolenú zónu" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Zmení predvolenú zónu pre pripojenia alebo rozhrania." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Zmeniť záznam zamietnutí" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Zmení hodnotu záznamu zamietnutí." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Nastaviť automatické priradenie pomocníka" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Nastaví automatické priradenie pomocníka." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Núdzový režim znamená, že všetky prichádzajúce a odchádzajúce pakety sa " "zahodia." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Núdzový režim" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Uzamknutie uzamkne konfiguráciu firewallu tak, že iba aplikácie z whitelistu " "pri uzamknutí ju môžu zmeniť." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Uzamknutie" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Zmení bežiacu konfiguráciu na trvalú" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Bežiaca konfigurácia na trvalú" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Zobraziť" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSety" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Typy ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Pomocníci" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Priama konfigurácia" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Whitelist pri uzamknutí" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktívne väzby" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Pomocník" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zmeniť zónu" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Zmeniť zónu väzby" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "Kryje aktívne bežiace väzby pripojení, rozhraní a zdrojov k zónam" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "Zobrazí aktívne bežiace väzby pripojení, rozhraní a zdrojov k zónam" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfigurácia:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Aktuálne viditeľná konfigurácia. Konfigurácia pre reláciu je aktuálna " "konfigurácia. Trvalá konfigurácia bude aktívna aj po znovu načítaní alebo " "reštarte služby alebo systému." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Zóna služby firewalld určuje úroveň dôvery pre sieťové pripojenia, rozhrania " "a zdrojové adresy previazané so zónou. Zóna kombinuje služby, porty, " "protokoly, maškarádu, presmerovanie portov/paketov, filtre icmp a pravidlá " "najvyššej úrovne. Zóna môže byť previazaná s rozhraniami a zdrojovými " "adresami." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Pridať zónu" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Upraviť zónu" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Odstrániť zónu" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Načítať predvolené nastavenia zóny" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Tu môžete určiť, ktoré služby sú pre zónu dôveryhodné. Dôveryhodné služby sú " "prístupné zo všetkých hostiteľov a sietí, ktoré majú dosah k stroju cez " "pripojenia, rozhrania a zdrojov previazaných s touto zónou." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Služby" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Pridajte dodatočné porty alebo rozsahy portov, ktoré musia byť prístupné pre " "všetky počítače alebo siete, ktoré sa môžu pripojiť k stroju." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Pridať port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Upraviť port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Odstrániť port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porty" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Pridajte protokoly, ktoré musia byť prístupné pre všetky počítače alebo " "siete." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Pridať protokol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Upraviť protokol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Odstrániť protokol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoly" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Pridajte dodatočné zdrojové porty alebo rozsahy portov, ktoré musia byť " "prístupné pre všetky počítače alebo siete, ktoré sa môžu pripojiť k stroju." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Zdrojové porty" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maškaráda je užitočná ak nastavujete počítač alebo smerovač, ktorý spája " "vašu lokálnu sieť s internetom. Vaša lokálna sieť nebude z internetu " "viditeľná a celá bude reprezentovaná iba jednou ip adresou. Maškaráda " "funguje len pre IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zamaskovať zónu" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ak povolíte maskovanie, bude pre vaše siete typu IPv4 povolené presmerovanie " "IP adries." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maškaráda" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Pridajte položky pre preposielanie portov buď z jedného portu na druhý na " "lokálnom systéme alebo lokálneho systému do iného systému. Preposielanie na " "iný systém je užitočné len ak je na rozhraní maškaráda. Funguje len na IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Pridať presmerovanie portu" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Upraviť presmerovanie portu" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Odstrániť presmerovanie portu" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Protokol internetových kontrolných správ (ICMP) sa používa predovšetkým k " "zasielaniu chybových správ medzi počítačmi v sieti, ale tiež pre informačné " "správy typu ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Označte v zozname typy ICMP, ktoré majú byť odmietnuté. Všetky ostatné typy " "ICMP budú môcť prejsť firewallom. Predvolené bez obmedzení." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Ak je povolené Invertovať filter, označené položky ICMP sa príjmu a ostatné " "odmietnu. V zóne s cieľom DROP sa zahodia." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertovať filter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filter ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Tu môžete nastaviť pravidlá jazyka rich (najvyššej úrovne) pre zónu." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Pridať pravidlo rich" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Upraviť pravidlo rich" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Odstrániť pravidlo rich" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Pravidlá rich" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Pridajte záznamy na previazanie rozhraní so zónou. Ak bude rozhranie použité " "pripojením, zóna bude nastavená na zónu určenú pre pripojenie." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Pridať rozhranie" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Upraviť rozhranie" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Odstrániť rozhranie" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Pridajte záznamy na previazanie zdrojových adries alebo oblastí so zónou. " "Previazať tiež môžete zdrojové MAC adresy, ale iba s obmedzeniami. " "Presmerovanie portov a maskovanie nebude fungovať pre previazané zdrojové " "MAC adresy." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Pridať zdroj" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Upraviť zdroj" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Odstrániť zdroj" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zóny" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Služba firewalld je kombináciou portov, protokolov, modulov a cieľových " "adries." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Pridať službu" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Upraviť službu" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Odstrániť službu" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Načítať predvolené nastavenia služby" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Pridajte dodatočné porty alebo rozsahy portov, ktoré musia byť prístupné pre " "všetky počítače alebo siete." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Upraviť položku" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Odstrániť položku" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Pridajte dodatočné zdrojové porty alebo rozsahy portov, ktoré musia byť " "prístupné pre všetky počítače alebo siete." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Zdrojový port" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Pomocné moduly Netfilter sú potrebné pre niektoré služby." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduly" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ak určíte cieľové adresy, položka so službou bude obmedzená na cieľové " "adresy a typ. Ak sú obidve položky prázdne, bude služba bez obmedzení." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Služby je možné meniť iba v zobrazení trvalej konfigurácie. Bežiaca " "konfigurácia služieb je nemenná." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet je možné použiť na vytvorenie whitelistu alebo blacklistu. Dokáže " "uložiť napríklad IP adresy, čísla portov a MAC adresy. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Pridať IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Upraviť IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Odstrániť IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Načítať predvolené nastavenia IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Položky IPSet. Zobrazené sú iba položky ipset, ktoré nepoužívajú voľbu " "časového limitu a tiež položky, ktoré pridal firewalld. Položky, ktoré boli " "priamo pridané pomocou príkazu ipset sa tu nezobrazia." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Tento IPSet používa voľbu časového limitu a preto tu nie sú vidieť žiadne " "položky. Položky by mali byť priamo nakonfigurované pomocou príkazu ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Pridať" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Položky" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSety je možné vytvoriť alebo odstrániť iba v zobrazení trvalej " "konfigurácie." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Typy ICMP pre firewalld poskytujú informácie pre ICMP (Internet Control " "Message Protocol)." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Pridať typ ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Upraviť typ ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Odstrániť typ ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Načítať predvolené nastavenia typu ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Zadajte, či je tento typ ICMP dostupný pre IPv4 alebo IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Typy ICMP je možné meniť iba v zobrazení trvalej konfigurácie. Bežiaca " "konfigurácia ICMP typov je nemenná." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Pomocník sledovania pripojení pomáha funkčnosti protokolov, ktoré používajú " "rôzne toky pre signalizáciu a prenos údajov. Prenosy údajov používajú porty, " "ktoré nesúvisia so signalizačnými spojeniami a bez pomocníka ich firewall " "preto zablokuje." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Zadajte porty a rozsahy portov monitorované pomocou pomocníka." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Priama konfigurácia poskytuje priamejší prístup k firewallu. Tieto voľby " "vyžadujú základnú znalosť konceptov iptables, napr. tabuľky, reťaze, " "príkazy, parametre a ciele. Priama konfigurácia by mala byť použitá ako " "posledná možnosť, keď už nie je možné použiť iné funkcie firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Argument ipv každej voľby musí byť typu ipv4, ipv6 alebo eb. Typ ipv4 bude " "pre iptables, ipv6 pre ip6tables a eb pre ethernetové mosty (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Dodatočné reťaze pre použitie s pravidlami." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Pridať reťaz" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Upraviť reťaz" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Odstrániť reťaz" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Reťaze" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Pridajte pravidlo s argumentami args k reťazi v tabuľke s prioritou." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Priorita sa používa na usporiadanie pravidiel. Priorita 0 znamená pridaj " "pravidlo na vrch reťaze, s vyššou prioritou bude pravidlo pridané nižšie. " "Pravidlá s rovnakou prioritou budú na rovnakej úrovni a poradie týchto " "pravidiel nie je pevné a môže sa meniť. Ak si chcete byť istý, že sa " "pravidlo pridá za iné, použite nižšiu prioritu pre prvé a vyššiu pre " "nasledujúce." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Pridať pravidlo" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Upraviť pravidlo" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Odstrániť pravidlo" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Pravidlá" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Pravidlá priameho priechodu prechádzajú priamo do firewallu a nie sú " "umiestnené v špeciálnych reťaziach. Je možné použiť všetky voľby iptables, " "ip6tables a ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "S pravidlami priameho priechodu buďte opatrný, aby nedošlo k poškodeniu " "firewallu." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Pridať priamy priechod" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Upraviť priamy priechod" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Odstrániť priamy priechod" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Priamy priechod" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funkcia uzamknutie je odľahčenou verziou používateľských a aplikačných " "politík pre firewalld. Obmedzuje zmeny vo firewalle. Whitelist pri uzamknutí " "môže obsahovať príkazy, kontexty, používateľov a ID používateľov." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontext je kontext zabezpečenia (SELinux) bežiacej aplikácie alebo služby. " "Ak chcete zistiť kontext bežiacej aplikácie použite ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Pridať kontext" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Upraviť kontext" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Odstrániť kontext" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexty" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ak položka príkazu z whitelistu končí hviezdičkou '*', potom sa všetky " "príkazové riadky začínajúce príkazom budú zhodovať. Ak tam '*' nie je, potom " "sa musí zhodovať absolútny príkaz vrátane argumentov." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Pridať príkazový riadok" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Upraviť príkazový riadok" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Odstrániť príkazový riadok" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Príkazové riadky" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Používateľské mená." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Pridať používateľské meno" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Upraviť používateľské meno" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Odstrániť používateľské meno" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Používateľské mená" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ID používateľov." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Pridať ID používateľa" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Upraviť ID používateľa" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Odstrániť ID používateľa" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ID používateľov" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Aktuálna predvolená zóna systému." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Záznam zamietnutí:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Núdzový režim:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatický pomocníci:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Uzamknutie:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Predvolená zóna:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Prosím zadajte názov rozhrania:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Základné nastavenia IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Prosím, nakonfigurujte základné nastavenia ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Časový limit:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Veľkosť hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Hodnota časového limitu v sekundách" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Počiatočná veľkosť hash, štandardná 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximálny počet elementov, štandardný 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Prosím vyberte ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Prosím zadajte položku ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Záznam zamietnurí" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Prosím vyberte hodnotu pre záznam zamietnutí:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Značka" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Prosím, zadajte značku s voliteľnou maskou." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Polia značka a maska sú obe 32-bitové čísla bez znamienka." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Značka:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maska:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Prosím vyberte pomocníka netfilter conntrack:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Vyberte -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Ďalšie moduly:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port a Protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Prosím, zadajte port a protokol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Priame pravidlo" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Prosím vyberte ipv a tabuľku, reťaz a zadajte parametre." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorita:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Prosím zadajte protokol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Iný protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Pravidlo rich" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Prosím zadajte pravidlo rich." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Pre whitelistovanie alebo blacklistovanie hostiteľa alebo siete deaktivujte " "element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Zdroj:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cieľ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Záznam:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 a ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertované" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Ak chcete toto povoliť, akcia musí byť 'reject' a rodina buď 'ipv4' alebo " "'ipv6' (nie obe)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "s typom:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "S limitom:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Úroveň:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Akcia:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Základné nastavenia služby" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Prosím, nakonfigurujte základné nastavenia služby:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Prosím vyberte službu." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Prosím zadajte zdroj." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID používateľa" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Prosím zadajte ID používateľa." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Prosím zadajte používateľské meno." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "menovka" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Základné nastavenia zóny" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Prosím, nakonfigurujte základné nastavenia zóny:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Predvolený cieľ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cieľ:" firewalld-0.8.2/po/as.po0000664007115300711530000021032413641112250016232 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Amitakhya Phukan , 2006 # Amitakhya Phukan , 2007-2010 # Amitakhya Phukan , 2007-2008,2010 # Nilamdyuti Goswami , 2013 # Nilamdyuti Goswami , 2013-2014 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:15+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Assamese (http://www.transifex.com/projects/p/firewalld/" "language/as/)\n" "Language: as\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ফায়াৰৱাল এপ্লেট" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ফায়াৰ্ৱাল" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ফায়াৰ্ৱাল বিন্যাস" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "আন্তঃপৃষ্ঠ '%s' ৰ বাবে অঞ্চল বাছক" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "অবিকল্পিত অঞ্চল" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "সংযোগ '%s' ৰ বাবে অঞ্চল বাছক" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "শিল্ড আপ/ডাউন অঞ্চলবোৰ সংৰূপণ কৰক" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ইয়াত আপুনি শিল্ড আপ আৰু শিল্ড ডাউনৰ বাবে ব্যৱহৃত অঞ্চলবোৰ বাছিব পাৰিব।" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "এই বৈশিষ্ট্য অবিকল্পিত অঞ্চলবোৰ ব্যৱহাৰ কৰা লোকৰ বাবে উপযোগী। ব্যৱহাৰকাৰীসকল, " "যিসকলে সংযোগসমূহৰ অঞ্চলসমূহ পৰিবৰ্তন কৰি আছে, ইয়াৰ ব্যৱহাৰ সীমিত হব।" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "শিল্ড আপ অঞ্চল:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "শিল্ড ডাউন অঞ্চল:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "শিল্ড আপ" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "অধিসূচনাসমূহ সামৰ্থবান কৰক" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ফায়াৰৱাল সংহতিসমূহ সম্পাদনা কৰক..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "সংযোগসমূহৰ অঞ্চলবোৰ পৰিবৰ্তন কৰক..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "শিল্ড আপ/ডাউন অঞ্চলবোৰ সংৰূপণ কৰক..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "সকলো নেটৱাৰ্ক ট্ৰাফিক ৰোধ কৰক" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "সংযোগসমূহ" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "উৎসসমূহ" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "প্ৰমাণীকৰণ ব্যৰ্থ হল।" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "অবৈধ তৰ্ক %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "নাম ইতিমধ্যে অস্তিত্ববান" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ফায়াৰৱাল ডিমনলৈ কোনো সংযোগ নাই" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "সকলো নেটৱাৰ্ক ট্ৰাফিক ৰোধ কৰা হৈছে।" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "অবিকল্পিত অঞ্চল: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে সক্ৰিয় অঞ্চল '{zone}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "আন্তঃপৃষ্ঠ '{interface}' ৰ বাবে সক্ৰিয় অঞ্চল '{zone}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "উৎস {source} ৰ বাবে সক্ৰিয় অঞ্চল '{zone}'" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "কোনো সক্ৰিয় অঞ্চল নাই।" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD লৈ সংযোগ স্থাপিত।" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD লৈ সংযোগ বিচ্ছিন্ন হৈছে।" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD ক পুনৰ ল'ড কৰা হৈছে।" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "অবিকল্পিত অঞ্চলক '%s' লৈ পৰিবৰ্তন কৰা হৈছে।" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "নেটৱাৰ্ক ট্ৰাফিক আৰু ৰোধ কৰা হোৱা নাই।" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "সক্ৰিয়" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "নিষ্ক্ৰিয়" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "আন্তঃপৃষ্ঠ '{interface}' ত সংযোগ '{connection}' ৰ বাবে অঞ্চল " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "আন্তঃপৃষ্ঠ '{interface}' ৰ বাবে অঞ্চল '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "আন্তঃপৃষ্ঠ '%s' ৰ বাবে অঞ্চল '%s' সক্ৰিয়" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "উৎস '{source}' ৰ বাবে অঞ্চল '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "উৎস '%s' ৰ বাবে অঞ্চল '%s' সক্ৰিয়" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "পৰিবৰ্তনসমূহ প্ৰয়োগ কৰা হৈছে।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "নেটৱাৰ্ক সংযোগ '%s' দ্বাৰা ব্যৱহৃত" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "সামৰ্থবান" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "অসামৰ্থবান" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "আইকনসমূহ ল'ড কৰিবলৈ ব্যৰ্থ।" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ব্যৱহাৰকাৰী নাম" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "চলনসময়" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "স্থায়ী" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "সেৱা" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "প'ৰ্ট" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "নিয়মনীতি" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "প'ৰ্ট" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ঠিকনাৰ ধৰন:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ধৰণ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "পৰিয়াল" #: ../src/firewall-config.in:826 msgid "Action" msgstr "কাৰ্য্য" #: ../src/firewall-config.in:828 msgid "Element" msgstr "উপাদান" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "লগ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "অডিট" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "উৎস" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "সঁকিয়নি" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ভুল" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "গ্ৰহণ কৰক" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "নাকচ কৰক" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ড্ৰপ কৰক" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "সীমা" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "সেৱা" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "পৰ্ট" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "প্ৰটোকল" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ছদ্মবেশ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "স্তৰ" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "হয়" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "অঞ্চল" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "অঞ্চল '%s': সেৱা '%s' উপলব্ধ নহয়।" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "আতৰাওক" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "উপেক্ষা কৰক" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "অঞ্চল '%s': ICMP ধৰণ '%s' উপলব্ধ নহয়।" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "বিলট-ইন অঞ্চল, পুনৰ নামকৰণ সমৰ্থিত নহয়।" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ছেকেণ্ড" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "মিনিট" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ঘন্টা" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "দিন" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "আপাতকালীন" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "সতৰ্ক" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "মাৰাত্মক" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ত্ৰুটি" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "সতৰ্কবাৰ্তা" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ঘোষণা" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "তথ্য" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ডিবাগ কৰক" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "অন্য চিস্টেমলৈ ফৰৱাৰ্ড কৰাটো কেৱল তেতিয়াহে লাভদায়ক যেতিয়া আন্তঃপৃষ্ঠ মাস্কুৰেডেড " "থাকে।\n" "আপুনি এই অঞ্চলটো মাস্কুৰেড কৰিব বিচাৰে নে?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "বিলট-ইন সেৱা, পুনৰ নামকৰণ সমৰ্থিত নহয়।" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "বিলট-ইন icmp, পুনৰ নামকৰণ সমৰ্থিত নহয়।" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "উৎস %s ৰ বাবে অঞ্চল বাছক" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ঠিকনা" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "অনুগ্ৰহ কৰি কমান্ড শাৰীলৈ যাওক।" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "অনুগ্ৰহ কৰি পৰিপ্ৰেক্ষতিত সুমুৱাওক।" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "অনুগ্ৰহ কৰি তলৰ তালিকাৰ পৰা অবিকল্পিত অঞ্চল বাছক।" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "প্ৰত্যক্ষ শৃংখল" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "অনুগ্ৰহ কৰি ipv আৰু টেবুল বাছক আৰু শৃংখল নাম সুমুৱাওক।" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "শৃংখল:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ৰ'" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "সুৰক্ষা" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "টেবুল:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "প্ৰত্যক্ষ পাছথ্ৰু নিয়ম" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "অনুগ্ৰহ কৰি ipv বাছক আৰু args সুমুৱাওক।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "প'ৰ্ট ফৰৱাৰ্ডিং" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "আপোনাৰ প্ৰয়োজনৰ মতে উৎস আৰু গন্তব্যৰ বিকল্প নিৰ্ব্বাচন কৰক ।" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "প'ৰ্ট / প'ৰ্টেৰ সীমা:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ঠিকনা:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "নিয়মনীতি:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "গন্তব্য" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "স্থানীয় ভাবে আগবঢ়োৱা সক্ৰিয় কৰিলে, আপুনি এটা প'ৰ্ট নিৰ্ধাৰিত কৰিব লাগিব ।এই প'ৰ্ট " "উৎসৰ প'ৰ্টৰ পৰা বেলেগ হ'ব লাগি ব ।" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "স্থানিয় ফৰৱাৰ্ডিং" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "অন্য এটা প'ৰ্টলৈ আগবঢ়োৱা হৈছে" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ডাঠ ৰূপত থকা প্ৰৱিষ্টিবোৰ বাধ্যতামূলক, অন্য সকলো বৈকল্পিক।" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "নাম:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "সংস্কৰণ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "সৰু:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "বিৱৰণ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "পৰিয়াল:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ভিত্তি ICMP ধৰণ সংহতিসমূহ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "অনুগ্ৰহ কৰি ভিত্তি ICMP ধৰণ সংহতিসমূহ সংৰূপণ কৰক" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ধৰণ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "অনুগ্ৰহ কৰি এটা ICMP ধৰণ বাছক" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "নিবেশ যোগ কৰক" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "নথিপত্ৰ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "বিবিধ বিকল্প (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld পুনৰ ল'ড কৰক" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ফায়াৰৱাল নিয়মসমূহ পুনৰ ল'ড কৰে। বৰ্তমান চলনসময় সংৰূপ নতুন চলনসময় অংৰূপ হ'ব, অৰ্থাত " "পুনৰ ল'ড হোৱালৈ সকলো কেৱল চলনসময় পৰিবৰ্তনসমূহ পুনৰ ল'ডৰ সৈতে নহোৱা হব যদি সিহতো " "স্থায়ী সংৰূপত নাথাকিল হেতেন।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "এটা নেটৱাৰ্ক সংযোগ থকা অঞ্চল পৰিবৰ্তন কৰক।" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "অবিকল্পিত অঞ্চল পৰিবৰ্তন কৰক" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "সংযোগসমূহ অথবা আন্তঃপৃষ্ঠসমূহৰ বাবে অবিকল্পিত অঞ্চল পৰিবৰ্তন কৰক।" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "পেনিক অৱস্থাৰ অৰ্থ সকলো অন্তৰগামী আৰু বহিৰ্গামী পেকেটসমূহ ড্ৰপ কৰা হব।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "আতঙ্ক অৱস্থা" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "লকডাউনে ফায়াৰৱাল সংৰূপ লক কৰে যাতে কেৱল লকডাউন হোৱাইটলিস্টত থকা এপ্লিকেচনসমূহে " "ইয়াক পৰিবৰ্তন কৰিব পাৰে।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "লকডাউন" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "চলনসময় সংৰূপ চিৰস্থায়ী কৰক" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "চলনসময়ৰ পৰা চিৰস্থায়ী" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "দৰ্শন (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ধৰণসমূহ" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "প্ৰত্যক্ষ সংৰূপ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "লকডাউন হোৱাইটলিস্ট" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "সহায়তা (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "সংৰূপ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "বৰ্তমানে দৃশ্য সংৰূপ। চলনসময় সংৰূপ হল প্ৰকৃত সক্ৰিয় সংৰূপ। স্থায়ী সংৰূপ সেৱাৰ পিছত অথবা " "চিস্টেম পুনৰ ল'ড অথবা পুনাৰম্ভৰ পিছত সক্ৰিয় হব।" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "এটা firewalld অঞ্চলে নেটৱাৰ্ক সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু অঞ্চলৰ সৈতে সংযুক্ত উৎস " "ঠিকনাসমূহৰ বাবে ভৰষাৰ স্তৰৰ বিৱৰণ দিয়ে। অঞ্চলে সেৱাসমূহ, পৰ্টসমূহ, প্ৰটোকলসমূহ, " "ছদ্মবেশ, পৰ্ট/পেকেট ফৰৱাৰ্ডিং, icmp, ফিল্টাৰসমূহ আৰু সমৃদ্ধ নিয়মসমূহ একত্ৰিত কৰে। " "অঞ্চলক আন্তঃপৃষ্ঠসমূহ আৰু উৎস ঠিকনাসমূহলৈ সংযুক্ত কৰিব পাৰি।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "অঞ্চল যোগ কৰক" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "অঞ্চল সম্পাদনা কৰক" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "অঞ্চল আতৰাওক" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "অঞ্চলৰ অবিকল্পিতসমূহ ল'ড কৰক" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ইয়াত আপুনি বিৱৰণ দিব পাৰিব কোন সেৱাসমূহ অঞ্চলত ভৰষা কৰিব পাৰি। সকলো হস্ট আৰু " "নেটৱাৰ্কসমূহ যিসমূহে মেনিচক এই অঞ্চলৰ সৈতে সংযুক্ত সংযোগসমূহ, আন্তঃপৃষ্ঠসমূহ আৰু উৎসসমূহৰ " "পৰা প্ৰাপ্ত কৰিব পাৰে সেইসমূহে ভৰষাবান সেৱাসমূহ অভিগম কৰিব পাৰে।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "সেৱাসমূহ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "অতিৰিক্ত পৰ্ট অথবা পৰ্ট বিস্তাৰসমূহ যোগ কৰক, যি মেচিনৰ সৈতে সংযোগ কৰিব পৰা সকলো " "হস্ট অথবা নেটৱাৰ্কৰ বাবে অভিগম্য হব লাগে।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "প'ৰ্ট" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "পৰ্ট সম্পাদনা কৰক" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "পৰ্ট আতৰাওক" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "পৰ্টসমূহ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "স্থানীয় নেটৱৰ্ক, ইন্টাৰনেটেৰ সৈতে সংযুক্ত কৰাৰ বাবে গৃহস্থ অথবা ৰাউটাৰ প্ৰস্তুতিৰ সময় " "Masquerading সহয়াক । আপোনাৰ স্থানীয় নেটৱৰ্ক প্ৰকাশিত নহ'ব আৰু ইন্টাৰনেটে এটা গৃহস্থ " "ৰূপে প্ৰস্তুত কৰা হ'ব । Masquerading অকল IPv4-ৰ ক্ষেত্ৰত প্ৰযোজ্য ।" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ছদ্মবেশ অঞ্চল" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "যদি আপুনি ছদ্মবেশ সামৰ্থবান কৰে, আপোনাৰ IPv4 নেটৱাৰ্কসমূহৰ বাবে IP ফৰৱাৰ্ডিং " "সামৰ্থবান কৰা হব।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ফৰৱাৰ্ড পৰ্টসমূহলৈ প্ৰৱিষ্টি স্থানীয় চিস্টেমত অথবা স্থানীয় চিস্টেমৰ পৰা অন্য চিস্টেমলৈ " "এটা পৰ্টৰ পৰা অন্যলৈ যোগ কৰক। আন্তঃপৃষ্ঠ মাস্কুৰেইডেড থাকিলে অন্য চিস্টেমলৈ ফৰৱাৰ্ডিং " "উপযোগী হয়। পৰ্ট ফৰৱাৰ্ডিং কেৱল IPv4।" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ফৰৱাৰ্ড পৰ্ট যোগ কৰক" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ফৰৱাৰ্ড পৰ্ট সম্পাদনা কৰক" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ফৰৱাৰ্ড পৰ্ট আতৰাওক" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল (ICMP) মূখ্যভাৱে নেটৱাৰ্ক কমপিউটাৰসমূহৰ মাজত ত্ৰুটি " "বাৰ্তাসমূহ পঠাবলৈ ব্যৱহাৰ কৰা হয়, কিন্তু অতিৰিক্তভাৱে তথ্যমূলক বাৰ্তাসমূহ যেনে ping " "অনুৰোধ আৰু উত্তৰৰ বাবেও ব্যৱহাৰ কৰা হয়।" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "তালিকাত ICMP ৰ ধৰণ চিহ্নিত কৰক, যাক গ্ৰহণ কৰা ন'হ'ব । শেষ সকলো ICMP ধৰণক " "ফায়াৰ্ৱালৰ মাজেদি যাব দিয়া হ'ব । অবিকল্পিত মান হ'ল কোনো সীমা নাই ।" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ফিল্টাৰ" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ইয়াত আপুনি অঞ্চলৰ বাবে সমৃদ্ধ ভাষা নিয়মসমূহ সংহতি কৰিব পাৰিব।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "সমৃদ্ধ নিয়ম যোগ কৰক" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "সমৃদ্ধ নিয়ম সম্পাদন কৰক" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "সমৃদ্ধ নিয়ম আতৰাওক" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "সমৃদ্ধ নিয়মসমূহ" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "অঞ্চলৰ সৈতে আন্তহপৃষ্ঠসমূহ সংযুক্ত কৰিবলৈ প্ৰৱিষ্টিসমূহ যোগ কৰক। যদি আন্তঃপৃষ্ঠক এটা " "সংযোগে ব্যৱহাৰ কৰিব, অঞ্চলক সংযোগত ধাৰ্য্য কৰা অঞ্চললৈ সংহতি কৰা হব।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "আন্তঃপৃষ্ঠ যোগ কৰক" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "আন্তঃপৃষ্ঠ সম্পাদন কৰক" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "আন্তঃপৃষ্ঠ আতৰাওক" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "উৎস যোগ কৰক" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "উৎস সম্পাদন কৰক" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "উৎস আতৰাওক" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "অঞ্চলবোৰ" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "এটা firewalld সেৱা হল পৰ্টসমূহ, প্ৰটোকলসমূহ, মডিউলসমূহ আৰু গন্তব্য ঠিকনাসমূহৰ এটা " "সংযুক্তি।" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "সেৱা যোগ কৰক" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "সেৱা সম্পাদনা কৰক" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "সেৱা আতৰাওক" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "সেৱাৰ অবিকল্পিতসমূহ ল'ড কৰক" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "নিবেশ সম্পাদনা" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "নিবেশ আঁতৰাওক" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "মডিউলসমূহ" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "যদি আপুনি গন্তব্য ঠিকনাসমূহ ধাৰ্য্য কৰে, সেৱা প্ৰৱিষ্টি গন্তব্য ঠিকনা আৰু ধৰণলৈ সীমিত " "থাকিব। যদি দুয়োটা প্ৰৱিষ্টি ৰিক্ত থাকে, তেন্তে কোনো সীমা নাথাকিব।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "সেৱাসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। সেৱাসমূহৰ চলনসময় সংৰূপ " "নিৰ্দিষ্ট কৰা আছে।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "এটা firewalld icmptype এ firewalld ৰ বাবে এটা ইন্টাৰনেট নিয়ন্ত্ৰণ বাৰ্তা প্ৰটোকল " "(ICMP) ধৰণৰ তথ্য প্ৰদান কৰে।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ধৰণ যোগ কৰক" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ধৰণ সম্পাদন কৰক" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ধৰণ আতৰাওক" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ধৰণ অবিকল্পিতসমূহ ল'ড কৰক" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "এই ICMP ধৰণ IPv4 আৰু/অথবা IPv6 ৰ বাবে উপলব্ধ আছে নে ধাৰ্য্য কৰক।" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ধৰণসমূহক কেৱল স্থায়ী সংৰূপ দৰ্শনত পৰিবৰ্তন কৰিব পাৰি। ICMP ধৰণসমূহৰ চলনসময় " "সংৰূপ নিৰ্দিষ্ট কৰা আছে।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "প্ৰত্যক্ষ সংৰূপে ফায়াৰৱাললৈ এটা অধিক প্ৰত্যক্ষ অভিগম প্ৰদান কৰে। এই বিকল্পসমূহৰ বাবে " "ব্যৱহাৰকাৰী জনে মৌলিক iptables ধাৰণাবোৰ জানিব লাগিব, অৰ্থাত টেবুলসমূহ, শৃংখলসমূহ, " "কমান্ডসমূহ, প্ৰাচলসমূহ আৰু লক্ষ্যবোৰ। প্ৰত্যক্ষ সংৰূপক কেৱল শেষ উপায় হিচাপে ব্যৱহাৰ কৰিব " "লাগে যেতিয়া অন্য firewalld বৈশিষ্ট্যসমূহ ব্যৱহাৰ কৰা সম্ভব নহয়।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "প্ৰত্যকটো বিকল্পৰ বাবে ipv তৰ্ক ipv4 অথবা ipv6 অথবা eb হব লাগিব। ipv4 ৰ সৈতে ই " "iptables ৰ বাবে হব, ipv6 ৰ সৈতে ip6tables ৰ বাবে হব আৰু eb ৰ সৈতে ইথাৰনেট " "ব্ৰিজবোৰ (ebtables) ৰ বাবে হব।" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "নিমৰ সৈতে ব্যৱহাৰ কৰিবলৈ অতিৰিক্ত শৃংখল।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "শৃংখল যোগ কৰক" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "শৃংখল সম্পাদনা কৰক" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "শৃংখল আতৰাওক" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "শৃংখলসমূহ" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "এটা প্ৰাথমিকতাৰ সৈতে এটা টেবুলৰ শৃংখললৈ তৰ্কসমূহ args ৰ সৈতে এটা নিয়ম যোগ কৰক।" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "প্ৰাথমিকতাক নিয়মসমূহক ক্ৰম কৰিবলৈ ব্যৱহাৰ কৰা হয়। প্ৰাথমিকতা 0 ৰ অৰ্থ হল শৃংখলৰ " "ওপৰত নিময় যোগ কৰা, উচ্চ প্ৰাথমিকতাৰ সৈতে নিয়মক তলত যোগ কৰা হব। একে প্ৰাথমিকতাৰ " "সৈতে নিয়মসমূহ একেটা স্তৰত থাকে আৰু এই নিয়মসমূহৰ ক্ৰম নিৰ্দিষ্ট নহয় আৰু সলনি হব পাৰে। " "যদি আপুনি সুনিশ্চিত কৰিব বিচাৰে যে এটা নিয়ম অন্য এটাৰ পিছত যোগ কৰা হব, প্ৰথমটোৰ " "বাবে এটা নিম্ন প্ৰাথমিকতা ব্যৱহাৰ কৰক আৰু নিম্নলিখিতৰ বাবে এটা উচ্চ ব্যৱহাৰ কৰক:" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "নিয়ম যোগ কৰক" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "নিয়ম সম্পাদন কৰক" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "নিয়ম আতৰাওক" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "নিয়মসমূহ" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "পাছথ্ৰু নিয়মসমূহ ফায়াৰৱাললৈ প্ৰত্যক্ষভাৱে প্ৰেৰণ কৰা হয় আৰু বিশেষ শৃংখলত স্থাপন কৰা " "নহয়। সকলো iptables, ip6tables আৰু ebtables বিকল্পসমূহ ব্যৱহাৰ কৰিব পাৰি।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "অনুগ্ৰহ কৰি পাছথ্ৰু নিয়মসমূহ ব্যৱহাৰ কৰোতে সাৱধান হব যাতে ফায়াৰৱাল ক্ষতিগ্ৰস্থ নহয়।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "পাছথ্ৰু যোগ কৰক" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "পাছথ্ৰু সম্পাদন কৰক" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "পাছথ্ৰু আতৰাওক" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "পাছথ্ৰু" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "লকডাউন বৈশিষ্ট্য firewalld ৰ বাবে ব্যৱহাৰকাৰী আৰু এপ্লিকেচন নীতিসমূহৰ এটা লঘু " "সংস্কৰণ। ই ফায়াৰৱাললৈ কৰা পৰিবৰ্তনসমূহ সীমিত কৰে। লকডাউন হোৱাইটলিস্টত কমান্ডসমূহ, " "পৰিপ্ৰেক্ষতিত, ব্যৱহাৰকাৰীসকল আৰু ব্যৱহাৰকাৰী আইডিসমূহ থাকিব পাৰে।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "পৰিপ্ৰেক্ষতিত যোগ কৰক" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "পৰিপ্ৰেক্ষতিত সম্পাদন কৰক" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "পৰিপ্ৰেক্ষতিত আতৰাওক" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "পৰিপ্ৰেক্ষতিতসমূহ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "যদি ৱোহাইটলিস্টত এটা কমান্ড প্ৰৱিষ্টি এটা একস্টেৰিক্স '*' ৰ সৈতে অন্ত হয়, তেন্তে " "কমান্ডৰ সৈতে আৰম্ভ হোৱা সকলো কমান্ড শাৰী মিল খাব। যদি '*' নাই সম্পূৰ্ণ কমান্ড " "অন্তৰ্ভুক্ত তৰ্কসমূহ মিল খাব লাগিব।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "কমান্ড শাৰী যোগ কৰক" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "কমান্ড শাৰী সম্পাদন কৰক" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "কমান্ড শাৰী আতৰাওক" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "কমান্ড শাৰীসমূহ" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ব্যৱহাৰকাৰী নামসমূহ।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ব্যৱহাৰকাৰী নাম যোগ কৰক" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ব্যৱহাৰকাৰী নাম সম্পাদন কৰক" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ব্যৱহাৰকাৰী নাম আতৰাওক" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ব্যৱহাৰকাৰী নামসমূহ" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ব্যৱহাৰকাৰী আইডিবোৰ।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ব্যৱহাৰকাৰী আইডি যোগ কৰক" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ব্যৱহাৰকাৰী আইডি সম্পাদন কৰক" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ব্যৱহাৰকাৰী আইডি আতৰাওক" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ব্যৱহাৰকাৰী আইডিবোৰ" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "চিস্টেমৰ বৰ্তমান অবিকল্পিত অঞ্চল।" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "আতঙ্ক অৱস্থা:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "লকডাউন:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "অবিকল্পিত অঞ্চল:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "প'ৰ্ট আৰু নিয়মনীতি" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "অনুগ্ৰহ কৰি এটা পৰ্ট অথবা প্ৰটোকল সুমুৱাওক।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "প্ৰত্যক্ষ নিয়ম" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "অনুগ্ৰহ কৰি ipv আৰু টেবুল, শৃংখল প্ৰাথমিকতা বাছক আৰু args সুমুৱাওক।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "প্ৰাথমিকতা:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "অনুগ্ৰহ কৰি এটা প্ৰটোকল সুমুৱাওক।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "অন্য প্ৰটোকল:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "সমৃদ্ধ নিয়ম" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "অনুগ্ৰহ কৰি এটা সমৃদ্ধ নিয়ম সুমুৱাওক।" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "হস্ট অথবা নেটৱাৰ্ক হোৱাইট অথবা ব্লেকলিস্টিংৰ বাবে উপাদানক নিষ্ক্ৰিয় কৰক।" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "উৎস:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "গন্তব্য:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "লগ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "অডিট:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 আৰু ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "উলোটা" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ইয়াক সামৰ্থবান কৰিবলৈ কাৰ্য্য 'reject' আৰু পৰিয়াল 'ipv4' অথবা 'ipv6' হব লাগিব " "(দুয়ো নহয়)।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "চিহ্নিত ধৰণৰ সৈতে:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "চিহ্নিত সীমাৰ সৈতে:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "উপসৰ্গ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "স্তৰ:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "উপাদান:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "কাৰ্য্য:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ভিত্তি সেৱা সংহতিসমূহ" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "অনুগ্ৰহ কৰি ভিত্তি সেৱা সংহতিসমূহ সংৰূপণ কৰক:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "অনুগ্ৰহ কৰি এটা সেৱা বাছক।" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ব্যৱহাৰকাৰী ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "অনুগ্ৰহ কৰি ব্যৱহাৰকাৰী আইডি সুমুৱাওক।" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "অনুগ্ৰহ কৰি ব্যৱহাৰকাৰী নাম সুমুৱাওক।" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ভিত্তি অঞ্চল সংহতিসমূহ" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "অনুগ্ৰহ কৰি ভিত্তি অঞ্চল সংহতিসমূহ সংৰূপণ কৰক:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "অবিকল্পিত লক্ষ্য" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "লক্ষ্য:" firewalld-0.8.2/po/sv.po0000664007115300711530000016533413641112251016272 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # denka , 2014 # denka , 2014 # Göran Uddeborg , 2012-2014 # Göran Uddeborg , 2015. #zanata # Göran Uddeborg , 2016. #zanata # Göran Uddeborg , 2017. #zanata # Eric Garver , 2018. #zanata # Göran Uddeborg , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:28+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Swedish (http://www.transifex.com/projects/p/firewalld/" "language/sv/)\n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Panelprogram för brandvägg" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Brandvägg" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Brandväggskonfiguration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "brandvägg;nätverk;säkerhet;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Välj zon för gränssnittet ”%s”" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standardzon" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Välj zon för anslutningen ”%s”" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Kunde inte sätta zonen {zone} för anslutningen {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Välj zon för källan ”%s”" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Konfigurera sköldar upp-/ner-zoner" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Här kan du välja zonerna som skall användas för sköldar upp och sköldar ner." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Denna funktion är användbar för folk som använder standardzoner för det " "mesta. För användare som byter zoner med anslutningar kan det vara av " "begränsad nytta." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Sköldar upp-zon:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Återställ till standard" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Sköldar ner-zon:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Om %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Författare" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licens" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Sköldarna uppe" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Aktivera notifieringar" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Redigera brandväggsinställningar …" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Ändra zoner för anslutningar…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Konfigurera sköld upp-/nerzoner …" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blockera all nätverkstrafik" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Om" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Anslutningar" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Gränssnitt" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Källor" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Auktorisering misslyckades." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Ogiltigt namn" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Namnet finns redan" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zon: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Standardzon: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Misslyckades att hämta anslutningar från Nätverkshanteraren" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Inga importer från Nätverkshanteraren tillgängliga" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Ingen anslutning till brandväggsdemonen" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "All nätverkstrafik är blockerad." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Standardzon: ”%s”" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standardzonen ”{default_zone}” är aktiv för anslutningen ”{connection}” på " "gränssnittet ”{interface}”" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zonen ”{zone}” aktiv för anslutningen ”{connection}” på gränssnittet " "”{interface}”" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zonen ”{zone}” aktiv för gränssnittet ”{interface}”" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zonen ”{zone}” aktiv för källa {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Inga aktiva zoner." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Anslutning till FirewallD etablerad." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Anslutning till FirewallD förlorad." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD har lästs om." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Standardzon ändrad till ”%s”." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Nätverkstrafik är inte längre blockerad." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktiverad" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "inaktiverad" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standardzonen ”{default_zone}” {activated_deactivated} för anslutningen " "”{connection}” på gränssnittet ”{interface}”" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zonen ”{zone}” {activated_deactivated} för anslutningen ”{connection}” på " "gränssnittet ”{interface}”" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zonen ”{zone}” {activated_deactivated} för gränssnittet ”{interface}”" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zonen ”%s” aktiverad för gränssnittet ”%s”" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zonen ”{zone}” {activated_deactivated} för källa ”{source}”" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zonen ”%s” aktiverad för källa ”%s”" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Anslutningen till firewalld etablerad." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Försöker ansluta till firewalld, väntar …" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Det gick inte att ansluta till brandväggen. Kontrollera att tjänsten har " "startats korrekt och försök igen." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ändringar tillämpade." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Används av nätverksanslutningen ”%s”" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standardzonen används av nätverksanslutningen ”%s”" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aktiverad" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "inaktiverad" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Misslyckades att läsa in ikoner." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Kommandorad" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Användarnamn" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Användar-ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabell" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Kedja" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritet" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argument" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Körtillfälle" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Tjänst" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Till port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Till adress" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindningar" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Post" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-typ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familj" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Åtgärd" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Källa" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "logg" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Granskning" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Gränssnitt" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Källa" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Varning" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fel" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "acceptera" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "avvisa" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "kasta" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "märk" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "gräns" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "tjänst" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskera" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "port för vidarebefordran" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "källport" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivå" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ja" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zon" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Standardzon: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zon: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zon ”%s”: Tjänsten ”%s” är inte tillgänglig." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Radera" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorera" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zon ”%s”: ICMP-typen ”%s” är inte tillgänglig." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Inbyggd zon, namnbyte stödjs inte." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekund" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minut" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "timme" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dag" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "nödläge" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "larm" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritisk" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "fel" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "varning" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "meddelande" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "felsökning" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Vidarebefordran till ett annat system är endast användbart om gränssnittet " "är\n" "maskerat. Vill du maskera denna zon?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Inbyggd tjänst, namnbyte stödjs inte." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Ange en ipv4-adress på formen adress[/mask]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Masken kan vara en nätverksmask eller ett tal." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Ange en ipv6-adress på formen adress[/mask]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Masken är ett tal." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Ange en ipv4- eller ipv6-adress på formen adress[/mask]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Masken kan vara en nätverksmask eller ett tal för ipv4.\n" "Masken är ett tal för ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Inbyggd ipset, byte av namn stödjs inte." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Välj en fil" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Textfiler" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Alla filer" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alla" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Inbyggd hjälpare, namnbyte stödjs inte." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Inbyggd icmp, namnbyte stödjs inte." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Misslyckades att läsa filen ”%s”: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Välj zon för källan %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adress" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatiska hjälpare" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Välj den automatiska väljaren värde:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Ange kommandoraden." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Ange kontexten." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Välj standardzon från listan nedan." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direkt kedja" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Välj ipv och tabell och ange kedjenamnet." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Kedja:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "rå" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "säkerhet" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabell:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direkt passageregel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Ange ipv och skriv in argumenten." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Arg:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Vidarebefordran av port" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Välj de käll- och destinationsalternativ som du behöver." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Portintervall:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-adress:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Om du aktiverar lokal vidarebefordran så måste du ange en port. Denna port " "kan inte vara samma port som källporten." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokal vidarebefordran" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Vidarebefordra till en annan port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Inställningar för bashjälpare" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Konfigurera inställningar för bashjälpare" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Poster i fetstil är obligatoriska, alla andra är frivilliga." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Namn:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kort:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beskrivning:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familj:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Hjälpare" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Välj en hjälpare:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Grundinställningar för ICMP-typ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Konfigurera grundinställningar för ICMP-typ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Välj en ICMP-typ" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Lägg till post" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Lägg till poster från en fil" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Ta bort den valda posten" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Ta bort alla poster" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Ta bort poster från en fil" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fil" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Alternativ" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Läs om Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Läser om brandväggsregler. Nuvarande permanenta konfiguration kommer bli ny " "körtidskonfiguration. D.v.s., alla ändringar som bara gjorts i det körande " "systemet fram till omläsningen går förlorade vid en omläsning om de inte " "även har gjorts i den permanenta konfigurationen." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Ändra vilken zon en nätverksanslutning hör till." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Ändra standardzon" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Ändra standardzon för anslutningar eller gränssnitt." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Ändra nekningslogg" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Ändra nekningsloggvärde." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigurera tilldelning av automatiska hjälpare" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigurera inställningar för tilldelning av automatiska hjälpare" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Panikläge betyder att alla inkommande och utgående paket slängs." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panikläge" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Isolering låser brandväggskonfigurationen så att endast program på " "isoleringens vitlista kan ändra den." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Isolering" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Gör körtidskonfigurationen permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Körtid till permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Vy" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPMängder" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-typer" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Hjälpare" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direkt konfiguration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Isoleringens vitlista" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktiva bindningar" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hjälp" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Ändra zon" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Byt bindningszon" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Dölj aktiva körtidsbindningar över anslutningar, gränssnitt och källor till " "zoner" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Visa aktiva körtidsbindningar över anslutningar, gränssnitt och källor till " "zoner" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Nu synlig konfiguration. Körtidskonfigurationen är den aktiva " "konfigurationen. Permanent konfiguration kommer vara aktiv efter omläsning " "eller omstart av tjänsten eller systemet." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "En firewalld-zon definierar nivån av tillit på nätverksförbindelser, " "gränssnitt och källadresser bundna till zonen. Zonen kombinerar tjänster, " "portar, protokoll, maskering, vidarebefordran av portar/paket, icmp-filter " "och rika regler. Zonen kan bindas till gränssnitt och källadresser." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Lägg till zon" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Redigera zon" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Radera zon" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Läs in standardinställningar för zon" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Här kan du definiera vilka tjänster som är betrodda i zonen. Betrodda " "tjänster är åtkomliga från alla värdar och nätverk som kan nå maskinen från " "förbindelser, gränssnitt och källor bundna till denna zon." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Tjänster" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Lägg till ytterligare portar eller portintervall, vilka behöver vara " "åtkomliga för alla värdar eller nätverk som kan ansluta till maskinen." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Lägg till port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Redigera port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Radera port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portar" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Lägg till protokoll, som behöver vara åtkomliga för alla värdar eller " "nätverk." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Lägg till protokoll" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Redigera protokoll" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Ta bort protokoll" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoll" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Lägg till ytterligare källportar eller portintervall, vilka behöver vara " "åtkomliga för alla värdar eller nätverk som kan ansluta till maskinen." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Källportar" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskering gör att du kan sätta upp en värd eller router som ansluter till " "ditt lokala nätverket till internet. Ditt lokala nätverk syns inte och " "värdarna ser ut som de har en enda adress på internet. Maskering är endast " "för IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskerad zon" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Om du aktiverar maskering kommer IP-vidarebefordran aktiveras för dina IPv4-" "nätverk." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskering" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Lägg till poster för att vidarebefordra portar antingen från en port till en " "annan på det lokala systemet eller från det lokala systemet till ett annat " "system. Vidarebefordra till ett annat system är bara användbart om " "gränssnittet är maskerat. Vidarebefordran av portar är endast för IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Lägg till vidarebefordrad port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Redigera vidarebefordrad port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Radera vidarebefordrad port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) används mest för att skicka " "felmeddelanden mellan nätverksdatorer, men också för informationsmeddelanden " "som ping-förfrågningar och svar." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markera i listan de ICMP-typer som skall nekas tillträde. Alla andra ICMP-" "typer tillåts passera brandväggen. Standardvärdet är ingen begränsning av " "tillträde." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Om inverterat filter är aktivt accepteras märkta ICMP-poster och andra " "avvisas. I en zon med målet DROP kastas de." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertera filter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Här kan du ange regler i rikt språk för zonen." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Lägg till en rik regel" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Redigera en rik regel" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Ta bort en rik regel" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rika regler" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Lägg till poster för att binda gränssnitt till zonen. Om gränssnittet " "kommer användas av en förbindelse kommer zonen att sättas till zonen som är " "angiven i förbindelsen." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Lägg till gränssnitt" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Redigera gränssnitt" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Radera gränssnitt" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Lägg till poster för att binda källadresser eller områden till zonen. Du " "kan också binda till en MAC-källadress, men med begränsningar. " "Vidarebefordran av portar och maskering kommer inte fungera för MAC-" "källbindningar." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Lägg till källa" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Redigera källa" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Radera källa" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zoner" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "En firewalld-tjänst är en kombination av portar, protokoll, moduler och " "destinationsadresser." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Lägg till tjänst" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Redigera tjänst" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Radera tjänst" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Läs in standardvärden för tjänster" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Lägg till ytterligare portar eller portintervall, vilka behöver vara " "åtkomliga för alla värdar eller nätverk." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Redigera post" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Radera post" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Lägg till ytterligare källportar eller portintervall, vilka behöver vara " "åtkomliga för alla värdar eller nätverk." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Källport" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-hjälpmoduler behövs för vissa tjänster." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduler" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Om du anger destinationsadresser kommer tjänsteposten vara begränsad till " "destinationsadressen och typ. Om båda posterna är tomma finns det ingen " "sådan begränsning." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Tjänster kan endast ändras i vyn över permanent konfiguration. " "Konfigurationen av tjänster i det körande systemet är fast." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "En IPMängd kan användas för att skapa vit- eller svartlistningar och kan " "lagra till exempel IP-adresser, portnummer eller MAC-adresser. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPMängd" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Lägg till IPMängd" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Redigera IPMängd" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Ta bort IPMängd" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Läs in IPMängd-standardvärden" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Poster i IPMängden. Du kommer bara kunna se poster i ipmängder som inte " "använder alternativet tidsgräns, och endast posterna som har lagts till av " "firewalld. Poster som har lagts till direkt med kommandot ipset kommer inte " "listas här." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Denna IPMängd använder alternativet tidsgräns, därför är inga poster synliga " "här. Posterna skall tas om hand direkt med kommandot ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Lägg till" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Poster" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPMängder kan endast skapas eller tas bort i vyn med permanent konfiguration." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "En firewalld icmp-typ ger information för en Internet Control Message " "Protocol (ICMP)-typ för firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Lägg till ICMP-typ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Redigera ICMP-typ" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Radera ICMP-typ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Läs in standardvärden för ICMP-typer" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Ange huruvida denna ICMP-typ är tillgänglig för IPv4 och/eller IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-typer kan endast ändras i vyn över permanent konfiguration. " "Konfigurationen av ICMP-typer i det körande systemet är fast." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "En hjälpare som följer förbindelser assisterar för att få protokoll som " "använder olika flöden för signalering och dataöverföringar fungera. " "Dataöverföringarna använder portar som är orelaterade till " "signaleringsförbindelsen och blockeras därför av brandväggen utan hjälparen." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Definiera portar eller portintervall som övervakas av hjälparen." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Den direkta konfigurationen ger en mer direkt åtkomst till brandväggen. " "Dessa alternativ förutsätter att användaren känner till grundläggande " "begrepp i iptables, t.ex. tabeller, kedjor, kommandon, parametrar och mål. " "Direkt konfiguration bör bara användas som en sista utväg när det inte är " "möjligt att använda andra funktioner i firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Argumentet ipv i varje alternativ måste vara ipv4 eller ipv6 eller eb. Med " "ipv4 som står för iptables, med ipv6 för ip6tables och med eb för " "ethernätsbryggor (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Ytterligare kedjor att använda med regler." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Lägg till kedja" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Redigera kedja" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Ta bort kedja" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Kedjor" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Lägg till en regel med argumenten arg till en kedja i en tabell med en " "prioritet." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Prioriteten används för att sortera regler. Prioritet 0 betyder lägg till " "en regel först i kedjan, med en högre prioritet kommer regeln läggas till " "längre ned. Regler med samma prioritet ligger på samma nivå och ordningen " "mellan dessa regler är inte bestämd och kan ändras. Om du vill vara säker " "på att en regel kommer läggas till efter en annan, använd en lägre prioritet " "för den första och en högre för den följande." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Lägg till regel" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Redigera regel" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Radera regel" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regler" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Passageregler skickas direkt vidare till brandväggen och placeras inte i " "speciella kedjor. Alla flaggor till iptables, ip6tables och ebtables kan " "användas." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Var försiktig med passageregler för att inte skada brandväggen." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Lägg till en passageregel" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Redigera passageregel" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Ta bort passageregel" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passageregel" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funktionen isolering är en lättversion av policyer för användare och program " "för firewalld. Det begränsar ändringar av brandväggen. Isoleringens " "vitlista kan innehålla kommandon, kontexter, användare och användar-id:n." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontexten är säkerhetskontexten (SELinux) av ett körande program eller " "tjänst. För att få kontexten för ett körande program använd ps -e --" "context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Lägg till kontext" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Redigera kontext" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Ta bort kontext" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexter" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Om en kommandopost på vitlistan slutar med en asterisk ”*” kommer alla " "kommandorader som startar med kommandot att matcha. Om en ”*” inte finns " "där måste det precisa kommandot inklusive argument matcha." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Lägg till kommandorad" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Redigera kommandorad" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Ta bort kommandorad" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Kommandorader" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Användarnamn." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Lägg till användarnamn" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Redigera användarnamn" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Radera användarnamn" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Användarnamn" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Användar-id:n." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Lägg till användar-id" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Redigera användar-id" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Radera användar-id" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Användar-id:n" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Systemets nuvarande standardzon." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Nekningslogg:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panikläge:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatiska hjälpare:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Isolering:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standardzon:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Ange ett namn för gränssnittet:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Bas-IPMängd-inställningar" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Konfigurera bas-ipmängd-inställningar:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Tidsgräns:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash-storlek:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelement:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Tidsgränsvärde i sekunder" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Initial hash-storlek, standard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximalt antal element, standar 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Välj en ipmängd:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Ange en ipset-post:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Nekningslogg" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Välj värdet på nekningsloggen:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Märk" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Ange ett märke och eventuellt en mask." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Märkes- och maskfälten är båda 32 bitar breda teckenlösa tal." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Märke:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Mask:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Välj en netfilter conntrack-hjälpare:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Välj -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Annan modul:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port och protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Ange en port och ett protokoll." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direkt regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Välj ipv och tabell, kedjeprioritet och ange argumenten." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritet:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Ange ett protokoll." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Andra protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rik regel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Ange en rik regel." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "För vit- eller svartlistning av värdar eller nätverk deaktivera elementet." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Källa:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Logg:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Granskning:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 och IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverterad" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "För att aktivera detta måste Åtgärd vara ”avvisa” och Familj antingen ”ipv4” " "eller ”ipv6” (inte båda)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "med typ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Med gräns:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nivå:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Åtgärd:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Grundinställningar för tjänster" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Konfigurera grundinställningar för tjänster:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Välj en tjänst." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Ange en källa." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Användar-id" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Ange användar-id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Ange användarnamnet." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etikett" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Inställningar för baszon" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Konfigurera inställningar för baszon:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Standardmål" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Mål:" firewalld-0.8.2/po/sq.po0000664007115300711530000012764313641112251016266 0ustar00egarveregarver00000000000000# Enea Jahollari , 2017. #zanata # Sidorela Uku , 2017. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2017-04-20 11:49+0000\n" "Last-Translator: Sidorela Uku \n" "Language-Team: Albanian\n" "Language: sq\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Konfigurimi i Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Zgjidh zonën për ndërfaqen '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona e parazgjedhur" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Selektoni zonën për lidhjen '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Selektoni zonën për burimin '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Përreth %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autorët" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licensa" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Mundëso njoftimet" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blloko të gjithë trafikun në rrjet" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Rreth" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Lidhjet" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Ndërfaqet" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Burimet" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorizimi dështoi" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Emër i pavlefshëm" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Emri tashmë ekziston" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' aktive për burimin {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktivizuar" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "çaktivizuar" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' aktivizuar për ndërfaqen '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' aktivizuar për burimin '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ndryshimet u aplikuan." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Konteksti" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "I përhershëm" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Shërbim" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Portë" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Në Portën" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Në Adresën" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Lidhjet" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Hyrje" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familje" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Veprim" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Burim" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "pranoj" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "refuzoj" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "shënoj" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "shërbim" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "portë" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "portë-burim" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivel" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "po" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zonë" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Fshij" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Injoro" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekonda" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuta" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "orë" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ditë" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergjencë" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritik" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "gabim" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "njoftim" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Ju lutem zgjidhni një skedar" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Skedarët Tekst" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Të gjithë Skedarët" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Të gjithë" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresa" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destinacion" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Ndihmuesi" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Shërbimet" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Shto Portë" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edito Portë" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Fshij Portë" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portat" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Shto Protokoll" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokollet" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Portat burim" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Shto Ndërfaqe" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Porta Burim" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modulet" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Objektivi i paracaktuar" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Objektiv" firewalld-0.8.2/po/lt.po0000664007115300711530000014727713641112251016267 0ustar00egarveregarver00000000000000# Moo , 2018. #zanata # Moo , 2019. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2019-05-13 08:05+0000\n" "Last-Translator: Moo \n" "Language-Team: Lithuanian\n" "Language: lt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" "%100<10 || n%100>=20) ? 1 : 2)\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Užkardos programėlė" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Užkarda" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Užkardos konfigūravimas" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "užkarda;tinklas;saugumas;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Pasirinkite zoną sąsajai \"%s\"" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Numatytoji zona" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Pasirinkite zoną ryšiui \"%s\"" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Nepavyko ryšiui {connection_name} nustatyti zoną {zone} " #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ši ypatybė yra naudinga žmonėms, kurie, daugiausiai, naudoja numatytąsias " "zonas. Naudotojams, kurie keičia ryšių zonas ši ypatybė gali būti ribota." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Atstatyti į numatytąją" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Apie %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autoriai" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licencija" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Įjungti pranešimus" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Taisyti užkardos nustatymus..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Keisti ryšių zonas..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokuoti visą tinklo duomenų srautą" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Apie" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Ryšiai" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Sąsajos" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Šaltiniai" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Nepavyko suteikti prieigos teises." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Neteisingas pavadinimas" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Pavadinimas jau yra" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Numatytoji zona: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nepavyko gauti ryšių iš NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nėra prieinami jokie NetworkManager importavimai" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Nėra ryšio su užkardos tarnyba" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Visas tinklo duomenų srautas yra užblokuotas." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Numatytoji zona: \"%s\"" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Numatytoji zona \"{default_zone}\" aktyvi ryšiui \"{connection}\" ties " "sąsaja \"{interface}\"" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona \"{zone}\" aktyvi ryšiui \"{connection}\" ties sąsaja \"{interface}\"" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona \"{zone}\" aktyvi sąsajai \"{interface}\"" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zona \"{zone}\" aktyvi sąsajai {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Nėra jokių aktyvių zonų." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Užmegztas ryšys su FirewallD." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Prarastas ryšys su FirewallD." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD buvo įkelta iš naujo." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Numatytoji zona pakeista į \"%s'\"" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Tinklo duomenų srautas daugiau nebėra užblokuotas." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktyvuota" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "pasyvinta" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Numatytoji zona \"{default_zone}\" {activated_deactivated} ryšiui " "\"{connection}\" ties sąsaja \"{interface}\"" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona \"{zone}\" {activated_deactivated} ryšiui \"{connection}\" ties sąsaja " "\"{interface}\"" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona \"{zone}\" {activated_deactivated} sąsajai \"{interface}\"" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona \"%s\" aktyvuota sąsajai \"%s\"" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona \"{zone}\" {activated_deactivated} šaltiniui \"{source}\"" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona \"%s\" aktyvuota šaltiniui \"%s\"" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Užmegztas ryšys su firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Bandoma prisijungti prie firewalld, laukiama..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Nepavyko prisijungti prie firewalld. Įsitikinkite, kad tarnyba buvo paleista " "teisingai ir bandykite dar kartą." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Pakeitimai pritaikyti." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Naudoja tinklo ryšys \"%s\"" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Numatytoji zona, naudojama ryšio \"%s\"" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "įjungta" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "išjungta" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Nepavyko įkelti piktogramų." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontekstas" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Komandų eilutė" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Naudotojo vardas" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Naudotojo id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Lentelė" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Grandinė" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Pirmenybė" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Vykdymo trukmės" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Ilgalaikė" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Tarnyba" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Prievadas" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokolas" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Į prievadą" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Į adresą" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Susiejimai" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Įrašas" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp tipas" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Šeima" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Veiksmas" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elementas" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Šalt." #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Pask." #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Sąsaja" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentaras" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Šaltinis" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Įspėjimas" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Klaida" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "priimti" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "atmesti" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "žymėti" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "prievadas" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokolas" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "taip" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Numatytoji zona: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona \"%s\": Tarnyba \"%s\" yra neprieinama." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Šalinti" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Nepaisyti" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona \"%s\": ICMP tipas \"%s\" yra neprieinamas." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Įtaisytoji zona, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekundė" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minutė" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "valanda" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "diena" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "klaida" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "įspėjimas" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informacija" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "derinimas" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Peradresavimas į kitą sistemą yra naudingas tik tuomet, jei sąsaja yra " "maskuojama.\n" "Ar norite maskuoti šią zoną?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Įtaisytoji tarnyba, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Kaukė gali būti tinklo kaukė arba skaičius." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Kaukė yra skaičius." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Kaukė gali būti tinklo kaukė arba, ipv4 atveju, gali būti skaičius.\n" "Kaukė, ipv6 atveju, yra skaičius." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Pasirinkite failą" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Tekstiniai failai" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Visi failai" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Visi" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Įtaisytasis pagelbiklis, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Įtaisytasis icmp, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nepavyko skaityti failą \"%s\": %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresas" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatiniai pagelbikliai" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Pasirinkite automatinių pagelbiklių reikšmę:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Įveskite komandų eilutę." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Įveskite kontekstą." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Pasirinkite numatytąją zoną iš sąrašo žemiau." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Tiesioginė grandinė" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Pasirinkite ipv bei lentelę ir įveskite grandinės pavadinimą." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Grandinė:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Lentelė:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentai:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Prievadų peradresavimas" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Pasirinkite šaltinio ir paskirties parametrus pagal savo poreikius." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Prievadas / Prievadų rėžis:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresas:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokolas:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Paskirtis" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Jeigu įjungsite vietinį peradresavimą, turėsite nurodyti prievadą. Šis " "prievadas turės būti kitoks nei šaltinio prievadas." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Vietinis peradresavimas" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Peradresuoti į kitą prievadą" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Pusjuodžiai įrašai yra privalomi, visi kiti - nebūtini." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Pavadinimas:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versija:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Sutrumpinimas:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Aprašas:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Šeima:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modulis:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Pagelbiklis" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Pasirinkite pagelbiklį:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP tipas" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Pasirinkite ICMP tipą" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Pridėti įrašą" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Pridėti įrašus iš failo" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Šalinti pažymėtus įrašus" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Šalinti visus įrašus" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Šalinti įrašus iš failo" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Failas" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Parametrai" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Įkelti Firewalld iš naujo" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Iš naujo įkelia visas užkardos taisykles. Dabartinė ilgalaikė konfigūracija " "taps naująja vykdymo trukmės konfigūracija. T. y. įkėlus iš naujo, visi tik " "vykdymo trukmės pakeitimai bus prarasti, jeigu jų nebuvo taip pat ir " "ilgalaikėje konfigūracijoje." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Keisti kuriai zonai priklausys tinklo ryšys." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Keisti numatytąją zoną" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Keisti numatytąją ryšių ir sąsajų zoną." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigūruoti automatinių pagelbiklių priskyrimą" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigūruoti automatinių pagelbiklių priskyrimo nustatymą." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panikos veiksena" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Paversti vykdymo trukmės konfigūracija į ilgalaikę" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Vykdymo trukmės į ilgalaikę" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Rodinys" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP tipai" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Pagelbikliai" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Tiesioginė konfigūracija" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktyvūs susiejimai" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Ž_inynas" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Keisti zoną" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Keisti susiejimo zoną" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfigūracija:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Šiuo metu matoma konfigūracija. Vykdymo trukmės konfigūracija yra dabartinė " "aktyvi konfigūracija. Ilgalaikė konfigūracija bus aktyvi po tarnybos ar " "sistemos įkelimo iš naujo, ar paleidimo iš naujo." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld zona apibrėžia su zona susietų tinklo ryšių, sąsajų ir šaltinio " "adresų pasitikėjimo lygius. Zoną sudaro tarnybos, prievadai, protokolai, " "maskavimai, prievadų/paketų peradresavimai, icmp filtrai ir išsamios " "taisyklės. Zona gali būti susieta su sąsajomis ir šaltinio adresais." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Pridėti zoną" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Taisyti zoną" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Šalinti zoną" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Tarnybos" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Pridėti prievadą" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Taisyti prievadą" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Šalinti prievadą" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Prievadai" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Pridėti protokolą" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Taisyti protokolą" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Šalinti protokolą" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokolai" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskuoti zoną" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Jeigu įjungsite maskavimą, tuomet jūsų IPv4 tinklams bus įjungtas IP " "peradresavimas." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskavimas" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internetinio valdymo pranešimų protokolas (angl. Internet Control Message " "Protocol (ICMP)) pagrinde yra naudojamas siųsti žinutes tarp kompiuterių " "tinkle, o taip pat ir informacinius pranešimus, tokius kaip ryšio " "patikrinimų užklausas ir atsakymus." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertuoti filtrą" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filtras" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Čia galite nustatyti zonai išsamios kalbos taisykles." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Pridėti išsamią taisyklę" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Taisyti išsamią taisyklę" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Šalinti išsamią taisyklę" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Išsamios taisyklės" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Pridėkite įrašus, norėdami susieti sąsajas su zona. Jeigu ryšys naudos " "sąsają, tuomet zona bus nustatyta į tą, kuri yra nurodyta ryšyje." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Pridėti sąsają" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Taisyti sąsają" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Šalinti sąsają" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Pridėkite įrašus, norėdami susieti adresus ar sritis su zona. Taip pat " "galite susieti su MAC šaltinio adresu, tačiau su apribojimais. Prievadų " "peradresavimas ir maskavimas neveiks su MAC šaltinio susiejimais." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Pridėti šaltinį" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Taisyti šaltinį" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Šalinti šaltinį" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonos" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Firewalld tarnyba yra prievadų, protokolų, modulių ir paskirties adresų " "kombinacija." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Pridėti tarnybą" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Taisyti tarnybą" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Šalinti tarnybą" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Taisyti įrašą" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Šalinti įrašą" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduliai" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Tarnybos gali būti keičiamos tik ilgalaikės konfigūracijos rodinyje. Tarnybų " "vykdymo trukmės konfigūracija yra fiksuota." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Pridėti" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Įrašai" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Pridėti ICMP tipą" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Taisyti ICMP tipą" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Šalinti ICMP tipą" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Nurodykite ar šis ICMP tipas yra prieinamas IPv4 ir/ar IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP tipai gali būti keičiami tik ilgalaikės konfigūracijos rodinyje. ICMP " "tipų vykdymo trukmės konfigūracija yra fiksuota." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Apibrėžkite prievadus ar prievadų rėžius, kurie bus stebimi pagelbiklio." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Papildomos grandinės, kurios bus naudojamos su taisyklėmis." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Pridėti grandinę" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Taisyti grandinę" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Šalinti grandinę" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Grandinės" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Pridėti taisyklę" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Taisyti taisyklę" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Šalinti taisyklę" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Taisyklės" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Pridėti kontekstą" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Taisyti kontekstą" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Šalinti kontekstą" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontekstai" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Pridėti komandų eilutę" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Taisyti komandų eilutę" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Šalinti komandų eilutę" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Komandų eilutės" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Naudotojų vardai." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Pridėti naudotojo vardą" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Taisyti naudotojo vardą" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Šalinti naudotojo vardą" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Naudotojų vardai" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Naudotojų id." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Pridėti naudotojo Id" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Taisyti naudotojo Id" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Šalinti naudotojo Id" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Naudotojų Id" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Dabartinė numatytoji sistemos zona." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panikos veiksena:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatiniai pagelbikliai:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Numatytoji zona:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Įveskite sąsajos pavadinimą:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipas:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Laiko limitas:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Laiko limitas, sekundėmis" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Pradinis maišos dydis, numatytasis 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maksimalus elementų skaičius, numatytasis 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Žymėti" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Įveskite žymėjimą ir neprivalomai kaukę." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Žymėjimo ir kaukės laukai abudu yra 32 bitų pločio skaičiai be ženklo." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Žymėjimas:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Kaukė:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Pasirinkite -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Kitas modulis:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Prievadas ir protokolas" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Įveskite prievadą ir protokolą." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Tiesioginė taisyklė" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Pirmenybė:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Įveskite protokolą." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Kitas protokolas:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Išsami taisyklė" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Įveskite išsamią taisyklę" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Serverio ar tinklo įtraukimui į baltąjį ar juodąjį sąrašą, pasyvinkite " "elementą." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Šaltinis:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Paskirtis:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Registruoti:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ir ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertuota" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "naudojant tipą:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "naudojant ribą:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Priešdėlis:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elementas:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Veiksmas:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Pasirinkite tarnybą." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Įveskite šaltinį." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Naudotojo ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Įveskite naudotojo id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Įveskite naudotojo vardą." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiketė" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-0.8.2/po/LINGUAS0000664007115300711530000000025013641123173016315 0ustar00egarveregarver00000000000000ar as bg bn_IN ca cs da de el en_GB en_US es et eu fi fr gl gu hi hu ia id it ja ka kn ko lt ml mr nl or pa pl pt_BR pt ru sk sq sr@latin sr sv ta te tr uk zh_CN zh_TW firewalld-0.8.2/po/id.po0000664007115300711530000012755213641112251016236 0ustar00egarveregarver00000000000000# Ferdi Saptanera , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-05-22 09:00+0000\n" "Last-Translator: Ferdi Saptanera \n" "Language-Team: Indonesian\n" "Language: id\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=1; plural=0\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Aplikasi Firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Pengaturan Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Pilih zona untuk antarmuka '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona Standar" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Pilih zona untuk sambungan '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Pilih zona untuk sumber '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Mengatur Zona Perisai Menyala/Mati" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Di sini, Anda bisa memilih zona yang digunakan di Perisai Menyala dan " "Perisai Mati." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Fitur ini berguna untuk mereka yang sebagian besar memakai zona standar. " "Bagi pengguna yang mengubah-ubah zona sambungan, mungkin fitur ini tidak " "berguna." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zona Perisai Menyala:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Ubah Ke Pengaturan Awal" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zona Perisai Mati:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Tentang %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Penulis" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Lisensi" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Perisai Menyala" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Nyalakan Pemberitahuan" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Sunting Pengaturan Firewall..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Ubah Zona Sambungan" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Susun Zona Perisai Nyala/Mati" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokir semua lalu lintas jaringan" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Tentang" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Sambungan" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Antarmuka" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sumber" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Otorisasi gagal." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nama tidak valid" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Nama sudah ada" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona Standar: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Gagal mendapatkan sambungan dari NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Tidak ada impor NetworkManager yang tersedia" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Tidak ada sambungan ke daemon firewall" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Semua lalu lintas jaringan diblokir." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-0.8.2/po/en_GB.po0000664007115300711530000014041613641112250016605 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Automatically generated, 2004 # Bruce Cowan , 2010 # Robert Readman , 2013 # Robert Readman , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:44+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" "firewalld/language/en_GB/)\n" "Language: en_GB\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Firewall Applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall Configuration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Select zone for interface '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configure Shields Up/Down Zones" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Here you can select the zones used for Shields Up and Shields Down." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Shields Up Zone:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Shields Down Zone:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Shields Up" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Enable Notifications" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Edit Firewall Settings..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Change Zones of Connections..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configure Shields UP/Down Zones..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Block all network traffic" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Connections" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sources" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Authorisation failed." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Invalid argument %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Name already exists" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "No connection to firewall daemon" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "All network traffic is blocked." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Default Zone: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' active for interface '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' active for source {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "No Active Zones." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Default zone changed to '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Network traffic is not blocked anymore." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "activated" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deactivated" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} for interface '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' activated for interface '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} for source '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' activated for source '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Used by network connection '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "enabled" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "disabled" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Failed to load icons." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "User name" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "To Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "To Address" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp Type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Family" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Action" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Source" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Warning" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accept" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reject" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "level" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "yes" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Service '%s' is not available." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remove" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignore" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP type '%s' is not available." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Built-in zone, rename not supported." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "second" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minute" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hour" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "day" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "warning" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Built-in service, rename not supported." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Built-in icmp, rename not supported." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Select zone for source %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Address" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Please enter the command line." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Please enter the context." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port Forwarding" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Please select the source and destination options according to your needs." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Port Range:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP address:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Local forwarding" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Forward to another port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Bold entries are mandatory, all others are optional." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Name:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Short:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Description:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Family:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Base ICMP Type Settings" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Please configure base ICMP type settings:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP Type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Please select an ICMP type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Add Entry" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_File" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Options" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Change Default Zone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panic Mode" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP Types" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Help" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Add Zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Edit Zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remove Zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Load Zone Defaults" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "To Port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edit Port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remove Port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Add Forward Port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edit Forward Port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remove Forward Port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Here you can set rich language rules for the zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rich Rules" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Add Service" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Edit Service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remove Service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Load Service Defaults" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Edit Entry" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remove Entry" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Add ICMP Type" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edit ICMP Type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remove ICMP Type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Load ICMP Type Defaults" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contexts" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Command lines" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "User names." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "User names" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "User ids." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "User Ids" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Current default zone of the system." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panic Mode:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lockdown:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Default Zone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port and Protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Please enter a port and protocol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Please enter a protocol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Other Protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rich Rule" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Please enter a rich rule." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "For host or network white or blacklisting deactivate the element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Source:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 and ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverted" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "with Type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "With limit:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Level:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Action:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Base Service Settings" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Please configure base service settings:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Please select a service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "User ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Please enter the user id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Please enter the user name." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Base Zone Settings" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Please configure base zone settings:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Default Target" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Target:" firewalld-0.8.2/po/ar.po0000664007115300711530000020220113641112250016224 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Abdalrahim Fakhouri , 2010 # Abdalrahim Fakhouri , 2010 # Abdalrahim Fakhouri , 2010 # Alfakhori , 2010 # Maha Helwa , 2004 # Alfakhori , 2010 # Ossama M. Khayat , 2004 # Sherif Abdelgawad , 2004 # SuSE Linux Products GmbH, Nuernberg, 2018 # Eric Garver , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:20+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Arabic (http://www.transifex.com/projects/p/firewalld/" "language/ar/)\n" "Language: ar\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " "&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "التطبيق الصغير للجدار الناري" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "الجدار النّاري" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "إعدادات الجدار النّاري" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "حدد منطقة للواجهة '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "المنطقة الافتراضية" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "حدد منطقة للاتصال '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "فشل تعيين المنطقة {zone} للاتصال {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "حدد منطقة للمصدر '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "تكوين مناطق ارتفاع/انخفاض الدروع" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "يمكنك هنا تحديد المناطق المستخدمة لرفع الدروع وخفضها." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "تعد هذه الميزة مفيدة للأشخاص الذين يستخدمون المناطق الافتراضية على الأغلب. " "بالنسبة للمستخدمين الذين يغيرون مناطق الاتصالات، قد تكون محدودة الاستخدام." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "منطقة رفع الدروع:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "إعادة تعيين للافتراضي" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "منطقة خفض الدروع" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "حول %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "المؤلفون" #: ../src/firewall-applet.in:401 msgid "License" msgstr "الترخيص" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "الدروع مرفوعة" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "تمكين الإعلامات" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "تحرير إعدادات الجدار الناري..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "تغيير مناطق الاتصال..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "تكوين مناطق رفع/خفض الدروع..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "حظر كل مرور الشبكة" #: ../src/firewall-applet.in:500 msgid "About" msgstr "حول" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "الاتصالات" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "الواجهات" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "المصادر" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "فشل التصديق." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "اسم غير صالح" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "الاسم موجود بالفعل" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (المنطقة: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (المنطقة الافتراضية: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "فشل الحصول على الاتصالات من NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "لا تتوفر عمليات استيراد NetworkManager" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "لا يوجد اتصال ببرنامج محرك الجدار الناري" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "تم حظر كل مرور الشبكة." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "المنطقة الافتراضية: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "المنطقة الافتراضية '{default_zone}' نشطة للاتصال '{connection}' في الواجهة " "'{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "المنطقة '{zone}' نشطة للاتصال '{connection}' في الواجهة '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "المنطقة '{zone}' نشطة للواجهة '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "المنطقة '{zone}' نشطة للمصدر {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "لا توجد مناطق نشطة." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "تم تأسيس الاتصال مع FirewallD" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "تم فقدان الاتصال مع FirewallD." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "تمت إعادة تحميل FirewallD." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "تم تغيير المنطقة الافتراضية إلى '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "لم يعد مرور الشبكة محظورًا بعد الآن." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "تم التنشيط" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "تم إلغاء التنشيط" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "المنطقة الافتراضية '{default_zone}' {activated_deactivated} " "للاتصال'{connection}' في الواجهة '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "المنطقة '{zone}' {activated_deactivated} للاتصال '{connection}' في الواجهة " "'{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "المنطقة '{zone}' {activated_deactivated} للواجهة '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "تم تنشيط المنطقة '%s' للواجهة '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "المنطقة '{zone}' {activated_deactivated} للمصدر '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "تم تنشيط '%s' للمصدر '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "تم تأسيس اتصال مع firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "جارٍ محاولة الاتصال مع firewalld، جارٍ الانتظار..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "فشل الاتصال مع firewalld. الرجاء التأكد أن الخدمة بدأت بشكل صحيح ثم إعادة " "المحاولة." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "تم تطبيق التغييرات." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "مستخدم بواسطة اتصال الشبكة '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "المنطقة الافتراضية المستخدمة بواسطة اتصال الشبكة '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "تم التمكين" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "تم التعطيل" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "فشل تحميل الأيقونات." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "السياق" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "سطر الأوامر" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "اسم المستخدم" #: ../src/firewall-config.in:244 msgid "User id" msgstr "معرف المستخدم" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "الجدول" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "السلسلة" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "الأولوية" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "الوسيطات" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "وقت التشغيل" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "دائم" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "خِدمة" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "مَنفذ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ميفاق" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "إلى المَنفذ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "إلى العنوان" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "الروابط" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "الإدخال" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "نوع Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "العائلة" #: ../src/firewall-config.in:826 msgid "Action" msgstr "الإجراء" #: ../src/firewall-config.in:828 msgid "Element" msgstr "العنصر" #: ../src/firewall-config.in:830 msgid "Src" msgstr "المصدر" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "الوجهة" #: ../src/firewall-config.in:834 msgid "log" msgstr "السجل" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "التدقيق" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "الواجهة" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "التعليق" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "المصدر" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "إنذار" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "خطأ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "قبول" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "رفض" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "إسقاط" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "علامة" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "الحد" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "الخدمة" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "المنفذ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "البروتوكول" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "التنكر" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "كتلة icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "نوع icmp" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "منفذ إعادة توجيه" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "المصدر-المنفذ" #: ../src/firewall-config.in:2097 msgid "level" msgstr "المستوى" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "نعم" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "المنطقة" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "المنطقة الافتراضية: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "المنطقة: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "المنطقة '%s': الخدمة '%s' غير متوفرة." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "إزالة" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "تجاهل" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "المنطقة '%s': نوع ICMP '%s' غير متوفر." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "منطقة مضمنة، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ثانية" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "دقيقة" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ساعة" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "يوم" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "طوارئ" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "تنبيه" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "حرج" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "خطأ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "تحذير" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "إخطار" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "معلومات" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "إزالة الأخطاء" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "تعد إعادة التوجيه إلى نظام آخر مفيدة فقط إذا كانت الواجهة متنكرة.\n" "هل تريد أن تتنكر هذه المنطقة؟" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "خدمة مضمنة، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "الرجاء إدخال عنوان ipv4 بعنوان نموذج[/mask]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "قد يكون القناع، قناع شبكة أو رقمًا." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "الرجاء إدخال عنوان ipv6 بعنوان نموذج[/mask]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "القناع رقمًا." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "الرجاء إدخال عنوان ipv4 أو ipv6 بعنوان نموذج[/mask]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "قد يكون القناع، قناع شبكة أو رقمًا لـ ipv4.\n" "القناع رقم لـ ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "ipset مضمن، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "الرجاء تحديد ملف" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "الملفات النصية" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "كل الملفات" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "الكل" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "مساعد مضمن، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "icmp مضمن، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "فشل قراءة الملف '%s': %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "حدد المنطقة للمصدر %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "العنوان" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "المساعدون التلقائيون" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "الرجاء تحديد قيمة المساعدين التلقائيين:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "الرجاء إدخال سطر الأوامر." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "الرجاء إدخال السياق." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "الرجاء تحديد منطقة افتراضية من القائمة أدناه." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "سلسلة مباشرة" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "الرجاء تحديد ipv وجدول ثم إدخال اسم السلسلة." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "السلسلة:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "الأمان" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "الجدول:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "قاعدة المرور المباشر" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "الرجاء تحديد ipv ثم إدخال الوسيطات." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "الوسيطات:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "تحويل مَنفذ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "الرجاء تحديد المصدر وخيارات الوجهه وفقا لحاجتك." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "مَنفذ/مدى المَنفذ" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "رقم العنوان عبر الشبكة" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ميفاق:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "الوجهة" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "اذا مكنت التحويل المحلي لديك لتحديد منفذ.هذا المنفذ قد يكون مختلف عن المنفذ " "المصدر." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "تَحويل مَحلي" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "تَحويل لمنفذ اخر" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "إعدادات المساعد الأساسية" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "الرجاء تكوين إعدادات المساعد الأساسية:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "الإدخال بالتنسيق الغامق إلزامية، كل الأخرى اختيارية." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "الاسم:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "الإصدار:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "قصير:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "الوصف:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "العائلة:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "الوحدة النمطية:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "المساعد" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "الرجاء تحديد مساعد:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "إعدادات نوع ICMP الأساسية" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "الرجاء تكوين إعدادات نوع ICMP الأساسي:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "نوع ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "الرجاء تحديد نوع ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "إضافة مدخلة" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "إضافة إدخالات من ملف" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "إزالة الإدخال المحدد" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "إزالة كل الإدخالات" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "إزالة الإدخالات من ملف" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_ملف" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_خيارات" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "إعادة تحميل Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "إعادة تحميل قواعد الجدار الناري. سيصبح التكوين الدائم الحالي هو تكوين وقت " "التشغيل الجديد، أي سيتم فقدان كل تغييرات وقت التشغيل فقط التي تمت حتى إعادة " "التحميل مع عملية إعادة التحميل إذا لم تتم في التكوين الدائم أيضًا." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "تغيير المنطقة التي ينتمي إليها اتصال شبكة." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "تغيير المنطقة الافتراضية" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "تغيير المنطقة الافتراضية للاتصالات أو الواجهات." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "تم رفض تغيير السجل" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "تغيير قيمة LogDenied." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "تكوين تعيين المساعد التلقائي" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "تكوين إعداد تعيين المساعد التلقائي." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "يعني وضع الفزع أنه يتم إسقاط كل الحزم الصادرة والواردة." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "وضع الفزع" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "يؤدي الإقفال التام إلى إقفال تكوين الجدار الناري بحيث يمكن للتطبيقات " "الموجودة في القائمة البيضاء للإقفال التام فقط تغييره." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "الإقفال التام" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "جعل تكوين وقت التشغيل دائمًا" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "وقت التشغيل لدائم" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_عرض" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "أنواع ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "المساعدون" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "التكوين المباشر" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "القائمة البيضاء للإقفال التام" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "الروابط النشطة" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_مساعدة" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "تغيير منطقة" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "تغيير منطقة الربط" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "إخفاء روابط وقت التشغيل النشطة للاتصالات والواجهات والمصادر للمناطق" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "إظهار روابط وقت التشغيل النشطة للاتصالات والواجهات والمصادر للمناطق" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "التكوين:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "التكوين المرئي الحالي. تكوين وقت التشغيل هو التكوين الفعلي النشط. سيكون " "التكوين الدائم نشطًا بعد إعادة تحميل الخدمة أو النظام أو إعادة البدء." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "تحدد منطقة firewalld مستوى الثقة لاتصالات الشبكة والواجهات وعناوين المصادر " "المربوطة بالمنطقة. تجمع المنطقة بين الخدمات والمنافذ والبروتوكولات والتنكر " "وإعادة توجيه المنفذ/الحزمة وعوامل تصفية icmp والقواعد المنسقة. يمكن ربط " "المنطقة بالواجهات وعناوين المصادر." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "إضافة منطقة" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "تحرير منطقة" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "إزالة منطقة" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "تحميل الإعدادات الافتراضية لمنطقة" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "يمكنك هنا تعريف الخدمات الموثوق بها في المنطقة. يمكن الوصول للخدمات الموثوق " "بها من كل المضيفين والشبكات الي يمكنها الوصول للجهاز من الاتصالات والواجهات " "والمصادر المربوطة بهذه المنطقة." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "الخدمات" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "إضافة منافذ أو نطاقات منافذ إضافية يجب الوصول إليها لكل المضيفين أو الشبكات " "التي يمكنها الاتصال بالجهاز." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "إلى المَنفذ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "تحرير منفذ" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "إزالة منفذ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "المنافذ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "إضافة بروتوكول يمكن الوصول إليه لكل المضيفين أو الشبكات." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "إضافة بروتوكول" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "تحرير بروتوكول" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "إزالة بروتوكول" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "البروتوكولات" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "إضافة منافذ مصادر أو نطاقات منافذ يجب الوصول إليها لكل المضيفين أو الشبكات " "التي يمكنها الاتصال بالجهاز." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "منافذ المصدر" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "يسمح لك التقنيع أن تعدّ مضيفاً أو موجّهاً ليوصل شبكتك المحلّية بالشبكة العالميّة. " "ستظهر جميع الأجهزة على هذه الشبكة كعنوان واحد على الإنترنت. التقنيع لـIPv4 " "فقط." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "منطقة التنكر" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "إذا قمت بتمكين التنكر، فسيتم تمكين إعادة توجيه IP لشبكة IPv4 الخاصة بك." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "تنكُر" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "أضف مُدخلاً لتحويل منفذ إلى آخر محلّيّ أو إلى نظام آخر. التحويل إلى نظام آخر " "مفيد إذا كانت الواجهة مُقنّعة. تحويل المنافذ يعمل على IPv4 فقط." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "إضافة منفذ إعادة توجيه" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "تحرير منفذ إعادة توجيه" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "إزالة منفذ إعادة توجيه" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "يستخدم ميفاق التحكم برسائل الشبكة (ICMP) لإرسال رسائل الأخطاء بين الأجهزة " "امزودة باتصال شبكيّ، ورسائل المعلومات، مثل طلب الرّد ورجع الصدى." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "علّم أنواع ICMP التي سترفض في القائمة. كلّ أنواع ICMP الأخرى سيسمح لها بالمرور " "عبر الجدار الناريّ. المبدئيّ هو عدم وجود قيود." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "عند تمكين عامل تصفية العكس، يتم قبول إدخالات ICMP التي عليها علامة ورفض " "الأخرى. وفي منطقة بالهدف DROP، يتم إسقاطها." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "عامل تصفية العكس" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "مُرشح ميفاق رسائل مراقبة الشبكة -ICMP-" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "يمكنك هنا تعيين قواعد اللغة المنسقة للمنطقة." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "إضافة قاعدة منسقة" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "تحرير قاعدة منسقة" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "إزالة قاعدة منسقة" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "القواعد المنسقة" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "إضافة إدخالات لربط الواجهات بالمنطقة. إذا كانت المنطقة سيتم استخدامها بواسطة " "اتصال، فسيتم تعيين قيمة المنطقة على المنطقة المحددة في الاتصال." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "إضافة واجهة" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "تحرير واجهة" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "إزالة واجهة" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "إضافة إدخالات لربط المناطق أو عناوين المصادر بالمنطقة. يمكنك أيضًا ربط عنوان " "مصدر MAC ولكن بحدود. لن يعمل التنكر وإعادة توجيه المنفذ لروابط مصدر MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "إضافة مصدر" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "تحرير مصدر" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "إزالة مصدر" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "المناطق" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "خدمة firewalld هي مجموعة من المنافذ والبروتوكولات والوحدات النمطية وعناوين " "الوجهة." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "إضافة خدمة" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "تحرير خدمة" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "إزالة خدمة" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "تحميل الإعدادات الافتراضية للخدمة" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "إضافة منافذ أو نطاقات منافذ يجب الوصول إليها من كل المضيفين أو الشبكات." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "تحرير مدخلة" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "حَذف المدخلة" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "إضافة منافذ مصادر أو نطاقات منافذ يجب الوصول إليها من كل المضيفين أو الشبكات." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "منفذ مصدر" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "تحتاج بعض الخدمات إلى الوحدات النمطية المساعدة لـ Netfilter." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "الوحدات النمطية" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "إذا حددت عناوين وجهة، فسيتم تحديد إدخال الخدمة بعنوان الوجهة والنوع. وإذا " "كان الإدخالان فارغانن فلن توجد أي حدود." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "لا يمكن تغيير الخدمات إلا في عرض التكوين الدائم. تكوين وقت تشغيل الخدمة ثابت." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "يمكن استخدام IPSet لإنشاء قوائم بيضاء أو سوداء ويمكنه تخزين على سبيل المثال، " "عناوين IP أو أعداد المنافذ أو عناوين MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "إضافة IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "تحرير IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "إزالة IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "تحميل الإعدادات الافتراضية لـ IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "إدخالات IPSet. لن تتمكن إلا من رؤية إدخالات ipsets التي لا تستخدم خيار " "انتهاء المهلة الزمنية، وكذلك الإدخالات التي تمت إضافتها بواسطة firewalld. لن " "يتم إدراج الإدخالات التي تمت إضافتها مباشرة بأمر ipset هنا." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "يستخدم IPSet هذا خيار انتهاء المهلة الزمنية، لذا لا توجد إدخالات مرئية هنا. " "يجب الاهتمام بالإدخالات مباشرة بأمر ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "إضافة" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "إدخالات" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "لا يمكن إنشاء IPSets أو حذفه إلا في عرض التكوين الدائم." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "يوفر نوع icmp في firewalld معلومات لنوع بروتوكول رسائل تحكم الإنترنت (ICMP) " "لـ firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "إضافة نوع ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "تحرير نوع ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "إزالة نوع ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "تحميل الإعدادات الافتراضية لنوع ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "تحديد إذا كان نوع ICMP هذا متوفرًا لـ IPv4 و/أو IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "لا يمكن تغيير أنواع ICMP إلا في عرض التكوين الدائم. تكوين وقت التشغيل لأنواع " "ICMP ثابت." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "يقوم مساعد تتبع الاتصال بالمساعدة في عمل البروتوكولات التي تعمل باستخدام " "تدفقات مختلفة لنقل البيانات والإشارات. تستخدم عمليات نقل البيانات منافذ غير " "متعلقة باتصال الإشارات لذا يحجبها الجدار الناري بدون المساعد." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "تعريف المنافذ أو نطاقات المنافذ التي يراقبها المساعد." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "يوفر التكوين المباشر وصولاً أكثر مباشرة إلى الجدار الناري. تتطلب هذه الخيارات " "من المستخدم معرفة مفاهيم iptables الأساسية وهي الجداول والسلاسل والأوامر " "والمعلمات والأهداف. يجب استخدام التكوين المباشر كملاذ أخير فقط عندما لا يمكن " "استخدام ميزات firewalld الأخرى." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "يجب أن تكون وسيطة ipv لكل خيار ipv4 أو ipv6 أو eb. مع ipv4 سيكون لـ " "iptables، ومع ipv6 لـ ip6tables، ومع eb لجسور الإيثيرنت (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "سلاسل إضافية للاستخدام باستخدام القواعد." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "إضافة سلسلة" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "تحرير سلسلة" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "إزالة سلسلة" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "السلاسل" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "إضافة قاعدة بالوسيطات args لسلسلة في جدول بأولوية." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "يتم استخدام الأولوية لترتيب القواعد. تعني الأولوية 0 إضافة قاعدة في أعلى " "السلسلة، ومع أولوية عالية تتم إضافة القاعدة في مكان أقل. وتتم إضافة القواعد " "التي لها نفس الأولوية على نفس المستوى ولا يكون ترتيب هذه القواعد ثابتًا وقد " "يتغير. إذا كنت تريد التأكد من إضافة قاعدة بعد واحدة أخرى، استخدم أولوية أقل " "للأولى وأعلى للتالية." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "إضافة قاعدة" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "تحرير قاعدة" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "إزالة قاعدة" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "القواعد" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "يتم تمرير قواعد المرور للجدار الناري ولا يتم وضعها في سلسلة خاصة. يمكن " "استخدام خيارات iptables وip6tables وebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "الرجاء الحذر في التعامل مع قاعد المرور حتى لا يتم تدمير الجدار الناري." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "إضافة مرور" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "تحرير مرور" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "إزالة مرور" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "المرور" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ميزة الإقفال التام هي الإصدار الأصغر من سياسات التطبيقات والمستخدمين لـ " "firewalld. فهي تحد من تغييرات الجدار الناري. قد تحتوي القائمة البيضاء " "للإقفال التام على الأوامر والسياقات والمستخدمين ومعرفات المستخدمين." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "السياق هو سياق أمان (SELinux) لتطبيق أو خدمة تعمل. للوصول إلى تطبيق أو خدمة " "تعمل، استخدم ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "إضافة سياق" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "تحرير سياق" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "إزالة سياق" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "السياقات" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "إذا كان إدخال أمر في القائمة البيضاء ينتهي بعلامة نجمية '*'، فستتطابق كل " "سطور الأوامر التي تبدأ بالأمر. إذا لم توجد '*'، يجب أن تطابق الوسيطة الشاملة " "الأمر المطلق." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "إضافة سطر أمر" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "تحرير سطر أمر" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "إزالة سطر أمر" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "سطور الأوامر" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "أسماء المستخدمين." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "إضافة اسم مستخدم" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "تحرير اسم مستخدم" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "إزالة اسم مستخدم" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "أسماء المستخدمين" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "معرفات المستخدمين." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "إضافة معرف مستخدم" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "تحرير معرف مستخدم" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "إزالة معرف مستخدم" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "معرفات المستخدمين" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "المنطقة الافتراضية الحالية للنظام." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "تم رفض السجل:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "وضع الفزع:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "المساعدون التلقائيون:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "الإقفال التام:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "المنطقة الافتراضية:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "الرجاء إدخال اسم واجهة:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "إعدادات IPSet الأساسية" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "الرجاء تكوين إعدادات ipset الأساسية:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "النوع:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "انتهاء المهلة الزمنية:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "حجم هاش:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "قيمة انتهاء المهلة الزمنية بالثواني" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "حجم هاش الأولي، الافتراضي 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "الحد الأقصى لعدد العناصر، الافتراضي 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "الرجاء تحديد ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "الرجاء توفير إدخال ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "رفض السجل" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "الرجاء تحديد قيمة رفض السجل:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "علامة" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "الرجاء إدخال علامة بقناع اختياري." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "يصل عرض حقلي العلامة والقناع إلى 32 بت بأرقام غير موقعة." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "العلامة:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "القناع:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "الرجاء تحديد مساعد تتبع اتصال netfilter:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- تحديد -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "وحدة نمطية أخرى:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "المنفذ والميفاق" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "الرجاء إدخال منفذ وبروتوكول." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "قاعدة مباشرة" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "الرجاء تحديد ipv وجدول وأولوية سلسلة وإدخال الوسيطات." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "الأولوية:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "الرجاء إدخال بروتوكول." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "بروتوكول أخر:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "قاعدة منسقة" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "الرجاء إدخال قاعدة منسقة." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "للقائمة البيضاء أو السوداء لمضيف أو شبكة، قم بإلغاء تنشيط العنصر." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "المصدر:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "الوجهة:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "السجل:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "التدقيق:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 وipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "معكوس" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "لتمكين هذا، يجب أن يكون الإجراء 'رفض' والعائلة إما 'ipv4' أو 'ipv6' (ليس " "كلاهما)" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "مع النوع:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "بالحد:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "البادئة:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "المستوى:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "العنصر:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "الإجراء:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "إعدادات الخدمة الأساسية" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "الرجاء تكوين إعدادات الخدمة الأساسية:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "الرجاء تحديد خدمة." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "الرجاء إدخال مصدر." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "معرف المستخدم" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "الرجاء إدخال معرف المستخدم." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "الرجاء إدخال اسم المستخدم." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "التسمية" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "إعدادات المنطقة الأساسية" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "الرجاء تكوين إعدادات المنطقة الأساسية:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "الهدف الافتراضي" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "الهدف:" firewalld-0.8.2/po/pt.po0000664007115300711530000015444513641112251016266 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Pedro Marques Daniel , 2013 # Pedro Marques Daniel , 2013 # Rui Gouveia , 2010 # Miguel Sousa , 2015. #zanata # Manuela Silva , 2019. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2019-09-07 12:26+0000\n" "Last-Translator: Manuela Silva \n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/firewalld/" "language/pt/)\n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Míni aplicação de Firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuração da Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;rede;segurança;tabelas de ip;filtro de rede;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecione zona para interface '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona por defeito" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecione zona para a ligação '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Selecione zona para a fonte '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Redefinir para Predefinições" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Sobre %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autores" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licença" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Ativar Notificações" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Editar Opções da Firewall..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Modificar Zonas de Ligações..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloquear todo o tráfego da rede" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Sobre" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Ligações" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Fontes" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorização falhou." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nome inválido" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "O nome já existe" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zone predefinida: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Falha ao obter as ligações do Gestor de Redes" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Sem ligação ao daemon da firewall" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Todo o tráfego da rede está bloqueado." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Zona predefinida: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' ativa para a ligação '{connection}' na interface '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' ativa para a interface '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' ativa para a fonte {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Sem zonas ativas." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Estabelecida ligação para FirewallD." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Ligação perdida para FirewallD." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD foi recarregada." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona predefinida alterada para '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "O tráfico de rede já não está bloqueado." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "ativado" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "desativado" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} para conexão '{connection}' na " "interface '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona '{zone}' {activated_deactivated} para interface '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' ativada para interface '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} para fonte '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' ativada para fonte '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Estabelecida a ligação para a firewall" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "A tentar ligar à firewalld, a aguardar..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Não foi possível ligar à firewalld. Por favor, certifique-se que o serviço " "foi iniciado corretamente e tente novamente." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Alterações aplicadas." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Utilizado pela ligação de rede '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona predefinida utilizada pela ligação de rede '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ativado" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "desativado" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "O carregamento de ícones falhou." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Linha de comandos" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nome de utilizador" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Id. do Utilizador" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabela" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Cadeia" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioridade" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentos" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Tempo de execução" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanente" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Serviço" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porta" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Para Porta" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Para Endereço:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Família" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Ação" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Fonte" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Aviso" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "aceite" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rejeitar" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "cair" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limite" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "serviço" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "porta" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocolo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "mascarada" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nível" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sim" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': Serviço '%s' indisponível." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remove" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignora" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': ICMP tipo '%s' indisponível." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Zona construida internamente, renomear não suportado." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segundo" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hora" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dia" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergência" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crítico" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "erro" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "aviso" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "nota" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Forwarding para outro sistema só é útil se a interface estiver mascarada.\n" "Quer mascarar esta zona?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Serviço pré-definido, não é possível renomear." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "icmp pré-definido, não é possível renomear." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Selecione zona para fonte %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Endereço" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Por favor insira a linha de comando" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Por favor insira o contexto" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Por favor selecione a zona por defeito da lista abaixo." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Corrente Direta" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Por favor selecione tabela e ipv e insira nome da corrente." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Corrente:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "segurança" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabela:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regra de passagem direta" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Por favor selecione ipv e insira args." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Reencaminhamento de Porta" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Por favor, seleccione as opções de origem e destino de acordo com as suas " "necessidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porta / Intervalo de portas:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Endereço IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se ativar reencaminhamento local, tem de especificar uma porta. Esta porta " "tem de ser diferente da porta de origem." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Reencaminhamento local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reencaminhar para outra porta" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Entradas a negrito são obrigatórias, todas as outras são opcionais." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versão:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Curta:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrição:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Família:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Definições Base de Tipo ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Por favor configure definições base de tipo ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Por favor selecione um tipo ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Adicionar Entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Ficheiro" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opções" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recarregar FireweallD" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recarrega as regras da firewall. A atual configuração permanent vai tornar-" "se a configuração runtime. i.e. todas as mudanças nas regras na configuração " "runtime são perdidas com o recarregar se não estiverem também na " "configuração permanent." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Modifica a zona a qual uma conexão de rede pertence." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Modifica Zona por Defeito" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Modifica zona por defeito para conexões e interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "O modo de pânico significa que todos os pacotes de entrada e saída são " "caídos." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modo de Pânico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown fecha a configuração da firewall para que apenas as aplicações na " "lockdown whitelist possam modificá-la." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lockdown" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Fazer a configuração runtime permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime para Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Ver" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipos ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuração Direta" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lockdown Whitelist" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Ajuda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuração:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuração visível atual. Configuração runtime é a configuração atualmente " "ativa. Configuração permanent ficará ativa após reinicio de serviço ou " "sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Uma zona firewall define o nível de confiança nas conexões de rede, " "interfaces e endereços de fontes no limite da zona. A zona combina serviços, " "postas, protocolos, mascaras, rencaminhamento de porta/pacote, filtros icmp " "e regras ricas. A zona pode ser limitada a interfaces e endereços de fontes." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Adicionar Zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar Zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remover Zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carrega Zona por Defeito" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aqui pode definir quais os serviços que são confiáveis na zona. Os serviços " "confiáveis são acessíveis de todos os hospedeiros e redes que podem alcançar " "a maquina a partir das ligações, interfaces e fontes no limite desta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Serviços" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Adicione portas ou intervalo de portas, que devem estar disponíveis para " "todos os hospedeiros ou redes que podem ligar-se à maquina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Adiciona Porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edita Porta" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remove Porta" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portas" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Adicione protocolos que devem estar acessíveis para todos os hospedeiros ou " "redes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Adicione portas fonte adicionais ou intervalos de porta que devem estar " "acessíveis para todos os hospedeiros ou redes que podem ligar à máquina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 #, fuzzy msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading permite configurar uma máquina ou router que liga a sua rede " "local à Internet. A sua rede local não será visível e as máquinas aparecem " "na Internet com um único endereço. Masquerading é válido apenas em IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona Mascarada" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Se ativar as omascarar, o reencaminhamento de IP será ativado para o seu IPv4" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Mascarar" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Adicione entradas ao reencaminhamento de portas de uma porta para outra no " "sistema local ou do sistema local para outro sistema. O reencaminhamento " "para outro sistema só é útil se o interface estiver configurado como " "mascarado. O reencaminhamento de portas só é suportado em IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Adiciona Porta de Reencaminhamento" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edita Porta de Reencaminhamento" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remove Porta de Reencaminhamento" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "O protocolo ICMP (Internet Control Message Protocol) é utilizado " "principalmente para enviar mensagens de erro entre computadores em rede, mas " "adicionalmente para mensagens informativas como pedidos e respostas de ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marque os tipos ICMP, na lista, que devem ser rejeitados. Todos os outros " "tipos ICMP serão permitidos na firewall. Por omissão não existem limitações." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Aqui pode definir regras de língua ricas para a zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Adiciona Regra Rica" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Edita Regra Rica" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Remove Regra Rica" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regras Ricas" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Adiciona entradas para vincular interfaces à zona. Se o interface vai se " "utilizado por uma conexão, a zona vai ser definida como a zona especificada " "na conexão." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Adiciona Interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Edita Interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Remove Interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Adiciona Fonte" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Edita Fonte" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Remove Fonte" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonas" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Um serviço firewall é uma combinação de portas, protocolos, módulos e " "endereços de destino." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Adicionar Serviço" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar Serviço" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remover Serviço" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carrega Padrão de Serviço" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar Entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remover entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se especificar endereços de destino, a entrada de serviço vai ser limitada " "ao endereço e tipo de destino. Se ambas as entradas estiverem vazias, não " "existe limite." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Serviços apenas podem ser modificados ca vista de configuração permant. A " "configuração runtime de serviços é fixa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Um icmtype firewalld dá a informação para um tipo Internet Control Message " "Protocol (ICMP) para firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Adiciona Tipo ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edita Tipo ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remove Tipo ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carrega Tipo ICMP por Defeito" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especifique se este Tipo ICMP está disponível para IPv4 e/ou IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Tipos ICMP apenas podem ser modificados na visão de configuração permanent. " "A configuração runtime de Tipos ICMP é fixa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "A configuração direta dá um acesso mais direto à firewall. Estas opções " "requerem que o utilizador conheça conceitos básicos de iptables, i.e., " "tables, correntes, comandos, parametros e alvos. Configuração direta deverá " "apenas ser utilizada como último recurso quando não é possivel utilizar " "outras funcionalidades da firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "O argumento ipv de cada opção tem de ser ipv4 ou ipv6 ou eb. Com ipv4 será " "para iptables, com ipv6 e com eb para pontes ethernet (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Correntes adicionais para utilizar com regras." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Adiciona Corrente" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edita Corrente" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Remove Corrente" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Correntes" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Adiciona uma regra com argumentos args a uma corrente numa tabela com uma " "prioridade." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "A prioridade é utilizada para ordenar regras. Prioridade 0 significa que " "adiciona a regra no topo da corrente, com uma prioridade mais elevada a " "regra será adicionada mais abaixo. Regras com a mesma prioridade estão ao " "mesmo nível e a ordem destas regras não está fixa e pode mudar. Se quiser " "ter a certeza que uma regra é inserida após outra regra, utilize uma " "prioridade mais baixa para a primeira e uma mais alta para a seguinte." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Adiciona Regra" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Edita Regra" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Remove Regra" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regras" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "A regras de passthrough são passadas diretamente para a firewall e não " "adicionadas em correntes especiais. Podem ser utilizadas todas as opções das " "iptables, ip6tables e ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Por favor tenha cuidado com regras passthrough para uqe não danifiquem a " "firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Adiciona Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Edita Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Remove Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "A funcionalidade lockdown é uma versão leve de políticas de utilizador e " "aplicações da firewalld. Limita modificações à firewall. A lockdown " "whitelist pode conter correntes, comandos, contextos, utilizadores e ids de " "utilizador." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Adiciona Contexto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Edita Contexto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Remove Contexto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextos" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Se uma entrada de comando numa whitelist acaba com um asterisco '*', então " "todas as linhas de comando iniciadas com o comando combinam. Se o '*' não " "estiver aí o comando absoluto inclusive argumentos devem ser iguais." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Adiciona Comando de Linha" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Edita Comando de Linha" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Remove Comando de Linha" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Comandos de Linha" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nomes de Utilizador" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Adiciona Nome de Utilizador" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Edita Nome de Utilizador" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Remove Nome de Utilizador" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nomes de Utilizador" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "IDs de utilizador" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Adiciona ID de Utilizador" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Edita ID de Utilizador" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Remove ID de Utilizador" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "IDs de Utilizador" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Atual zona por defeito do sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modo de Pânico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Fechar tudo:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona por Defeito:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Máscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecionar -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Outros módulos:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porta e Protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Por favor, insira a porta e o protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regra Direta" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Por favor, selecione o ipv e a tabela, prioridade de cadeia e insira os " "argumentos." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioridade:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Por favor, insira um protocolo." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Outro protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regra Rica" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Por favor, insira uma regra rica." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "Para host ou rede white ou blacklist desativa o elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origem:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destino:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audita:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 e ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertido" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Para ativar esta Ação tem de ser 'reject' e da Familia 'ipv4' ou 'ipv6' (não " "ambos)" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "com Tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Com limite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefixo:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nível:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Ação:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Definições do Serviço Base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Por favor, configure as definições do serviço base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Por favor, selecione um serviço." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Por favor, insira uma fonte" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Id. do Utilizador" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Por favor, insira a id. do utilizador." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Por favor, insira um nome de utilizador." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiqueta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Definições da Zona Base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Por favor, configure as definições da zona base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destino Predefinido" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destino:" firewalld-0.8.2/po/ka.po0000664007115300711530000013551313641112251016231 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # George Machitidze , 2013 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:24+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Georgian (http://www.transifex.com/projects/p/firewalld/" "language/ka/)\n" "Language: ka\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ქსელური ფარი" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ქსელური ფარის კონფიგურაცია" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "შეტყობინებების ჩართვა" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ფარის პარამეტრების რედაქტირება..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "ქსელის ტრაფიკის სრული ბლოკირება" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "კავშირი არაა." #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<ინტერფეისი>" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ავტორიზება ვერ მოხერხდა." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "სახელი უკვე არსებობს" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "ქსელის ტრაფიკის სრულიად დაიბლოკა." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "აქტიური ზონები არაა." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD-თან კავშირი დამყარდა." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD-თან კავშირი გაწყდა." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD გადაიტვირთა." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "ნაგულისხმევი ზონა შეიცვალა - '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "ქსელური ტრაფიკი აღარაა დაბლოკილი." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "აქტივირებული" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "დეაქტივირებული" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ხატულების ჩატვირთვა ვერ მოხერხდა." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "სერვისი" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "პორტი" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ოქმი" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "პორტისკენ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "მისამართისკენ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-ის ტიპი" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "წყარო" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "ყურადღება" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "შეცდომა" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ზონა" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ზონის ამოღება" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "იგნორირება" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "ჩადგმული ზონა, სახელის შეცვლა შეუძლებელია." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "ჩადგმული სერვისი, სახელის შეცვლა შეუძლებელია." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "ჩადგმული icmp, სახელის შეცვლა შეუძლებელია." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "მისამართი" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "პორტის გადამისამართება" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "პორტი / პორტების დიაპაზონი:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP მისამართი:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ოქმი:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "დანიშნულება" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ადგილზე გადამისამართება" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "სხვა პორტისკენ გადამისამართება" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "სახელი:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ვერსია:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "მოკლე:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "აღწერა:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-ის ტიპი" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ჩანაწერი" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_ფაილი" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_პარამეტრები" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld-ის გადატვირთვა" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ნაგულისხმევი ზონის შეცვლა" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "და_ხმარება" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ზონის დამატება" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ზონის რედაქტირება" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ზონის ამოღება" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "სერვისები" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "პორტისკენ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ზონის რედაქტირება" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ზონის ამოღება" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "პორტები" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "გადამისამართების პორტის დამატება" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "გადამისამართების პორტის რედაქტირება" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "გადამისამართების პორტის ამოღება" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ფილტრი" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "სერვისის დამატება" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "სერვისის რედაქტირება" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "სერვისის ამოღება" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ჩანაწერის რედაქტირება" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ჩანაწერის ამოღება" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "მოდულები" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP-ის ტიპის დამატება" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP-ის ტიპის რედაქტირება" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP-ის ტიპის ამოღება" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ნაგულისხმევი ზონა:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "პორტი და ოქმი" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "გთხოვთ შეიყვანოთ პორტი და ოქმი." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "სხვა ოქმი:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-0.8.2/po/kn.po0000664007115300711530000021761213641112251016247 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # shanky , 2014 # shankar , 2006 # shankar , 2006 # shankar , 2007-2011 # shankar , 2006 # shanky , 2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:59+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Kannada (http://www.transifex.com/projects/p/firewalld/" "language/kn/)\n" "Language: kn\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ಫೈರ್ವಾಲ್ ಆಪ್ಲೆಟ್" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ಫೈರ್ವಾಲ್" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ಫೈರ್ವಾಲ್ ಸ್ವರೂಪಣೆ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "ಫೈರ್ವಾಲ್;ಜಾಲಬಂಧ;ಸುರಕ್ಷತೆ;iptables;ನೆಟ್‌ಫಿಲ್ಟರ್‌;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "'%s' ಸಂಪರ್ಕಸಾಧನಕ್ಕಾಗಿ ವಲಯವನ್ನು ಆರಿಸಿ." #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ಪೂರ್ವನಿಯೋಜಿತ ವಲಯ" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' ಸಂಪರ್ಕಕ್ಕಾಗಿ ವಲಯವನ್ನು ಆರಿಸಿ" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "ಶೀಲ್ಡ್ಸ್ ಅಪ್/ಡೌನ್ ವಲಯಗಳನ್ನು ಸಂರಚಿಸು" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ಇಲ್ಲಿ ನೀವು ಶೀಲ್ಡ್ಸ್ ಅಪ್ ಮತ್ತು ಡೌನ್‌ಗಾಗಿ ಬಳಸಲಾದ ವಲಯಗಳನ್ನು ಆರಿಸಬಹುದು." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ಈ ಸೌಲಭ್ಯವು ಹೆಚ್ಚು ಪೂರ್ವನಿಯೋಜಿತವಾದ ವಲಯಗಳನ್ನು ಬಳಸುವ ಜನರಿಗೆ ಪ್ರಯೋಜನವಾಗುತ್ತದೆ. ವಲಯಗಳ " "ಸಂಪರ್ಕಗಳನ್ನು ಬದಲಾಯಿಸುವ ಬಳಕೆದಾರರಿಗೆ, ಇದು ಬಹುಷಃ ನಿಯಮಿತವಾದ ಉಪಯೋಗವನ್ನು ಒದಗಿಸಬಹುದು." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "ಶೀಲ್ಡ್ಸ್ ಅಪ್ ವಲಯ:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "ಶೀಲ್ಡ್ಸ್ ಡೌನ್ ವಲಯ:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "ಶೀಲ್ಡ್ಸ್ ಅಪ್" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "ಸೂಚನೆಗಳನ್ನು ಸಕ್ರಿಯಗೊಳಿಸು" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ಫೈರ್ವಾಲ್ ಸಿದ್ಧತೆಗಳನ್ನು ಸಂಪಾದಿಸು..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ಸಂಪರ್ಕಗಳ ವಲಯಗಳನ್ನು ಬದಲಾಯಿಸು..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "ಶೀಲ್ಡ್ಸ್ ಅಪ್/ಡೌನ್ ವಲಯಗಳನ್ನು ಸಂರಚಿಸು..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "ಎಲ್ಲಾ ಜಾಲಬಂಧ ಸಂಚಾರವನ್ನು ನಿರ್ಬಂಧಿಸು" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "ಸಂಪರ್ಕಗಳು" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ಆಕರಗಳು" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ದೃಢೀಕರಣವು ವಿಫಲಗೊಂಡಿದೆ." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "ಅಮಾನ್ಯವಾದ ಆರ್ಗ್ಯುಮೆಂಟ್ %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "ಹೆಸರು ಈಗಾಗಲೆ ಅಸ್ತಿತ್ವದಲ್ಲಿದೆ" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ಫೈರ್ವಾಲ್ ಡೀಮನ್‌ನೊಂದಿಗೆ ಸಂಪರ್ಕವು ಕಡಿದು ಹೋಗಿದೆ" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "ಎಲ್ಲಾ ಜಾಲಬಂಧ ಸಂಚಾರವನ್ನು ನಿರ್ಬಂಧಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "ಪೂರ್ವನಿಯೋಜಿತ ವಲಯ: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ '{zone}' ವಲಯವು " "ಸಕ್ರಿಯವಾಗಿದೆ" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{interface}' ಸಂಪರ್ಕಸಾಧನಕ್ಕಾಗಿನ '{zone}' ವಲಯವು ಸಕ್ರಿಯವಾಗಿದೆ" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "'{source}' ಆಕರಕ್ಕಾಗಿನ '{zone}' ವಲಯವು ಸಕ್ರಿಯವಾಗಿದೆ" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "ಯಾವುದೆ ಸಕ್ರಿಯ ವಲಯಗಳಿಲ್ಲ." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallID ಗೆ ಸಂಪರ್ಕವನ್ನು ಸಾಧಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallID ಗೆ ಸಂಪರ್ಕವು ತಪ್ಪಿ ಹೋಗಿದೆ." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD ಅನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡಲಾಗಿದೆ." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "ಪೂರ್ವನಿಯೋಜಿತ ವಲಯವನ್ನು '%s' ಗೆ ಬದಲಾಯಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "ಜಾಲಬಂಧ ಸಂಚಾರವನ್ನು ಈಗ ನಿರ್ಬಂಧಿಸಲಾಗಿಲ್ಲ." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "ಸಕ್ರಿಯಗೊಂಡಿದೆ" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "ನಿಷ್ಕ್ರಿಯಗೊಂಡಿದೆ" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{interface}' ಸಂಪರ್ಕಸಾಧನದಲ್ಲಿನ '{connection}' ಸಂಪರ್ಕಕ್ಕಾಗಿನ " "'{zone}' {activated_deactivated} ವಲಯ" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{interface}' ಸಂಪರ್ಕಸಾಧನಕ್ಕಾಗಿ '{zone}' {activated_deactivated} ವಲಯ" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "'%s' ಸಂಪರ್ಕಸಾಧನಕ್ಕಾಗಿ '%s' ವಲಯವನ್ನು ಸಕ್ರಿಯಗೊಳಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{source}' ಆಕರಕ್ಕಾಗಿ '{zone}' {activated_deactivated} ವಲಯ" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' ಆಕರಕ್ಕಾಗಿ '%s' ವಲಯವನ್ನು ಸಕ್ರಿಯಗೊಳಿಸಲಾಗಿದೆ." #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ಬದಲಾವನೆಗಳನ್ನು ಅನ್ವಯಿಸಲಾಗಿದೆ." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "'%s' ಜಾಲಬಂಧದಿಂದ ಬಳಸಲಾಗಿದೆ" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ಸಕ್ರಿಯಗೊಂಡ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ನಿಷ್ಕ್ರಿಯಗೊಂಡ" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ಚಿಹ್ನೆಗಳನ್ನು ಲೋಡ್ ಮಾಡುವಲ್ಲಿ ವಿಫಲತೆ." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ಬಳಕೆದಾರ ಹೆಸರು" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "ಚಾಲನಾಸಮಯ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ಶಾಶ್ವತ" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ಸೇವೆ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ಪ್ರೊಟೊಕಾಲ್" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನಕ್ಕೆ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ಗೆ ವಿಳಾಸ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ಬಗೆ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ಕುಟುಂಬ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ಕ್ರಿಯೆ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ಅಂಶ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "ಲಾಗ್" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ಆಡಿಟ್" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ಆಕರ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "ಎಚ್ಚರಿಕೆ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ದೋಷ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ಸ್ವೀಕರಿಸು" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ತಿರಸ್ಕರಿಸು" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ಬಿಟ್ಟುಬಿಡು" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ಮಿತಿ" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ಸೇವೆ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ಸಂಪರ್ಕಸ್ಥಾನ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ಪ್ರೊಟೊಕಾಲ್" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ಛದ್ಮವೇಷಗೊಳಿಕೆ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ಫಾರ್ವಾರ್ಡ್-ಸಂಪರ್ಕಸ್ಥಾನ" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ಮಟ್ಟ" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ಹೌದು" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ವಲಯ" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ವಲಯ '%s': '%s' ಸೇವೆಯು ಲಭ್ಯವಿಲ್ಲ." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ತೆಗೆದು ಹಾಕು" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "ಕಡೆಗಣಿಸು" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ವಲಯ '%s': ICMP '%s' ಬಗೆಯು ಲಭ್ಯವಿಲ್ಲ." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "ಒಳನಿರ್ಮಿತ ವಲಯ, ಮರುಹೆಸರಿಸುವಿಕೆಗೆ ಬೆಂಬಲವಿಲ್ಲ." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ಎರಡನೆಯ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "ನಿಮಿಷ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ಗಂಟೆ" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ದಿನ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "ತುರ್ತು" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "ಎಚ್ಚರಿಕೆ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "ಸಂದಿಗ್ಧ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ದೋಷ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ಎಚ್ಚರಿಕೆ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ಸೂಚನೆ" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ಮಾಹಿತಿ" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ದೋಷನಿವಾರಣೆ" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ಸಂಪರ್ಕಸಾಧನವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸದಲ್ಲಿ ಮಾತ್ರ ಇನ್ನೊಂದು ವ್ಯವಸ್ಥೆಗೆ ಫಾರ್ವಾರ್ಡ್ ಮಾಡುವುದು " "ಉಪಯೋಗಕ್ಕೆ ಬರುತ್ತದೆ.\n" "ನೀವು ಈ ವಲಯವನ್ನು ಛದ್ಮವೇಶಗೊಳಿಸಲು ಬಯಸುವಿರಾ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "ಒಳ-ನಿರ್ಮಿತ ಸೇವೆ, ಮರುಹೆಸರಿಸುವಿಕೆಗೆ ಬೆಂಬಲವಿಲ್ಲ." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "ಒಳ-ನಿರ್ಮಿತ icmp, ಮರುಹೆಸರಿಸುವಿಕೆಗೆ ಬೆಂಬಲವಿಲ್ಲ." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "'%s' ಆಕರಕ್ಕಾಗಿ ವಲಯವನ್ನು ಆರಿಸಿ." #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ವಿಳಾಸ" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ದಯವಿಟ್ಟು ಒಂದು ಆದೇಶಸಾಲನ್ನು ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ದಯಮಾಡಿ ಸನ್ನಿವೇಶವನ್ನು ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ದಯವಿಟ್ಟು ಈ ಕೆಳಗಿನ ಪಟ್ಟಿಯಿಂದ ಪೂರ್ವನಿಯೋಜಿತ ವಲಯವನ್ನು ಆರಿಸಿಕೊಳ್ಳಿ." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ನೇರ ಸರಣಿ" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ದಯವಿಟ್ಟು ipv ಮತ್ತು ಕೋಷ್ಟಕವನ್ನು ಆರಿಸಿ ನಂತರ ಸರಣಿಯ ಹೆಸರನ್ನು ಆರಿಸಿ." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ಸರಣಿ:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ಸುರಕ್ಷತೆ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ಕೋಷ್ಟಕ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ನೇರ ಪಾಸ್‌ತ್ರೂ ನಿಯಮ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ದಯವಿಟ್ಟು ipv ಅನ್ನು ಆರಿಸಿ ನಂತರ args ಅನ್ನು ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನ ಫಾರ್ವಾರ್ಡಿಂಗ್" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ನಿಮ್ಮ ಅಗತ್ಯಗಳಿಗನುಗುಣವಾಗಿ ದಯವಿಟ್ಟು ಮೂಲ ಹಾಗು ಉದ್ದಿಷ್ಟ ಸ್ಥಳದ ಆಯ್ಕೆಗಳನ್ನು ಆರಿಸಿ." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನ/ಸಂಪರ್ಕ ವ್ಯಾಪ್ತಿ:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ವಿಳಾಸ:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ಪ್ರೊಟೋಕಾಲ್‌:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ಗುರಿ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ನೀವು ಸ್ಥಳೀಯ ಫಾರ್ವಾಡಿಂಗ್ ಅನ್ನು ಶಕ್ತಗೊಳಿಸಿದಲ್ಲಿ, ನೀವು ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸೂಚಿಸಬೇಕು. " "ಈ ಸಂಪರ್ಕಸ್ಥಾನವು ಮೂಲ ಸಂಪರ್ಕಸ್ಥಾನಕ್ಕೆ ಪ್ರತ್ಯೇಕವಾಗಿರಬೇಕು." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ಸ್ಥಳೀಯ ಫಾರ್ವಾರ್ಡಿಂಗ್" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ಬೇರೊಂದು ಸಂಪರ್ಕಸ್ಥಾನಕ್ಕೆ ಫಾರ್ವಾರ್ಡ್ ಮಾಡು" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ಬೋಲ್ಡ್ ನಮೂದುಗಳು ಖಡ್ಡಾಯವಾಗಿರುತ್ತವೆ, ಮಿಕ್ಕವೆಲ್ಲಾ ಐಚ್ಛಿಕವಾಗಿರುತ್ತವೆ." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ಹೆಸರು:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ಆವೃತ್ತಿ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ಸಂಕ್ಷಿಪ್ತ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ವಿವರಣೆ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ಕುಟುಂಬ:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ಮೂಲಭೂತ ICMP ಬಗೆ ಸಿದ್ಧತೆಗಳು" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ದಯವಿಟ್ಟು ಮೂಲಭೂತ ICMP ಬಗೆ ಸಿದ್ಧತೆಗಳನ್ನು ಸಂರಚಿಸಿ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ಬಗೆ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ದಯವಿಟ್ಟು ಒಂದು ICMP ಬಗೆಯನ್ನು ಆರಿಸಿ" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ನಮೂದನ್ನು ಸೇರಿಸಿ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ಕಡತ(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ಆಯ್ಕೆಗಳು(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "FirewallD ಅನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡು" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ಫೈರ್ವಾಲ್ ನಿಯಮಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುತ್ತದೆ. ಪ್ರಸಕ್ತ ಶಾಶ್ವತ ಸಂರಚನೆಯು ಹೊಸ ಚಾಲನಾ ಸಮಯದ " "ಸಂರಚನೆಯಾಗುತ್ತದೆ. ಅಂದರೆ, ಎಲ್ಲಾ ಚಾಲನಾಸಮಯದ ಮಾತ್ರದ ಬದಲಾವಣೆಗಳು ಶಾಶ್ವತ ಸಂರಚನೆಯಲ್ಲಿ ಇರದೆ " "ಇದ್ದರೂ ಸಹ ಅವುಗಳನ್ನು ಮರಳಿ ಲೋಡ್ ಆಗುವವರೆಗೆ ಮಾಡಲಾಗುತ್ತದೆ, ಮತ್ತು ಅವುಗಳು ಮರಳಿ ಲೋಡ್ " "ಮಾಡಿದಾಗ ಇಲ್ಲವಾಗುತ್ತದೆ." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ಒಂದು ಜಾಲಬಂಧ ಸಂಪರ್ಕವು ಯಾವ ವಲಯಕ್ಕೆ ಸಂಬಂಧಿಸಿದೆ ಎನ್ನುವುದನ್ನು ಬದಲಾಯಿಸಿ." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ಪೂರ್ವನಿಯೋಜಿತ ವಲಯವನ್ನು ಬದಲಿಸು" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ಸಂಪರ್ಕಗಳು ಅಥವ ಸಂಪರ್ಕಸಾಧನಗಳಿಗಾಗಿನ ಪೂರ್ವನಿಯೋಜಿತ ವಲಯವನ್ನು ಬದಲಿಸಿ." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ ಎಂದರೆ ಎಲ್ಲಾ ಒಳಬರುವ ಮತ್ತು ಹೊರಹೋಗುವ ಪ್ಯಾಕೆಟ್‌ಗಳನ್ನು ಬಿಟ್ಟುಬಿಡಲಾಗುತ್ತದೆ " "ಎಂದರ್ಥ." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ಕೇವಲ ಲಾಕ್‌ಡೌನ್ ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಅನ್ವಯಗಳು ಮಾತ್ರ ಬದಲಾಯಿಸಲು ಅವಕಾಶ ಇರುವಂತೆ ಫೈರ್ವಾಲ್ " "ಸಂರಚನೆಯನ್ನು ಲಾಕ್‌ಡೌನ್ ಲಾಕ್ ಮಾಡುತ್ತದೆ." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ಲಾಕ್‌ಡೌನ್" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯನ್ನು ಶಾಶ್ವತವಾಗಿಸು" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "ಶಾಶ್ವತವಾದ ಚಾಲನಾಸಮಯ" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "ನೋಟ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ಬಗೆಗಳು" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ನೇರ ಸಂರಚನೆ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ಲಾಕ್‌ಡೌನ್ ವೈಟ್‌ಲಿಸ್ಟ್" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ಸಹಾಯ(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ಸಂರಚನೆ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ಪ್ರಸಕ್ತ ಗೋಚರಿಸುವ ಸಂರಚನೆ. ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯು ನಿಜವಾದ ಸಕ್ರಿಯ ಸಂರಚನೆಯಾಗಿದೆ. ಶಾಶ್ವತ " "ಸಂರಚನೆಯು ಸೇವೆ ಅಥವ ವ್ಯವಸ್ಥೆಯನ್ನು ಮರಳಿ ಲೋಡ್ ಮಾಡುವಿಕೆ ಅಥವ ಮರಳಿ ಆರಂಭಿಸುವಿಕೆಯ ನಂತರ " "ಸಕ್ರಿಯವಾಗುತ್ತದೆ." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ಒಂದು firewalld ವಲಯವು, ವಲಯಕ್ಕೆ ಬರುವ ಜಾಲಬಂಧ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) " "ಮತ್ತು ಆಕರ ವಿಳಾಸಗಳಿಗಾಗಿನ ನಂಬಿಕೆಯ ಮಟ್ಟವನ್ನು ವಿವರಿಸುತ್ತದೆ. ವಲಯವು ಸೇವೆಗಳು, " "ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಛದ್ಮವೇಶಗೊಳಿಕೆ, ಸಂಪರ್ಕಸ್ಥಾನ/ಪ್ಯಾಕೆಟ್ ಫಾರ್ವಾರ್ಡಿಂಗ್, icmp " "ಫಿಲ್ಟರುಗಳು ಮತ್ತು ಸಮೃದ್ಧ ನಿಯಮಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ. ವಲಯವು ಸಂಪರ್ಕಸಾಧನಗಳು ಮತ್ತು ಆಕರ " "ವಿಳಾಸಗಳಿಗೆ ಬದ್ಧವಾಗಿರಬಹುದು." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ವಲಯವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ವಲಯವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ವಲಯವನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ವಲಯದ ಪೂರ್ವನಿಯೋಜಿತಗಳನ್ನು ಲೋಡ್ ಮಾಡು" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ಯಾವ ಸೇವೆಗಳು ನಂಬಿಕಸ್ತ ಎಂದು ಇಲ್ಲಿ ನೀವು ಸೂಚಿಸಬಹುದು. ನಂಬಿಕಸ್ತ ಸೇವೆಗಳನ್ನು ಈ ವಲಯಕ್ಕೆ " "ಬರುವ ಸಂಪರ್ಕಗಳು, ಸಂಪರ್ಕಸಾಧನಗಳು (ಇಂಟರ್ಫೇಸಸ್) ಮತ್ತು ಆಕರಗಳಿಂದ ತಲುಪುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ " "ಹಾಗು ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾಗಿರುತ್ತವೆ." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ಸೇವೆಗಳು" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ಗಣಕಕ್ಕೆ ಸಂಪರ್ಕ ಜೋಡಿಸುವ ಎಲ್ಲಾ ಅತಿಥೇಯಗಳಿಂದ ಅಥವ ಜಾಲಬಂಧಗಳಿಂದ ನಿಲುಕಿಸಿಕೊಳ್ಳಬಹುದಾದಂತ " "ಹೆಚ್ಚುವರಿ ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಅಥವ ಸಂಪರ್ಕಸ್ಥಾನ ವ್ಯಾಪ್ತಿಗಳನ್ನು ಸೇರಿಸಿ." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನಕ್ಕೆ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ಸಂಪರ್ಕಸ್ಥಾನಗಳು" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧಕ್ಕೆ ಸಂಪರ್ಕ ಕಲ್ಪಿಸುವ ಅತಿಥೇಯ ಅಥವ ರೌಟರ್ ಅನ್ನು ಸಂಯೋಜಿಸುವಾಗ " "ಛದ್ಮವೇಶಗೊಳಿಕೆಯು(Masquerading) ಸಹಾಯಕವಾಗುತ್ತದೆ. ನಿಮ್ಮ ಸ್ಥಳೀಯ ಜಾಲಬಂಧವು ಅಂತರ್ಜಾಲಕ್ಕೆ " "ಒಂದು ಅತಿಥೇಯವಾಗಿ ಗೋಚರಿಸುವುದಿಲ್ಲ. ಛದ್ಮವೇಶಿಸುವುದು IPv4 ನಲ್ಲಿ ಮಾತ್ರ." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ಛದ್ಮವೇಷಗೊಳಿಕೆ ವಲಯ" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "ನೀವು ಛದ್ಮವೇಶಗೊಳಿಕೆಯನ್ನು ಸಕ್ರಿಯಗೊಳಿಸುವುದಾದರೆ, IP ಫಾರ್ವಾರ್ಡಿಂಗ್ ಅನ್ನು IPv4 " "ಜಾಲಬಂಧಗಳಿಗಾಗಿ ಸಕ್ರಿಯಗೊಳಿಸಬಹುದಾಗಿರುತ್ತದೆ." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ಛದ್ಮವೇಷಗೊಳಿಕೆ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ಸ್ಥಳೀಯ ಗಣಕದಲ್ಲಿನ ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನದಿಂದ ಇನ್ನೊಂದಕ್ಕೆ ಅಥವ ಸ್ಥಳೀಯ ಗಣಕದಿಂದ ಇನ್ನೊಂದು ಗಣಕಕ್ಕೆ " "ಸಂಪರ್ಕಸ್ಥಾನಗಳನ್ನು ಫಾರ್ವಾರ್ಡ್‌ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಬೇರೆ ಗಣಕಕ್ಕೆ ಫಾರ್ವಾರ್ಡ್‌ ಮಾಡುವುದು, " "ಸಂಪರ್ಕಸಾಧನವು ಮರೆಮಾಚಲ್ಪಟ್ಟಿದ್ದಲ್ಲಿ ಮಾತ್ರ ಪ್ರಯೋಜನಕಾರಿಯಾಗುತ್ತದೆ. ಸಂಪರ್ಕಸ್ಥಾನ ಫಾರ್ವಾಡಿಂಗ್ " "ಕೇವಲ IPv4 ಮಾತ್ರ ಆಗಿರುತ್ತದೆ." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ಫಾರ್ವಾರ್ಡ್ ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ಫಾರ್ವಾರ್ಡ್ ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ಫಾರ್ವಾರ್ಡ್ ಸಂಪರ್ಕಸ್ಥಾನವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜ್ ಪ್ರೊಟೋಕಾಲ್ (ICMP) ಹೆಚ್ಚಾಗಿ ಜಾಲದೊಳಗಿನ ಗಣಕಗಳ ನಡುವೆ ದೋಷ " "ಸಂದೇಶಗಳನ್ನು ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ, ಆದರೆ ಇದರ ಜೊತೆಗೆ ಮಾಹಿತಿಯ ಸಂದೇಶಗಳಾದಂತಹ ಪಿಂಗ್ " "ಮನವಿಗಳು ಹಾಗು ಪ್ರತ್ಯುತ್ತರಗಳನ್ನೂ ಸಹ ಕಳುಹಿಸಲು ಬಳಸಲ್ಪಡುತ್ತದೆ." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ಪಟ್ಟಿಯಲ್ಲಿರುವ ತಿರಸ್ಕರಿಸಬೇಕಿರುವ ICMP ಬಗೆಗಳನ್ನು ಗುರುತು ಹಾಕಿ. ಎಲ್ಲಾ ಇತರೆ ICMP ಬಗೆಗಳು " "ಫೈರ್ವಾಲ್ ಮೂಲಕ ಹಾದುಹೋಗಲು ಅನುಮತಿಸಲ್ಪಡುತ್ತವೆ. ಪೂರ್ವನಿಯೋಜಿತವಾಗಿ ಯಾವುದೆ ಮಿತಿ ಇರುವುದಿಲ್ಲ." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ಶೋಧಕ" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ಇಲ್ಲಿ ನೀವು ವಲಯಕ್ಕಾಗಿ ಸಮೃದ್ಧ ಭಾಷಾ ನಿಯಮಗಳನ್ನು ಹೊಂದಿಸಬಹುದು." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "ಸಮೃದ್ಧ ನಿಯಮವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "ಸಮೃದ್ಧ ನಿಯಮವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "ಸಮೃದ್ಧ ನಿಯಮ ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ಸಮೃದ್ಧ ನಿಯಮಗಳು" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ಸಂಪರ್ಕಸಾಧನಗಳನ್ನು ವಲಯಕ್ಕೆ ಬೈಂಡ್ ಮಾಡಲು ನಮೂದುಗಳನ್ನು ಸೇರಿಸಿ. ಸಂಪರ್ಕಸಾಧನವನ್ನು ಒಂದು " "ಸಂಪರ್ಕದಿಂದ ಬಳಸಲಾಗುತ್ತಿದ್ದರೆ, ವಲಯವನ್ನು ಸಂಪರ್ಕದಿಂದ ಸೂಚಿಸಲಾದ ವಲಯಕ್ಕೆ ಹೊಂದಿಸಲಾಗುತ್ತದೆ." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ಸಂಪರ್ಕಸಾಧನವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ಸಂಪರ್ಕಸಾಧನವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ಸಂಪರ್ಕಸಾಧನವನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ಒಂದು‌ ಆಕರವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ಆಕರವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ಆಕರವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ವಲಯಗಳು" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "ಒಂದು firewalld ಸೇವೆಯು ಸಂಪರ್ಕಸ್ಥಾನಗಳು, ಪ್ರೊಟೊಕಾಲ್‌ಗಳು, ಮಾಡ್ಯೂಲ್‌ಗಳು ಮತ್ತು ಉದ್ಧೇಶಿತ " "ವಿಳಾಸಗಳ ಒಂದು ಸಂಯೋಜನೆಯಾಗಿರುತ್ತದೆ." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ಸೇವೆಯನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ಸೇವೆಯನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ಸೇವೆಯನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ಸೇವೆ ಪೂರ್ವನಿಯೋಜಿತಗಳನ್ನು ಲೋಡ್ ಮಾಡು" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ನಮೂದನ್ನು ಸಂಪಾದಿಸಿ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ನಮೂದನ್ನು ತೆಗೆದುಹಾಕಿ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ಮಾಡ್ಯೂಲ್‌ಗಳು" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ನೀವು ಉದ್ಧೇಶಿತ ವಿಳಾಸವನ್ನು ಸೂಚಿಸಿದಲ್ಲಿ, ಸೇವೆಯ ನಮೂದನ್ನು ಉದ್ಧೇಶಿತ ವಿಳಾಸ ಮತ್ತು ಬಗೆಗೆ " "ಮಿತಿಗೊಳಿಸಲಾಗುತ್ತದೆ. ಎರಡೂ ನಮೂದಗಳನ್ನು ಖಾಲಿ ಬಿಟ್ಟಲ್ಲಿ, ಯಾವುದೆ ಮಿತಿ ಇರುವುದಿಲ್ಲ." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ಸೇವೆಗಳನ್ನು ಶಾಶ್ವತ ಸಂರಚನಾ ನೋಟದಲ್ಲಿ ಮಾತ್ರ ಬಳಸಲು ಸಾಧ್ಯವಿರುತ್ತದೆ. ಸೇವೆಗಳ ಚಾಲನಾಸಮಯ " "ಸಂರಚನೆಯು ನಿಶ್ಚಿತವಾಗಿರುತ್ತದೆ." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "ಒಂದು firewalld icmptype ಎನ್ನುವುದು firewalld ಗಾಗಿನ ಇಂಟರ್ನೆಟ್ ಕಂಟ್ರೋಲ್ ಮೆಸೇಜಿಂಗ್ " "ಪ್ರೊಟೊಕಾಲ್ (ICMP) ಗಾಗಿ ಮಾಹಿತಿಯನ್ನು ಒದಗಿಸುತ್ತದೆ." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ಬಗೆಯನ್ನು ಸೇರಿಸಿ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ಬಗೆಯನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ಬಗೆಯನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ಬಗೆಯ ಪೂರ್ವನಿಯೋಜಿತಗಳನ್ನು ಲೋಡ್ ಮಾಡು" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "ಈ ICMP ಬಗೆಯು IPv4 ಮತ್ತು/ಅಥವ IPv6 ಗಾಗಿ ಲಭ್ಯವಿದೆಯೆ ಎನ್ನುವುದನ್ನು ಸೂಚಿಸಿ." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ಬಗೆಗಳನ್ನು ಶಾಶ್ವತ ಸಂರಚನಾ ನೋಟದಲ್ಲಿ ಮಾತ್ರ ಬಳಸಲು ಸಾಧ್ಯವಿರುತ್ತದೆ. ICMP ಬಗೆಗಳ " "ಚಾಲನಾಸಮಯ ಸಂರಚನೆಯು ನಿಶ್ಚಿತವಾಗಿರುತ್ತದೆ." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ನೇರ ಸಂರಚನೆಯು ಫೈರ್ವಾಲ್‌ಗೆ ಹೆಚ್ಚು ನೇರವಾದ ಪ್ರವೇಶವನ್ನು ಒದಗಿಸುತ್ತದೆ. ಈ ಆಯ್ಕೆಗಳಿಗಾಗಿ " "ಬಳಕೆದಾರರು ಮೂಲಭೂತ iptables ಪರಿಕಲ್ಪನೆಗಳನ್ನು ತಿಳಿಯುವ ಅಗತ್ಯವಿರುತ್ತದೆ, ಅಂದರೆ, " "ಕೋಷ್ಟಕಗಳು, ಸರಣಿಗಳು, ಆದೇಶಗಳು, ನಿಯತಾಂಕಗಳು ಮತ್ತು ಗುರಿಗಳು. ನೇರ ಸಂರಚನೆಯನ್ನು " "ಬೇರವಾವುದೆ firewalld ಯ ಸೌಲಭ್ಯಗಳನ್ನು ಬಳಸಲು ಸಾಧ್ಯವಾಗದೆ ಇದ್ದಾಗ ಮಾತ್ರ ಕೊನೆಯ ಉಪಾಯವಾಗಿ " "ಬಳಸಬೇಕ." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ಪ್ರತಿಯೊಂದು ಆಯ್ಕೆಯ ipv ಆರ್ಗ್ಯುಮೆಂಟ್‌ ipv4 ಅಥವ ipv6 ಅಥವ eb ಆಗಿರಬೇಕು. ipv4 ನೊಂದಿಗೆ " "ಇದು iptables ಗಾಗಿ, ip6tables ಗಾಗಿ ipv6 ನೊಂದಿಗೆ ಮತ್ತು ಎತರ್ನೆಟ್ ಬ್ರಿಜ್‌ಗಳಿಗಾಗಿ " "(ebtables) eb ಇರುತ್ತದೆ." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ನಿಯಮಗಳೊಂದಿಗೆ ಬಳಸಲು ಹೆಚ್ಚುವರಿ ಸರಣಿಗಳು." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ಸರಣಿಯನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ಸರಣಿಯನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ಸರಣಿಯನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ಸರಣಿಗಳು" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ಒಂದು ಆದ್ಯತೆಯೊಂದಿಗೆ ಕೋಷ್ಟಕವೊಂದರಲ್ಲಿ ಒಂದು ಸರಣಗೆ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳ args ನೊಂದಿಗೆ ಒಂದು " "ನಿಯಮವನ್ನು ಸೇರಿಸು." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ನಿಯಮಗಳನ್ನು ಕ್ರಮವಾಗಿರಿಸಲು ಆದ್ಯತೆಯನ್ನು ಬಳಸಲಾಗುತ್ತದೆ. ಆದ್ಯತೆ 0 ಎಂದರೆ ಸರಣಿಯ ಮೇಲ್ಭಾಗದಲ್ಲಿ " "ನಿಯಮವನ್ನು ಸೇರಿಸು ಎಂದರ್ಥ, ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯಲ್ಲಿ ನಿಯಮವನ್ನು ಇನ್ನೂ ಕೆಳಗೆ ಸೇರಿಸಲಾಗುತ್ತದೆ. " "ಒಂದೇ ಆದ್ಯತೆಯನ್ನು ಹೊಂದಿರುವ ನಿಯಮಗಳು ಒಂದೇ ಹಂತದಲ್ಲಿ ಇರುತ್ತವೆ ಮತ್ತು ಈ ನಿಯಮಗಳ ಅನುಕ್ರಮವು " "ಒಂದೇ ರೀತಿ ಇರದೆ ಬದಲಾವಣೆ ಹೊಂದುವ ಸಾಧ್ಯತೆ ಇರುತ್ತದೆ. ಒಂದು ನಿಯಮದ ನಂತರ ಇನ್ನೊಂದು " "ನಿಯಮವನ್ನು ಸೇರಿಸಬೇಕು ಎನ್ನುವುದನ್ನು ಖಚಿತಪಡಿಸಿಕೊಳ್ಳಲು ನೀವು ಬಯಸಿದಲ್ಲಿ, ಮೊದಲನೆಯದಕ್ಕೆ " "ಕಡಿಮೆ ಆದ್ಯತೆಯನ್ನು ಮತ್ತು ನಂತರದವುಗಳಿಗೆ ಹೆಚ್ಚಿನ ಆದ್ಯತೆಯನ್ನು ಬಳಸಿ." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ನಿಯಮವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ನಿಯಮವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ನಿಯಮವನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ನಿಯಮಗಳು" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ಪಾಸ್‌ತ್ರೂ ನಿಯಮಗಳನ್ನು ನೇರವಾಗಿ ಫೈರ್ವಾಲ್‌ ಮುಖಾಂತರ ಹಾದುಹೋಗುವಂತೆ ಮಾಡಲಾಗುತ್ತದೆ ಮತ್ತು ಅದನ್ನು " "ವಿಶೇಷ ಸರಣಿಗಳಲ್ಲಿ ಇರಿಸಲಾಗುವುದಿಲ್ಲ. ಎಲ್ಲಾ iptables, ip6tables ಮತ್ತು ebtables " "ಆಯ್ಕೆಗಳನ್ನು ಬಳಸಬಹುದು." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ಪಾಸ್‌ತ್ರೂ ನಿಯಮಗಳು ಫೈರ್ವಾಲ್‌ಗೆ ತೊಂದರೆ ಮಾಡದಂತೆ ದಯವಿಟ್ಟು ಎಚ್ಚರವಹಿಸಿ." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "ಪಾಸ್‌ತ್ರೂ ಅನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "ಪಾಸ್‌ತ್ರೂ ಅನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "ಪಾಸ್‌ತ್ರೂ ಅನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ಪಾಸ್‌ತ್ರೂ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ಲಾಕ್‌ಡೌನ್ ಸೌಲಭ್ಯವು firewalld ಗಾಗಿನ ಬಳಕೆದಾರ ಮತ್ತು ಅನ್ವಯ ಪಾಲಿಸಿಗಳ ಒಂದು ಹಗುರ " "ಆವೃತ್ತಿಯಾಗಿದೆ. ಇದು ಫೈರ್‌ವಾಲ್‌ಗೆ ಬದಲಾವಣೆಗಳನ್ನು ಮಿತಿಗೊಳಿಸುತ್ತದೆ. ಲಾಕ್‌ಡೌನ್‌ ವೈಟ್‌ಲಿಸ್ಟ್ " "ಆದೇಶಗಳು, ಸನ್ನಿವೇಶಗಳು, ಬಳಕೆದಾರರು ಮತ್ತು ಬಳಕೆದಾರ idಗಳನ್ನು ಹೊಂದಿರುತ್ತದೆ." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "ಸನ್ನಿವೇಶವನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "ಸನ್ನಿವೇಶವನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "ಸನ್ನಿವೇಶವನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "ಸನ್ನಿವೇಶಗಳು" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ವೈಟ್‌ಲಿಸ್ಟಿನಲ್ಲಿನ ಒಂದು ಆದೇಶದ ನಮೂದು ಒಂದು ಆಸ್ಟೆರಿಸ್ಕ್ '*' ಇಂದ ಕೊನೆಗೊಳ್ಳುತ್ತಿದ್ದರೆ, " "ಆದೇಶದಿಂದ ಆರಂಭಗೊಳ್ಳುವ ಎಲ್ಲಾ ಆದೇಶ ಸಾಲುಗಳು ಹೊಂದಿಕೆಯಾಗುತ್ತವೆ. '*' ಇಲ್ಲದೆ ಇದ್ದಲ್ಲಿ, " "ಪರಿಪೂರ್ಣವಾದ ಆದೇಶವನ್ನು ಹೊಂದಿರುವ ಆರ್ಗ್ಯುಮೆಂಟ್‌ಗಳು ಹೊಂದಿಕೆಯಾಗುವುದು ಅತ್ಯಗತ್ಯ." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ಆಜ್ಞಾ ಸಾಲನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ಆಜ್ಞಾ ಸಾಲನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ಆಜ್ಞಾ ಸಾಲನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ಆದೇಶ ಸಾಲುಗಳು" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ಬಳಕೆದಾರ ಹೆಸರುಗಳು." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ಬಳಕೆದಾರ ಹೆಸರನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ಬಳಕೆದಾರ ಹೆಸರನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ಬಳಕೆದಾರ ಹೆಸರನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ಬಳಕದಾರ ಹೆಸರುಗಳು" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ಬಳಕೆದಾರ idಗಳು." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ಬಳಕೆದಾರ Idಯನ್ನು ಸೇರಿಸು" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ಬಳಕೆದಾರ Idಯನ್ನು ಸಂಪಾದಿಸು" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ಬಳಕೆದಾರ Id ಯನ್ನು ತೆಗೆದುಹಾಕು" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ಬಳಕೆದಾರ idಗಳು" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ವ್ಯವಸ್ಥೆಯ ಪ್ರಸಕ್ತ ಪೂರ್ವನಿಯೋಜಿತ ವಲಯ." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "ಪ್ಯಾನಿಕ್ ಸ್ಥಿತಿ:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ಲಾಕ್‌ಡೌನ್:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ಪೂರ್ವನಿಯೋಜಿತ ವಲಯ:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ಸಂಪರ್ಕ ಸ್ಥಾನ ಹಾಗು ಪ್ರೋಟೊಕಾಲ್" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ಒಂದು ಸಂಪರ್ಕಸ್ಥಾನ ಮತ್ತು ಪ್ರೊಟೊಕಾಲ್ ಅನ್ನು ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ನೇರ ನಿಯಮ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "ದಯವಿಟ್ಟು ipv ಮತ್ತು ಕೋಷ್ಟಕವನ್ನು, ಸರಣಿ ಆದ್ಯತೆಯನ್ನು ಆರಿಸಿ ನಂತರ args ಅನ್ನು ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ಆದ್ಯತೆ:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ದಯವಿಟ್ಟು ಒಂದು ಪ್ರೊಟೊಕಾಲ್ ಅನ್ನು ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ಇತರೆ ಪ್ರೊಟೊಕಾಲ್:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ಸಮೃದ್ಧ ನಿಯಮ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ದಯವಿಟ್ಟು ಒಂದು ಸಮೃದ್ಧ ನಿಯಮವನ್ನು ನಮೂದಿಸು." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "ಆತಿಥೇಯ ಅಥವ ಜಾಲಬಂಧದ ವೈಟ್ ಅಥವ ಬ್ಲಾಕ್‌ಲಿಸ್ಟ್ ಮಾಡುವಿಕೆಗಾಗಿ ಅಂಶವನ್ನು ನಿಷ್ಕ್ರಿಯೊಳಿಸಿ." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ಆಕರ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ಗುರಿ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ಲಾಗ್:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ಆಡಿಟ್:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ಮತ್ತು ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ವಿಲೋಮಗೊಳಿಸಿದ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ಇದನ್ನು ನಿಷ್ಕ್ರಿಯಗೊಳಿಸಲು ಕ್ರಿಯೆಯು 'reject' ಮತ್ತು ಕುಟುಂಬವು (ಫ್ಯಾಮಿಲಿ) 'ipv4' ಅಥವ " "'ipv6' (ಎರಡೂ ಒಟ್ಟಿಗೆ ಅಲ್ಲ) ಆಗಿರಬೇಕು." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ಬಗೆಯೊಂದಿಗೆ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "ಮಿತಿಯೊಂದಿಗೆ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ಪೂರ್ವಪ್ರತ್ಯಯ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "ಮಟ್ಟ:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ಅಂಶ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ಕ್ರಿಯೆ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ಮೂಲಭೂತ ಸೇವೆಯ ಸಿದ್ಧತೆಗಳು" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ದಯವಿಟ್ಟು ಮೂಲಭೂತ ಸೇವೆಯ ಸಿದ್ಧತೆಗಳನ್ನು ಸಂರಚಿಸಿ:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ದಯವಿಟ್ಟು ಒಂದು ಸೇವೆಯನ್ನು ಆರಿಸಿ." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ಬಳಕೆದಾರ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ಬಳಕೆದಾರ id ಯನ್ನು ಇಲ್ಲಿ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ಬಳಕೆದಾರ ಹೆಸರನ್ನು ಇಲ್ಲಿ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ಮೂಲಭೂತ ವಲಯ ಸಿದ್ಧತೆಗಳು" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ದಯವಿಟ್ಟು ಮೂಲಭೂತ ವಲಯ ಸಿದ್ಧತೆಗಳನ್ನು ಸಂರಚಿಸಿ:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ಪೂರ್ವನಿಯೋಜಿತ ಗುರಿ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ಗುರಿ:" firewalld-0.8.2/po/pl.po0000664007115300711530000017074413641112251016256 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Andrzej Olszewski , 2004 # Piotr Drąg , 2007,2013-2014, 2020. # Tomasz Chrzczonowicz , 2009 # Tom Berner , 2005 # Tom Berner , 2004 # Piotr Drąg , 2015. #zanata, 2020. # Piotr Drąg , 2016. #zanata, 2020. # Piotr Drąg , 2017. #zanata, 2020. # Eric Garver , 2018. #zanata # Piotr Drąg , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2020-01-15 15:28+0000\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Aplet zapory sieciowej" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Zapora sieciowa" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Konfiguracja zapory sieciowej" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeństwo;" "zabezpieczenia;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Wybór strefy dla interfejsu „%s”" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Domyślna strefa" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Wybór strefy dla połączenia „%s”" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "Ustawienie strefy {zone} dla połączenia {connection_name} się nie powiodło" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Wybór strefy dla źródła „%s”" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Konfiguracja stref ochrony wysyłania/pobierania" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Tutaj można wybrać strefy używane do ochrony wysyłania/pobierania." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ta funkcja jest przydatna głównie dla użytkowników domyślnych stref. " "Przydatność dla użytkowników zmieniających strefy połączeń może być " "ograniczona." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Strefa ochrony wysyłania:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Przywróć domyślne" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Strefa ochrony pobierania:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "O programie %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autorzy" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licencja" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Ochrona wysyłania" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Powiadomienia" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Modyfikuj ustawienia zapory sieciowej…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Zmień strefy połączeń…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Skonfiguruj strefy ochrony wysyłania/pobierania..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokowanie całego ruchu sieciowego" #: ../src/firewall-applet.in:500 msgid "About" msgstr "O programie" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Połączenia" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfejsy" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Źródła" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Upoważnienie się nie powiodło." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nieprawidłowa nazwa" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Nazwa już istnieje" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Strefa: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Domyślna strefa: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Uzyskanie połączeń z usługi NetworkManager się nie powiodło" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Brak dostępnych importów usługi NetworkManager" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Brak połączenia z usługą zapory sieciowej" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Cały ruch sieciowy jest zablokowany." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Domyślna strefa: „%s”" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Domyślna strefa „{default_zone}” jest aktywna dla połączenia „{connection}” " "na interfejsie „{interface}”" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Strefa „{zone}” jest aktywna dla połączenia „{connection}” na interfejsie " "„{interface}”" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Strefa „{zone}” jest aktywna dla interfejsu „{interface}”" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Strefa „{zone}” jest aktywna dla źródła {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Brak aktywnych stref." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Nawiązano połączenie z usługą firewalld." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Utracono połączenie z usługą firewalld." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "Ponownie wczytano usługę firewalld." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Zmieniono domyślną strefę na „%s”." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Ruch sieciowy nie jest już zablokowany." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktywowana" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "dezaktywowana" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Domyślna strefa „{default_zone}” została {activated_deactivated} dla " "połączenia „{connection}” na interfejsie „{interface}”" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Strefa „{zone}” została {activated_deactivated} dla połączenia " "„{connection}” na interfejsie „{interface}”" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Strefa „{zone}” została {activated_deactivated} dla interfejsu „{interface}”" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Strefa „%s” została aktywowana dla interfejsu „%s”" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Strefa „{zone}” {activated_deactivated} dla źródła „{source}”" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Strefa „%s” została aktywowana dla źródła „%s”" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Nawiązano połączenie z usługą firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Próba połączenia z usługą firewalld, oczekiwanie…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Połączenie z firewalld nie powiodło się. Sprawdź, czy usługa została " "poprawnie uruchomiona, i ponów próbę." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Zastosowano zmiany." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Używane przez połączenie sieciowe „%s”" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Domyślna strefa używana przez połączenie sieciowe „%s”" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "włączone" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "wyłączone" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Wczytanie ikon się nie powiodło." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontekst" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Wiersz poleceń" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nazwa użytkownika" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Identyfikator użytkownika" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabela" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Łańcuch" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorytet" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenty" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Uruchamianie" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Trwałe" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Usługa" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokół" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Do portu" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Do adresu" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Dowiązania" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Wpis" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Typ ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Rodzina" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Działanie" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Źródło" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cel" #: ../src/firewall-config.in:834 msgid "log" msgstr "dziennik" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audyt" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfejs" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentarz" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Źródło" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Ostrzeżenie" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Błąd" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "akceptuj" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "odmów" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "odrzuć" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "ślad" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ogranicz" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "usługa" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokół" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskarada" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "blokada-icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "typ-icmp" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "przekierowywanie-portu" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "port-źródłowy" #: ../src/firewall-config.in:2097 msgid "level" msgstr "poziom" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "tak" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Strefa" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Domyślna strefa: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Strefa: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Strefa „%s”: usługa „%s” jest niedostępna." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Usuń" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Zignoruj" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Strefa „%s”: typ ICMP „%s” jest niedostępny." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Wbudowana strefa, zmiana nazwy nie jest obsługiwana." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "s" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "min" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "godz." #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dzień" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "awaria" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "krytyczne" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "błąd" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ostrzeżenie" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "uwaga" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informacje" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debugowanie" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "IPv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "IPv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Przekierowywanie do innego systemu jest przydatne tylko, jeśli interfejs " "jest za maskaradę.\n" "Umieścić tę strefę za maskaradą?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Wbudowana usługa, zmiana nazwy nie jest obsługiwana." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Proszę podać adres IPv4 w formie adres[/maska]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Maska może być maską sieci lub numerem." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Proszę podać adres IPv6 w formie adres[/maska]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Maska jest numerem." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Proszę podać adres IPv4 lub IPv6 w formie adres[/maska]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maska może być maską sieci lub numerem dla IPv4.\n" "Maska jest numerem dla IPv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Wbudowany zestaw adresów IP, zmiana nazwy nie jest obsługiwana." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Proszę wybrać plik" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Pliki tekstowe" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Wszystkie pliki" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Wszystko" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Wbudowany moduł pomocniczy, zmiana nazwy nie jest obsługiwana." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Wbudowane ICMP, zmiana nazwy nie jest obsługiwana." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Odczytanie pliku „%s” się nie powiodło: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Wybór strefy dla źródła %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adres" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatyczne moduły pomocnicze" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Proszę wybrać wartość automatycznych modułów pomocniczych:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Proszę podać wiersz poleceń." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Proszę podać kontekst." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Proszę wybrać domyślną strefę systemu z poniższej listy." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Bezpośredni łańcuch" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Proszę wybrać ipv i tablicę oraz podać nazwę łańcucha." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Łańcuch:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "zabezpieczenia" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tablica:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Reguła bezpośredniego przejścia" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Proszę wybrać ipv i podać parametry." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Parametry:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Przekierowanie portów" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Proszę wybrać wymagane opcje źródłowe i docelowe." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port/zakres portów:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Adres IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokół:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cel" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Jeśli włączono lokalne przekierowanie, to należy podać port. Ten port musi " "być różny od portu źródłowego." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokalne przekierowanie" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Przekierowanie do innego portu" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Ustawienia podstawowego modułu pomocniczego" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Proszę skonfigurować ustawienia podstawowego modułu pomocniczego:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Pogrubione wpisy są obowiązkowe, wszystkie pozostałe są opcjonalne." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nazwa:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Wersja:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Krótkie:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Opis:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Rodzina:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Moduł:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Moduł pomocniczy" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Proszę wybrać moduł pomocniczy:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Podstawowe ustawienia typu ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Proszę skonfigurować podstawowe ustawienia typu ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Typ ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Proszę wybrać typ ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Dodaj wpis" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Dodaj wpisy z pliku" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Usuń zaznaczony wpis" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Usuń wszystkie wpisy" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Usuń wpisy z pliku" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Plik" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opcje" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Ponownie wczytaj usługę firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Ponownie wczytuje reguły zapory sieciowej. Bieżąca trwała konfiguracja " "stanie się nową konfiguracją uruchamiania. Oznacza to, że wszystkie zmiany " "uruchamiania wprowadzone przed ponownym wczytaniem zostaną utracone, jeśli " "nie znajdują się także w trwałej konfiguracji." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Zmiana strefy, do której należy połączenie sieciowe." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Zmień domyślną strefę" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Zmiana domyślnej strefy dla połączeń lub interfejsów." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Zmień dziennik odmów" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Zmień wartość dziennika odmów." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Skonfiguruj przypisanie automatycznego modułu pomocniczego" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Skonfiguruj ustawienia przypisania automatycznego modułu pomocniczego." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Tryb paniki oznacza, że wszystkie pakiety przychodzące i wychodzące są " "odrzucane." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Tryb paniki" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Blokada blokuje konfigurację zapory sieciowej, więc tylko programy na białej " "liście blokady mogą ją zmieniać." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Blokada" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Trwała konfiguracja podczas uruchamiania" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Uruchamianie na stałe" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Widok" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "Zestawy adresów IP" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Typy ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Moduły pomocnicze" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Bezpośrednia konfiguracja" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Biała lista blokady" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktywne dowiązania" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Pomo_c" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zmień strefę" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Zmień strefę dowiązania" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ukrycie aktywnych dowiązań czasu uruchamiania połączeń, interfejsów i źródeł " "do stref" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Wyświetlenie aktywnych dowiązań czasu uruchamiania połączeń, interfejsów " "i źródeł do stref" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguracja:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Obecnie widoczna konfiguracja. Konfiguracja podczas uruchamiania jest " "właściwą aktywną konfiguracją. Trwała konfiguracja stanie się aktywną po " "ponownym wczytaniu albo uruchomieniu usługi lub systemu." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Strefa usługi firewalld określa poziom zaufania dla połączeń sieciowych, " "interfejsów i adresów źródłowych powiązanych ze strefą. Strefa łączy usługi, " "porty, protokoły, maskarady, przekierowywanie portów/pakietów, filtry ICMP " "i złożone reguły. Strefa może być także powiązana z interfejsami i adresami " "źródłowymi." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Dodaj strefę" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Modyfikuj strefę" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Usuń strefę" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Wczytaj domyślne ustawienia strefy" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Tutaj można określić zaufane usługi w strefie. Zaufane usługi są dostępne ze " "wszystkich komputerów i sieci, które mogą osiągnąć ten komputer z połączeń, " "interfejsów i źródeł powiązanych z tą strefą." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Usługi" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Dodanie dodatkowych portów lub zakresów portów, które mają być dostępne dla " "wszystkich komputerów i sieci, które mogą łączyć się z tym komputerem." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Dodaj port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Modyfikuj port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Usuń port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porty" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Można dodać protokoły, które mają być dostępne dla wszystkich komputerów " "i sieci." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Dodaj protokół" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Modyfikuj protokół" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Usuń protokół" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoły" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Dodanie dodatkowych portów lub zakresów portów źródłowych, które mają być " "dostępne dla wszystkich komputerów i sieci, które mogą łączyć się z tym " "komputerem." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Porty źródłowe" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskarada umożliwia ustawienie komputera lub routera łączącego lokalny " "komputer z Internetem. Lokalna sieć nie będzie widoczna i będzie występować " "w Internecie jako jeden adres. Maskaradę można ustawić tylko dla IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Strefa maskarady" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Jeśli włączono maskaradę, to przekierowanie IP zostanie włączone dla sieci " "IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskarada" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Można dodać wpisy, aby przekierowywać porty w obrębie lokalnego systemu lub " "z lokalnego systemu do innego. Przekierowanie do innego systemu jest " "przydatne tylko, jeśli interfejs jest za maskaradą. Przekierowanie portów " "działa tylko dla IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Dodaj port przekierowywania" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Modyfikuj port przekierowywania" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Usuń port przekierowywania" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internetowy protokół kontroli komunikatów (ICMP) jest używany głównie do " "wysyłania komunikatów błędów między komputerami sieciowymi, ale także " "dodatkowo do komunikatów informacyjnych, takich jak żądania i odpowiedzi " "ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Można zaznaczyć typy ICMP na liście, które powinny być odrzucane. Wszystkie " "inne typy ICMP będą mogły przechodzić przez zaporę sieciową. Domyślnie nie " "ma ograniczeń." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Jeśli filtr jest odwrócony, to oznaczone wpisy ICMP są akceptowane, " "a pozostałe są odrzucane. W strefie z celem DROP są one odrzucane." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Odwróć filtr" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtr ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Tutaj można ustawić złożone reguły dla strefy." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Dodaj złożoną regułę" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Modyfikuj złożoną regułę" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Usuń złożoną regułę" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Złożone reguły" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Dodanie wpisów do dowiązania interfejsów do strefy. Jeśli interfejs będzie " "używany przez połączenie, to strefa zostanie ustawiona na strefę podaną " "w połączeniu." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Dodaj interfejs" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Modyfikuj interfejs" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Usuń interfejs" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Dodanie wpisów do dowiązania adresów źródłowych lub obszarów do strefy. " "Można także dowiązywać do źródłowych adresów MAC, ale z ograniczeniami — " "przekierowywanie portów i maskarada nie będą działały." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Dodaj źródło" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Modyfikuj źródło" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Usuń źródło" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Strefy" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Usługa firewalld to połączenie portów, protokołów, modułów i adresów " "docelowych." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Dodaj usługę" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Modyfikuj usługę" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Usuń usługę" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Wczytaj domyślne ustawienia usługi" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Można dodać dodatkowe porty lub zakresy portów, które mają być dostępne dla " "wszystkich komputerów i sieci." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Modyfikuj wpis" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Usuń wpis" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Można dodać dodatkowe porty lub zakresy portów źródłowych, które mają być " "dostępne dla wszystkich komputerów i sieci." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Port źródłowy" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Moduły pomocnicze filtra sieci są wymagane przez niektóre usługi." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduły" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Jeśli podano adresy docelowe, to wpis usługi zostanie ograniczony do adresu " "docelowego i typu. Jeśli oba wpisy są puste, to nie ma ograniczenia." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Usługi mogą być zmieniane tylko w widoku konfiguracji trwałej. Konfiguracja " "usług w czasie uruchamiania jest stała." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Zestaw adresów IP może być używany do tworzenia białych i czarnych list, " "i może przechowywać na przykład adresy IP, numery portów i adresy MAC. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "Zestaw adresów IP" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Dodaj zestaw adresów IP" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Modyfikuj zestaw adresów IP" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Usuń zestaw adresów IP" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Wczytaj domyślny zestaw adresów IP" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Wpisy zestawu adresów IP. Będą widoczne tylko wpisy zestawów nieużywających " "opcji czasu ograniczenia, a także tylko wpisy dodane przez usługę firewalld. " "Wpisy dodane bezpośrednio za pomocą polecenia ipset nie będą widoczne." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Ten zestaw adresów IP używa opcji czasu oczekiwania, więc wpisy nie są " "widoczne w tym miejscu. Powinny one być ustawiane bezpośrednio za pomocą " "polecenia ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Dodaj" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Wpisy" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Zestawy adresów IP mogą być tworzone i usuwane tylko w widoku konfiguracji " "trwałej." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "icmptype dla firewalld dostarcza informacje o typach ICMP (Internet Control " "Message Protocol) usłudze firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Dodaj typ ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Modyfikuj typ ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Usuń typ ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Wczytaj domyślne ustawienia typu ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Określa, czy ten typ ICMP jest dostępny dla IPv4 lub IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Typy ICMP mogą być zmieniane tylko w widoku konfiguracji trwałej. " "Konfiguracja typów ICMP w czasie uruchamiania jest stała." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Moduł pomocniczy śledzenia połączenia pomaga w działaniu protokołów " "używających innych rodzajów sygnalizowania i przesyłania danych. Przesyłanie " "danych używa portów niepowiązanych z sygnalizowanym połączeniem, więc bez " "modułu pomocniczego jest blokowane przez zaporę sieciową." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Proszę określić porty lub zakresy portów monitorowane przez moduł pomocniczy." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Bezpośrednia konfiguracja umożliwia bardziej bezpośredni dostęp do zapory " "sieciowej. Te opcje wymagają od użytkownika znajomości podstawowych pojęć " "iptables, tzn. tablice, łańcuchy, polecenia, parametry i cele. Bezpośrednia " "konfiguracja powinna być używana tylko w ostateczności, kiedy nie można użyć " "innych funkcji firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Parametr ipv każdej opcji musi wynosić ipv4, ipv6 lub eb. Parametr ipv4 " "będzie używany dla iptables, ipv6 dla ip6tables, a eb dla mostków " "ethernetowych (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Dodatkowe łańcuchy używane z regułami." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Dodaj łańcuch" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Modyfikuj łańcuch" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Usuń łańcuch" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Łańcuchy" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Dodaje regułę z parametrami do łańcucha w tablicy z priorytetem." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Priorytet jest używany do porządkowania reguł. Priorytet 0 oznacza dodanie " "reguły na górze łańcucha, reguły o wyższym priorytecie będą dodawane niżej. " "Reguły o tym samym priorytecie są na tym samym poziomie, a kolejność tych " "reguł nie jest stała i może ulec zmianie. Aby upewnić się, że reguła " "zostanie dodana po innej, należy użyć niskiego priorytetu dla pierwszej, " "a wyższego dla drugiej." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Dodaj regułę" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Modyfikuj regułę" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Usuń regułę" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Reguły" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Reguły przejścia są bezpośrednio przekazywane do zapory sieciowej i nie są " "umieszczane w specjalnych łańcuchach. Wszystkie opcje iptables, ip6tables " "i ebtables mogą być używane." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Proszę zachować ostrożność przy regułach przejścia, aby nie uszkodzić zapory " "sieciowej." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Dodaj przejście" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Modyfikuj przejście" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Usuń przejście" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Przejście" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funkcja blokady jest lekką wersją polityk użytkownika i programów dla usługi " "firewalld. Ogranicza ona zmiany do zapory sieciowej. Biała lista blokady " "może zawierać polecenia, konteksty, użytkowników i ich identyfikatory." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontekst to kontekst zabezpieczeń (SELinux) uruchomionego programu lub " "usługi. Należy użyć polecenia ps -e --context, aby uzyskać kontekst " "uruchomionego programu." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Dodaj kontekst" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Modyfikuj kontekst" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Usuń kontekst" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Konteksty" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Jeśli wpis polecenia na białej liście kończy się gwiazdką „*”, to wszystkie " "wiersze poleceń zaczynające się od danego polecenia będą pasowały. Jeśli „*” " "nie zostanie użyte, to polecenia bezwzględne muszą się zgadzać." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Dodaj wiersz poleceń" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Modyfikuj wiersz poleceń" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Usuń wiersz poleceń" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Wiersze poleceń" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nazwy użytkowników." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Dodaj nazwę użytkownika" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Modyfikuj nazwę użytkownika" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Usuń nazwę użytkownika" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nazwy użytkowników" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identyfikatory użytkowników." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Dodaj identyfikator użytkownika" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Modyfikuj identyfikator użytkownika" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Usuń identyfikator użytkownika" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identyfikatory użytkowników" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Bieżąca domyślna strefa systemu." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Dziennik odmów:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Tryb paniki:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatyczne moduły pomocnicze:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Blokada:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Domyślna strefa:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Wprowadź nazwę initerfejsu:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Podstawowe ustawienia zestawu adresów IP" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Proszę skonfigurować podstawowe ustawienia zestawu adresów IP:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Czas oczekiwania:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Rozmiar sumy kontrolnej:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maksymalna liczba elementów:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Czas oczekiwania w sekundach" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Początkowy rozmiar sumy kontrolnej, domyślnie 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maksymalna liczba elementów, domyślnie 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Proszę wybrać zestaw adresów IP:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Wprowadź wpis zestawu adresów IP:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Dziennik odmów" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Proszę wybrać wartości dziennika odmów:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Ślad" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Proszę podać ślad z opcjonalną maską." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Pola śladu i maski są 32-bitowymi szerokimi liczbami bez znaku." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Ślad:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maska:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Proszę wybrać moduł pomocniczy „conntrack” filtra sieci:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Wybierz -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Inny moduł:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port i protokół" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Proszę podać port i protokół." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Reguła bezpośrednia" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Proszę wybrać ipv i tablicę, priorytet łańcucha i podać parametry." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorytet:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Proszę podać protokół." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Inny protokół:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Złożona reguła" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Proszę podać złożoną regułę." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Aby dodać komputer lub sieć do białej lub czarnej listy, należy dezaktywować " "element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Źródło:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cel:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Dziennik:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audyt:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 i IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "odwrócone" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Aby to włączyć, działanie musi wynosić „reject”, a rodzina „ipv4” lub " "„ipv6” (nie oba)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "z typem:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Z ograniczeniem:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Przedrostek:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Poziom:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Działanie:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Podstawowe ustawienia usług" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Proszę skonfigurować podstawowe ustawienia usług:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Proszę wybrać usługę." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Wprowadź źródło." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Identyfikator użytkownika" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Proszę podać identyfikator użytkownika." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Proszę podać nazwę użytkownika." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etykieta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Podstawowe ustawienia strefy" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Proszę skonfigurować podstawowe ustawienia strefy:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Domyślny cel" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cel:" firewalld-0.8.2/po/el.po0000664007115300711530000014713613641112250016241 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # ioza1964, 2013 # ioza1964, 2013 # Kranias Orestis , 2013 # mitzie , 2013 # mitzie , 2013 # Vasilis , 2012 # Vasilis , 2012 # Αικατερίνη Χ. Καταπόδη , 2013 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:27+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Greek (http://www.transifex.com/projects/p/firewalld/language/" "el/)\n" "Language: el\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Μικροεφαρμογή τείχους προστασίας" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Τείχος προστασίας" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Ρύθμιση τείχους προστασίας" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Ζώνη '%s' ενεργοποιήθηκε για την διεπαφή '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Επεξεργασία ζωνών ασπίδων πάνω/κάτω" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Εδώ μπορείτε να επιλέξετε τις ζώνες που χρησιμοποιούνται για τις ασπίδες " "πάνω και ασπίδες κάτω." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Αυτό το χαρακτηριστικό είναι χρήσιμο για τους ανθρώπους που χρησιμοποιούν " "τις προεπιλεγμένες ζώνες περισσότερο. Για χρήστες, που αλλάζουν ζώνες από " "συνδέσεις, μπορεί να είναι περιορισμένης χρήσης." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Ζώνη ασπίδων πάνω:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Ζώνη ασπίδων κάτω:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Ασπίδες πάνω" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Ενεργοποίηση ειδοποιήσεων" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Επεξεργασία ρυθμίσεων τείχους προστασίας..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Αλλάξτε τις Ζώνες Σύνδεσης " #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Επεξεργασία ζωνών ασπίδων πάνω/κάτω..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Φραγή όλης της κίνησης δικτύου" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Δεν υπάρχει σύνδεση." #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<περιβάλλον>" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Η εξουσιοδότηση απέτυχε." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Το όρισμα %s είναι λάθος." #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Το όνομα ήδη υπάρχει " #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Δεν υπάρχει σύνδεση στον δαίμονα του Firewall" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Όλη η κίνηση δικτύου είναι φραγμένη." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Ζώνη '{zone}' ενεργή για σύνδεση '{connection}' στην διεπαφή '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Ζώνη '{zone}' ενεργή για την διεπαφή '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Δεν υπάρχουν ενεργές ζώνες" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Η σύνδεση στο FirewallD επιτεύχθηκε." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Η σύνδεση στο FirewallD χάθηκε." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "Έγινε επανεκκίνηση του FirewallD" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Η προεπιλεγμένη ζώνη άλλαξε σε '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Η κίνηση δικτύου δεν είναι άλλο φραγμένη." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "ενεργοποιήθηκε" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "απενεργοποιήθηκε" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Ζώνη '{zone}' {activated_deactivated} για σύνδεση '{connection}' στην " "διεπαφή '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Ζώνη '{zone}' {activated_deactivated} για την διεπαφή '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Ζώνη '%s' ενεργοποιήθηκε για την διεπαφή '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Απέτυχε η φόρτωση εικονιδίων." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Υπηρεσία" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Πόρτα" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Πρωτόκολλο" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Στην πόρτα" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Στην διεύθυνση" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Τύπος Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Πηγή" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "προσοχή" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Σφάλμα" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Ζώνη" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Ζώνη '%s'. Η υπηρεσία '%s' δεν είναι διαθέσιμη " #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Αφαίρεσε την Ζώνη" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Αγνοήστε " #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Ζώνη '%s'. Ο τύπος ICMP '%s' δεν είναι διαθέσιμος." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Ενσωματωμένη ζώνη, η μετονομασία δεν υποστηρίζεται." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Ενσωματωμένη υπηρεσία, η μετονομασία δεν υποστηρίζεται." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Ενσωματωμένος icmp, η μετονομασία δεν υποστηρίζεται." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Διεύθυνση" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Προώθηση πόρτας" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Παρακαλώ επιλέξτε τις επιλογές πηγής και προορισμού βάση των αναγκών σας." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Πόρτα / Εμβέλεια πόρτων:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Διεύθυνση IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Πρωτόκολλο" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Προορισμός" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Αν ενεργοποιήσετε την τοπική προώθηση, πρέπει να καθορίσετε μια πόρτα. Αυτή " "η πόρτα πρέπει να είναι διαφορετική από την πηγαία πόρτα." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Τοπική προώθηση" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Προώθηση σε άλλη πόρτα" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" "Οι καταχωρήσεις στα έντονα είναι απαραίτητες, όλες οι άλλες προαιρετικές." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Ονομασία:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Έκδοση:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Ταξηνόμηση:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Περιγραφή:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Ρυθμίσεις βάσης τύπου ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Παρακαλώ διαμορφώστε τις ρυθμίσεις βάσης τύπου ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Τύπος ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Προσθήκη καταχώρησης" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Αρχείο" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Επιλογές" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Επανεκκίνηση Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Αλλαγή προεπιλεγμένης ζώνης" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Βοήθεια" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Τρέχουσες ορατές ρυθμίσεις. Οι διαμόρφωση κατά την εκκίνηση είναι η " "πραγματικά ενεργή διαμόρφωση. Η επίμονη διαμόρφωση θα είναι ενεργή μετά από " "επανεκκίνηση της υπηρεσίας ή του συστήματος." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Προσθήκη ζώνης" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Επεξεργασία ζώνης" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Αφαίρεση ζώνης" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Φόρτωση προεπιλεγμένων ζώνης" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Υπηρεσίες" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Στην πόρτα" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Επεξεργασία της Ζώνης" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Αφαίρεσε την Ζώνη" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Πόρτες" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Το μασκάρισμα σας επιτρέπει να στίσετε έναν υπολογιστή ή ρούτερ που συνδέει " "το τοπικό σας δίκτυο στο ίντερνετ. Το τοπικό σας δίκτυο δεν θα είναι ορατό " "και οι υπολογιστές θα εμφανίζονται ως μια μοναδική διεύθυνση στο ίντερνετ. " "Το μασκάρισμα είναι IPv4 μόνο." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Ζώνη μασκαρίσματος" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Αν ενεργοποιήσετε το μασκάρισμα, Η προώθηση IP θα ενεργοποιηθεί για τα IPv4 " "δίκτυα σας." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Μασκάρισμα" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Προσθήκη καταχωρίσεων για την προώθηση πορτών είτε από μια πόρτα σε άλλη στο " "τοπικό σύστημα ή από το τοπικό σύστημα σε άλλο σύστημα. Η προώθηση σε άλλο " "σύστημα είναι χρήσιμη μόνο αν η διεπαφή είναι μασκαρισμένη. Η προώθηση " "πορτών είναι IPv4 μόνο." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Πρόσθεση της Πύλης Προώθησης " #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Εκδοση της Πύλης Προώθησης " #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Αφαιρέστε την Πύλη Εισόδου Προώθησης " #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Το Internet Control Message Protocol (ICMP) χρησιμοποιείται κυρίως για την " "αποστολή μηνυμάτων σφαλμάτων μεταξύ υπολογιστές του δικτύου, αλλά επιπλέον " "για ενημερωτικά μηνύματα όπως αιτήματα ping και απαντήσεις." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Σημειώστε όλους τους τύπους ICMP στη λίστα, η οποία θα πρέπει να απορριφθεί. " "Όλοι οι άλλοι τύποι ICMP επιτρέπονται να περάσουν το τείχος προστασίας. Η " "προεπιλογή είναι να μην υπάρχει κανένας περιορισμός." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Φίλτρο ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Προσθήκη υπηρεσίας" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Επεξεργασία υπηρεσίας" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Αφαίρεση υπηρεσίας" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Φόρτωση προεπιλεγμένων υπηρεσίας" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Επεξεργασία καταχώρησης" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Αφαίρεση καταχώρησης" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Αρθρώματα" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Εάν καθορίσετε τις διευθύνσεις προορισμού, η έναρξη παροχής υπηρεσιών θα " "πρέπει να περιορίζεται στη διεύθυνση προορισμού και το είδος. Αν και οι δύο " "καταχωρίσεις είναι κενές, δεν υπάρχει περιορισμός." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Προσθήκη τύπου ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Επεξεργασία τύπου ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Αφαίρεση τύπου ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Φόρτωση προεπιλεγμένων τύπου ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Τρέχουσα προεπιλεγμένη ζώνη συστήματος." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Προεπιλεγμένη ζώνη:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Πόρτα και πρωτόκολλο" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Παρακαλώ εισάγετε μια πόρτα και πρωτόκολλο" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Άλλο πρωτόκολλο" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Ρυθμίσεις υπηρεσίας βάσης" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Παρακαλώ διαμορφώστε τις ρυθμίσεις υπηρεσίας βάσης" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Ρυθμίσεις βάσης ζώνης" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Παρακαλώ διαμορφώστε τις ρυθμίσεις υπηρεσίας ζώνης" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Προεπιλεγμένος στόχος" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Στόχος:" firewalld-0.8.2/po/hu.po0000664007115300711530000017413313641112251016253 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Arpad Biro , 2004,2006,2008 # teknos.ferenc , 2013 # Gabor Mako , 2009 # Gábor Szentiványi , 2006 # István Zoltán Nagy , 2009 # Kovács Tamás , 2009 # Gabor Mako , 2009 # István Zoltán Nagy , 2009 # Nikolas Slivka , 2010 # Szentiványi Gábor , 2006 # Tamas Szanto , 2003 # teknos.ferenc , 2013 # teknos.ferenc , 2013 # Zoltan Hoppár , 2012-2013 # Meskó Balázs , 2017. #zanata # Eric Garver , 2018. #zanata # Meskó Balázs , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:24+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Hungarian (http://www.transifex.com/projects/p/firewalld/" "language/hu/)\n" "Language: hu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Tűzfal kisalkalmazás" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Tűzfal" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Tűzfal beállítások" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "tűzfal;hálózat;biztonság;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Zóna kiválasztása a(z) „%s” csatolóhoz" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Alapértelmezett zóna" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Zóna kiválasztása a(z) „%s” kapcsolathoz" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "Nem sikerült beállítani a(z) {zone} zónát a(z) {connection_name} kapcsolathoz" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Zóna kiválasztása a(z) „%s” forráshoz" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "A pajzsok fent/lent zónák beállítása" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Itt kiválaszthatja a használandó zónákat a „Pajzsok fent” és a „Pajzsok " "lent” funkcióhoz." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ez a funkció azoknak hasznos, akik főleg az alapértelmezett zónákat " "használják. Azoknál a felhasználóknál, akik megváltoztatják a kapcsolatok " "zónáit, korlátozottan lehet hasznos." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "„Pajzsok fent” zóna:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Visszaállítás az alapértelmezettre" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "„Pajzsok lent” zóna:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "A %s névjegye" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Szerzők" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licenc" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Pajzsok fent" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Értesítések engedélyezése" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Tűzfal-beállítások szerkesztése…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Kapcsolatok zónáinak módosítása…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "A „Pajzsok fent/lent” zónák beállítása…" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Összes hálózati forgalom blokkolása" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Névjegy" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Kapcsolatok" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Csatolók" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Források" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "A hitelesítés meghiúsult." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Érvénytelen név" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "A név már létezik" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (zóna: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (alapértelmezett zóna: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nem sikerült lekérni a kapcsolatokat a NetworkManagerből" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nem érhetők el NetworkManager importok" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Nincs kapcsolat a tűzfaldémonnal" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Az összes hálózati forgalom blokkolva van." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Alapértelmezett zóna: „%s”" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "A(z) „{default_zone}” alapértelmezett zóna aktív a(z) „{connection}” " "kapcsolatnál ezen a csatolón: „{interface}”" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "A(z) „{zone}” zóna aktív a(z) „{connection}” kapcsolatnál ezen a csatolón: " "„{interface}”" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "A(z) „{zone}” zóna aktív a(z) „{interface}” csatolón" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "A(z) „{zone}” zóna aktív a(z) {source} forrásnál" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Nincsenek aktív zónák." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "A FirewallD kapcsolat felépült." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "A FirewallD kapcsolat elveszett." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "A FirewallD újra lett töltve." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Az alapértelmezett zóna megváltoztatva erre: „%s”." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "A hálózati forgalom többé már nincs blokkolva." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "bekapcsolva" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "kikapcsolva" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "A(z) „{default_zone}” alapértelmezett zóna {activated_deactivated} a(z) " "„{connection}” kapcsolatnál ezen a csatolón: „{interface}”" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "A(z) „{zone}” zóna {activated_deactivated} a(z) „{connection}” kapcsolatnál " "ezen a csatolón: „{interface}”" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "A(z) „{zone}” zóna {activated_deactivated} ezen a csatolón: „{interface}”" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "A(z) „%s” zóna bekapcsolva ezen a csatolón: „%s”" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "A(z) „{zone}” zóna {activated_deactivated} a(z) „{source}” forrásnál" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "A(z) „%s” zóna bekapcsolva a(z) „%s” forrásnál" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "A FirewallD kapcsolat felépült." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Kapcsolódási kísérlet a FirewallD-hez, várakozás…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Nem sikerült kapcsolódni a FirewallD szolgáltatáshoz. Ellenőrizze, hogy a " "szolgáltatás megfelelően el lett-e indítva, és próbálja újra." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "A változások alkalmazva." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "A(z) „%s” hálózati kapcsolat által használt" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "A(z) „%s” hálózati kapcsolat által használt alapértelmezett zóna" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "engedélyezve" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "letiltva" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Az ikonok betöltése meghiúsult." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Környezet" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Parancssor" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Felhasználónév" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Felhasználóazonosító" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Táblázat" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Lánc" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritás" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentumok" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Futásidejű" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Állandó" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Szolgáltatás" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Célport" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Célcím" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Kötések" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Bejegyzés" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp típus" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Család" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Művelet" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elem" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Forrás" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cél" #: ../src/firewall-config.in:834 msgid "log" msgstr "napló" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Csatoló" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Megjegyzés" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Forrás" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Figyelmeztetés" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Hiba" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "elfogadás" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "elutasítás" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "eldobás" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "megjelölés" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "korlát" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "szolgáltatás" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maszkolás" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-blokk" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-típus" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "port-továbbítás" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "forrásport" #: ../src/firewall-config.in:2097 msgid "level" msgstr "szint" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "igen" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zóna" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Alapértelmezett zóna: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zóna: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "„%s” zóna: a(z) „%s” szolgáltatás nem érhető el." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Eltávolítás" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Mellőzés" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "„%s” zóna: a(z) „%s” ICMP-típus nem érhető el." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Beépített zóna, az átnevezés nem támogatott." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "másodperc" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "perc" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "óra" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "nap" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "vészjelzés" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "riasztás" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritikus" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "hiba" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "figyelmeztetés" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "megjegyzés" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "információ" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "hibakeresés" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "A továbbítás egy másik rendszerbe csak akkor hasznos, ha a csatoló maszkolva " "van.\n" "Szeretné maszkolni ezt a zónát?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Beépített szolgáltatás, az átnevezés nem támogatott." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Adjon meg egy IPv4-címet cím[/maszk] formában." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "A maszk lehet hálózati maszk vagy szám." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Adjon meg egy IPv6-címet cím[/maszk] formában." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "A maszk egy szám." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Adjon meg egy IPv4 vagy IPv6-címet cím[/maszk] formában." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "A maszk lehet hálózati maszk vagy szám az IPv4 esetén.\n" "A maszk egy szám az IPv6-nál." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Beépített IP-készlet, az átnevezés nem támogatott." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Válasszon egy fájlt" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Szövegfájlok" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Összes fájl" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Összes" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Beépített segéd, az átnevezés nem támogatott." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Beépített icmp, az átnevezés nem támogatott." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nem sikerült a(z) „%s” fájlt olvasni: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Zóna kiválasztása a(z) „%s” forráshoz" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Cím" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatikus segédek" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Válassza ki az automatikus segédek értékét:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Adja meg a parancssort." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Adja meg a környezetet." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Válasszon alapértelmezett zónát az alábbi listából." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Közvetlen lánc" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Válasszon ipv-t és táblát, majd adja meg a lánc nevét." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Lánc:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "nyers" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "biztonság" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tábla:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Közvetlen áteresztő szabály" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Válasszon ipv-t, és adja meg az argumentumokat." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentumok:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port továbbítás" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Válassza ki a forrás és cél lehetőségeket az igényei szerint." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / porttartomány:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-cím:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cél" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ha engedélyezi a helyi továbbítást, akkor meg kell adnia egy portot. Ennek a " "portnak különböznie kell lennie a forrásporttól." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Helyi továbbítás" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Továbbítás egy másik portra" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Alap segéd beállítások" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Állítsa be az alap segéd beállításokat:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "A vastag bejegyzések kötelezők, az összes többi választható." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Név:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Verzió:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Rövid:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Leírás:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Család:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Segéd" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Válasszon segédet:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Alap ICMP-típus beállítások" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Állítsa be az alap ICMP-típus beállításokat:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-típus" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Válasszon ICMP-típust" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Bejegyzés hozzáadása" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Bejegyzések hozzáadása fájlból" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Kijelölt bejegyzés eltávolítása" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Összes bejegyzés eltávolítása" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Bejegyzések eltávolítása fájlból" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fájl" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "Beállítás_ok" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "A Firewalld újratöltése" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Újratölti a tűzfalszabályokat. A jelenlegi állandó beállítás válik majd az " "új futásidejű beállítássá, azaz minden kizárólag futásidejű változtatás " "elvész a következő újratöltéskor, ha az nem található meg az állandó " "beállítások között is." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" "Annak megváltoztatása, hogy mely zóna melyik hálózati kapcsolathoz tartozik." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Alapértelmezett zóna megváltoztatása" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" "Alapértelmezett zóna megváltoztatása a kapcsolatoknál vagy csatolóknál." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Megtagadottak naplójának megváltoztatása" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "A LogDenied értékének megváltoztatása." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Automatikus segéd hozzárendelés beállítása" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Automatikus segéd hozzárendelés beállításának megváltoztatása." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "A pánik mód azt jelenti, hogy az összes bejövő és kimenő csomag eldobásra " "kerül." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Pánik mód" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "A zárolás lezárja a tűzfal beállítását, így csak azok az alkalmazások " "képesek megváltoztatni azt, amelyek rajta vannak a fehér listán." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Zárolás" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Legyen a futásidejű beállítás állandó" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Futásidejűből állandóvá" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Nézet" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IP-készletek" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-típusok" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Segédek" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Közvetlen beállítás" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Zárolási fehér lista" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktív kötések" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Súgó" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zóna megváltoztatása" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Kötés zónájának megváltoztatása" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "A zónákhoz tartozó kapcsolatok, csatolók és források aktív futásidejű " "kötéseinek elrejtése" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "A zónákhoz tartozó kapcsolatok, csatolók és források aktív futásidejű " "kötéseinek megjelenítése" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Beállítás:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Jelenleg látható beállítás. A futásidejű beállítás a jelenleg aktív " "beállítás. Az állandó beállítás akkor lesz aktív, ha a szolgáltatás vagy a " "rendszer újratölt vagy újraindul." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Egy firewalld határozza meg a bizalmi szintet a zónához kötött hálózati " "kapcsolatoknál, csatolóknál és forráscímeknél. A zóna egyesíti " "szolgáltatásokat, portokat, protokollokat, maszkolást, portok/csomagok " "továbbítását, ICMP-szűrőket és a gazdag szabályokat. A zóna köthető " "csatolókhoz és forráscímekhez." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Zóna hozzáadása" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Zóna szerkesztése" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Zóna eltávolítása" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Zóna alapértékeinek betöltése" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Itt meghatározhatja meg, hogy mely szolgáltatások megbízhatóak a zónában. A " "megbízható szolgáltatások elérhetőek az olyan összes gépről és hálózatból, " "amelyeket elérhet a gép az ezzel a zónával összekötött kapcsolatokból, " "csatolókból és forrásokból." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Szolgáltatások" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "További portok vagy porttartományok hozzáadása, melyeknek elérhetőknek kell " "lenniük az összes olyan gépnél vagy hálózatnál, amelyek a géphez " "kapcsolódhatnak." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Port hozzáadása" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Port szerkesztése" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Port eltávolítása" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portok" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Protokollok hozzáadása, amelyeknek elérhetőknek kell lenniük az összes " "gépnél vagy hálózatnál." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Protokoll hozzáadása" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Protokoll szerkesztése" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Protokoll eltávolítása" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokollok" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "További forrásportok vagy porttartományok hozzáadása, melyeknek elérhetőknek " "kell lenniük az összes olyan gépnél vagy hálózatnál, amelyek a géphez " "kapcsolódhatnak." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Forrásportok" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "A maszkolás lehetővé teszi egy olyan gép vagy útválasztó beállítását, amely " "összekapcsolja a helyi hálózatot az internettel. A helyi hálózat nem lesz " "látható, és a gépek egyetlen címként jelennek meg az interneten. A maszkolás " "csak IPv4 esetén használható." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zóna maszkolása" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ha engedélyezi a maszkolást, akkor az IP-továbbítás engedélyezve lesz az " "IPv4 hálózatainál." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maszkolás" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Bejegyzések hozzáadása portok továbbításához vagy egy portról egy másikra a " "helyi rendszeren, vagy a helyi rendszerről egy másik rendszerre. Egy másik " "rendszerre történő továbbítás csak akkor hasznos, ha a csatoló maszkolva " "van. A port továbbítás csak IPv4 esetén használható." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Port továbbítás hozzáadása" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Port továbbítás szerkesztése" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Port továbbítás eltávolítása" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Az Internet Control Message Protocol (ICMP) általában hálózatba kötött " "számítógépek közti hibaüzenetek küldésére használható, de emellett " "tájékoztató üzenetekhez is használják, mint a ping kérések és válaszok." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Az ICMP-típusok megjelölése a listában, melyeket el kell utasítani. Az " "összes többi ICMP-típus engedélyezett, hogy átmenjen a tűzfalon. " "Alapértelmezetten nincs korlátozás." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Ha a fordított szűrő engedélyezve van, akkor a megjelölt ICMP-bejegyzések " "lesznek elfogadva, és a többi lesz elutasítva. A DROP céllal rendelkező " "zónában ezek el lesznek dobva." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Szűrő megfordítása" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-szűrő" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Itt beállíthat be gazdag nyelvi szabályokat a zónához." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Gazdag szabály hozzáadása" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Gazdag szabály szerkesztése" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Gazdag szabály eltávolítása" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Gazdag szabályok" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Bejegyzések hozzáadása a csatolók zónához kötéséhez. Ha a csatolót használni " "fogja egy kapcsolat, akkor a zóna a kapcsolatban meghatározott zónára lesz " "állítva." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Csatoló hozzáadása" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Csatoló szerkesztése" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Csatoló eltávolítása" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Bejegyzések hozzáadása forráscímek vagy területek zónához kötéséhez. Kötheti " "MAC forráscímhez is, de korlátozásokkal. A port továbbítás és a maszkolás " "nem fog működni MAC források kötéseinél." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Forrás hozzáadása" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Forrás szerkesztése" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Forrás eltávolítása" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zónák" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Egy firewalld szolgáltatás portok, protokollok, modulok és célcímek " "kombinációja." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Szolgáltatás hozzáadása" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Szolgáltatás szerkesztése" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Szolgáltatás eltávolítása" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Szolgáltatás alapértékeinek betöltése" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "További portok vagy porttartományok hozzáadása, melyeknek elérhetőknek kell " "lenniük az összes gépnél vagy hálózatnál." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Bejegyzés szerkesztése" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Bejegyzés eltávolítása" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "További forrásportok vagy porttartományok hozzáadása, melyeknek elérhetőknek " "kell lenniük az összes gépnél vagy hálózatnál." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Forrásport" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter segédmodulok szükségesek néhány szolgáltatáshoz." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modulok" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ha megad célcímeket, akkor a szolgáltatás bejegyzése a célcímre és típusra " "lesz korlátozva. Ha mindkét bejegyzés üres, akkor nincs korlátozás." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "A szolgáltatások csak az állandó beállítások nézetében változtathatók meg. A " "szolgáltatások futásidejű beállításai rögzítettek." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Az IP-készletek használhatóak fehér vagy fekete listák létrehozásához, " "valamint képesek IP-címeket, portszámokat vagy MAC-címeket tárolni." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IP-készlet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IP-készlet hozzáadása" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IP-készlet szerkesztése" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IP-készlet eltávolítása" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IP-készlet alapértékeinek betöltése" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Az IP-készlet bejegyzései. Csak azokat az IP-készlet bejegyzéseket tudja " "megnézni, amelyek nem használják az időkorlát beállítást, valamint csak " "azokat a bejegyzéseket, amelyeket a firewalld adott hozzá. Azok a " "bejegyzések, amelyek közvetlenül az ipset paranccsal lettek hozzáadva, nem " "lesznek itt felsorolva." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Ez az IP-készlet használja az időkorlát beállítást, ezért nem láthatók itt a " "bejegyzései. A bejegyzéseket közvetlenül az ipset paranccsal tudja kezelni." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Hozzáadás" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Bejegyzések" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Az IP-készletek csak az állandó beállítások nézetében hozhatók létre vagy " "törölhetők." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "A firewalld icmptype információt biztosít az Internet Control Message " "Protocol (ICMP) típusról a firewalld számára." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP-típus hozzáadása" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP-típus szerkesztése" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP-típus eltávolítása" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP-típus alapértékeinek betöltése" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "Adja meg, hogy ez az ICMP-típus elérhető-e az IPv4 és/vagy az IPv6 számára." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Az ICMP-típusok csak az állandó beállítások nézetében változtathatók meg. Az " "ICMP-típusok futásidejű beállításai rögzítettek." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Egy kapcsolatkövető segéd segít azon protokollok működővé tételében, amelyek " "különböző csatornákat használnak a jelzésekhez és az adatátvitelhez. Az " "adatátvitelek olyan portokat használnak, amelyek nem függenek össze a jelző " "kapcsolattal, és ezért a segéd nélkül a tűzfal blokkolja azokat." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Portok vagy porttartományok meghatározása, amelyeket a segíéd figyel." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "A közvetlen beállítás közvetlenebb hozzáférést ad a tűzfalhoz. Ezek a " "beállítások megkövetelik, hogy a felhasználó ismerje az iptables fogalmait, " "azaz tudja mik a táblák, láncok, parancsok, paraméterek és célok. A " "közvetlen beállítást csak legvégső esetben kell használni, amikor nincs " "lehetőség más firewalld funkciók használatára." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Minden egyes beállítás ipv argumentuma ipv4, ipv6 vagy eb kell legyen. Az " "ipv4 használatával az iptables parancs, az ipv6 használatával az ip6tables " "parancs, az eb használatával az ethernet híd (ebtables) lesz használva." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "További láncok a szabályokkal való használathoz." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Lánc hozzáadása" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Lánc szerkesztése" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Lánc eltávolítása" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Láncok" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Szabály hozzáadása az args argumentumokkal egy táblában lévő lánchoz, " "megadott prioritással." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "A prioritás a szabályok sorrendezéséhez használható. A 0-s prioritás azt " "jelenti, hogy a szabályt a lánc tetejéhez adja hozzá, magasabb prioritással " "a szabály lentebb lesz hozzáadva. Az azonos prioritású szabályok ugyanazon a " "szinten lesznek, és ezen szabályok sorrendje nem rögzített, hanem változhat. " "Ha biztos szeretne lenni abban, hogy a szabály egy másik szabály után legyen " "hozzáadva, akkor használjon alacsony prioritást az elsőnél és magasabb " "prioritást az ezt követőknél." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Szabály hozzáadása" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Szabály szerkesztése" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Szabály eltávolítása" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Szabályok" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Az áteresztő szabályok közvetlenül átmennek a tűzfalon, és nem kerülnek " "speciális láncokba. Minden iptables, ip6tables és ebtables beállítás " "használható." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Legyen óvatos az áteresztő szabályokkal, hogy ne károsítsa a tűzfalat." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Áteresztés hozzáadása" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Áteresztés szerkesztése" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Áteresztés eltávolítása" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Áteresztés" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "A zárolás funkció a felhasználó- és alkalmazásházirendek egyszerűsített " "verziója a firewalld programnál. Korlátozza a változtatásokat a tűzfalon. A " "zárolás fehér lista tartalmazhat parancsokat, környezeteket, felhasználókat " "és felhasználó-azonosítókat." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "A környezet egy futó alkalmazás vagy szolgáltatás biztonsági (SELinux) " "környezete. Egy futó alkalmazás környezetének lekéréséhez használja a ps " "-e --context parancsot." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Környezet hozzáadása" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Környezet szerkesztése" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Környezet eltávolítása" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Környezetek" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ha a fehér listán egy parancsbejegyzés csillaggal „*” végződik, akkor az " "összes parancssor illeszkedni fog, amely azzal a paranccsal kezdődik. Ha a " "„*” nincs ott, akkor az abszolút parancsnak – beleértve az argumentumokat – " "egyeznie kell." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Parancssor hozzáadása" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Parancssor szerkesztése" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Parancssor eltávolítása" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Parancssorok" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Felhasználónevek." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Felhasználónév hozzáadása" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Felhasználónév szerkesztése" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Felhasználónév eltávolítása" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Felhasználónevek" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Felhasználó-azonosítók." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Felhasználó-azonosító hozzáadása" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Felhasználó-azonosító szerkesztése" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Felhasználó-azonosító eltávolítása" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Felhasználó-azonosítók" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "A rendszer jelenlegi alapértelmezett zónája." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Megtagadottak naplója:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Pánik mód:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatikus segédek:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Zárolás:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Alapértelmezett zóna:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Adjon meg egy csatolónevet:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Alap IP-készlet beállítások" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Adja meg az alap IP-készlet beállításokat:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Típus:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Időkorlát:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash méret:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Legnagyobb elem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Időkorlát értéke másodpercben" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Kezdeti hash méret, alapértelmezetten 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Elemek legnagyobb száma, alapértelmezetten 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Válasszon egy IP-készletet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Adjon meg egy ipset-bejegyzést:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Megtagadottak naplózása" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Válassza ki a megtagadottak naplózásának értékét:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Megjelölés" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Adjon meg egy jelölést egy nem kötelező maszkkal." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "A jelölés és a maszk mezők mindegyike 32-bit széles, előjel nélküli szám." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Jelölés:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maszk:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Válasszon egy netfilter conntrack segítőt:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Válasszon -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Egyéb modul:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port és protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Adjon meg egy portot és egy protokollt." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Közvetlen szabály" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Válasszon ipv-t és táblát, valamint láncprioritást, majd adja meg az " "argumentumokat." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritás:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Adjon meg egy protokollt." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Egyéb protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Gazdag szabály" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Adjon meg egy gazdag szabályt." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Gépnél vagy hálózatnál a fehér vagy fekete lista használata kikapcsolja az " "elemet." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Forrás:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cél:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Napló:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 és IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "fordított" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "A művelet engedélyezéséhez „elutasítás” értékűnek, a családnak pedig vagy " "„IPv4”-nek, vagy „IPv6”-nak (nem mindkettő) kell lennie." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ezzel a típussal:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Ezzel a korláttal:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Előtag:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Szint:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elem:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Művelet:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Alap szolgáltatás beállítások" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Állítsa be az alap szolgáltatás beállításokat:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Válasszon egy szolgáltatást." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Adjon meg egy forrást." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Felhasználó-azonosító" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Adja meg a felhasználó-azonosítót." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Adja meg a felhasználónevet." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "címke" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Alap zóna beállítások" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Állítsa be az alap zóna beállításokat:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Alapértelmezett cél" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cél:" firewalld-0.8.2/po/ru.po0000664007115300711530000021327713641112251016270 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Alexey Kostyuk , 2009 # Andrew Martynov , 2004-2006,2008 # andzaytsev , 2010 # andzaytsev , 2010 # Leonid Kanter , 2003 # Stanislav Hanzhin , 2012 # Yulia , 2007-2010 # Yulia , 2013-2014 # Игорь Горбунов , 2013 # yuliya , 2015. #zanata # yuliya , 2016. #zanata # Igor Gorbounov , 2017. #zanata # Thomas Woerner , 2017. #zanata # Eric Garver , 2018. #zanata # Igor Gorbounov , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:27+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Russian (http://www.transifex.com/projects/p/firewalld/" "language/ru/)\n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Апплет межсетевого экрана" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Межсетевой экран" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Настройка межсетевого экрана" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "межсетевой экран;сеть;безопасность;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Выберите зону для интерфейса «%s»" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Зона по умолчанию" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Выберите зону для соединения «%s»" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Не удалось установить зону {zone} для соединения {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Выберите зону для источника «%s»" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Настроить зоны включения/выключения защиты…" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Здесь можно выбрать зоны, используемые для включения/отключения защиты." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Эта возможность в основном подойдет для пользователей, использующих " "настроенные по умолчанию зоны. Для пользователей, меняющих зоны соединения, " "это может иметь ограниченное практическое применение." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Открытая зона:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "По умолчанию" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Закрытая зона:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "О %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Авторы" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Лицензия" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Включить защиту" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Включить уведомления" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Изменить настройки межсетевого экрана…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Изменить зоны соединений..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Настроить зоны включения/отключения защиты…" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Блокировать весь сетевой трафик" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Инфо" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Соединения" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Интерфейсы" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Источники" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Авторизация не удалась." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Недопустимое имя" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Указанное имя уже существует" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (зона {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Зона по умолчанию: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Не удалось получить список настроенных подключений от NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Импорт из NetworkManager недоступен" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Нет соединения со службой межсетевого экрана" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Блокируется весь сетевой трафик." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Зона по умолчанию: «%s»" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона по умолчанию '{default_zone}' активна для подключения '{connection}' на " "интерфейсе '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона '{zone}' активна для соединения '{connection}' на интерфейсе " "'{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Зона '{zone}' активна на интерфейсе '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Зона '{zone}' включена для источника {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Нет активных зон." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Соединение с FirewallD установлено." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Соединение с FirewallD потеряно." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD перезапущен." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Зона по умолчанию изменена на «%s»." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Сетевой трафик больше не блокируется." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "активирована" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "деактивирована" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Зона по умолчанию '{default_zone}' {activated_deactivated} для подключения " "'{connection}' на интерфейсе '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона '{zone}' {activated_deactivated} для соединения '{connection}' на " "интерфейсе '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зона '{zone}' {activated_deactivated} на интерфейсе '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Зона «%s» активирована на интерфейсе «%s»" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зона '{zone}' {activated_deactivated} для источника '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зона «%s» включена для источника «%s»" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Подключение к firewalld установлено." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Попытка подключения к firewalld. Подождите..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Не удалось подключиться к брандмауэру. Проверьте, запущена ли служба, и " "повторите попытку." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Изменения внесены." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Используется подключением «%s»" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Зона по умолчанию, используемая сетевым подключением «%s»" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "включено" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "отключено" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Не удалось загрузить значки." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Контекст" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Командная строка" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Пользователь" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ИД пользователя" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Таблица" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Цепочка" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Приоритет" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Аргументы" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Рабочие" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Постоянная" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Служба" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "На порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "На адрес" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Привязки" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Запись" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Тип ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Семейство протоколов" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Действие" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Элемент" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Источник" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Получатель" #: ../src/firewall-config.in:834 msgid "log" msgstr "журнал" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Аудит" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Интерфейс" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Комментарий" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Источник" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Предупреждение" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Ошибка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "принять" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "отказать" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "отбросить" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "отметить" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ограничить" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "служба" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "порт" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "протокол" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "маскировка" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "блокирование icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "Тип ICMP" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "порт переадресации" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "уровень" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "да" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Зона по умолчанию: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Зона: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона «%s»: служба «%s» недоступна." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Удалить зону" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Пропустить" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона «%s»: ICMP- тип «%s» недоступен." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Встроенная зона, переименование не поддерживается." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "сек." #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "мин." #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "час" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "д." #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "срочно" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "внимание" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "критично" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ошибка" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "предупреждение" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "уведомление" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "инфо" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "отладка" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Переадресация в другую систему поможет только при маскировании интерфейса.\n" "Замаскировать эту зону?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Встроенная служба, переименование не поддерживается." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Введите адрес IPv4 в формате «адрес[/маска]»." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Маска может содержать маску сети или числовое представление." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Введите адрес IPv6 в формате «адрес[/маска]»." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Маска представлена числовым значением." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Введите адрес IPv4 или IPv6 в формате «адрес[/маска]»." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "В IPv4 маска может содержать маску подсети или числовое представление.\n" "В IPv6 маска содержит числовое представление." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Имя встроенного ipset не может быть изменено." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Выберите файл" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Текстовые файлы" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Все файлы" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Все" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Встроенный модуль поддержки, изменение имени не поддерживается." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Встроенный ICMP, переименование не поддерживается." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Не удалось прочитать файл %s: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Выберите зону для источника %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Адрес" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Автоматические модули поддержки" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Выберите значение автоматических модулей поддержки:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Введите команду." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Введите контекст." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Выберите стандартную зону." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Прямая цепочка" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Выберите IPV и таблицу, и введите имя цепочки." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Цепочка:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "безопасность" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Таблица:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Правило прямой трансляции" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Выберите IPV и введите аргументы." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Аргументы:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Перенаправление портов" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Выберите параметры источника и цели." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт/ диапазон портов:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Адрес IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Назначение" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Если вы включите локальное перенаправление, то необходимо указать порт. Этот " "порт должен отличаться от порта источника." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локальное перенаправление" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Направить другому порту" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Основные настройки модулей поддержки" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Настройте основные параметры модулей поддержки:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Поля, выделенные жирным, обязательны. Остальные — опциональны." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Название:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Версия:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Кратко:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Описание:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Семейство протоколов:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Модуль:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Модуль поддержки" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Выберите модуль поддержки:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Базовые настройки типа ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Укажите базовые настройки типов ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Тип ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Выберите тип ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Добавить запись" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Добавить записи из файла" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Удалить выбранную запись" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Удалить все записи" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Удалить записи из файла" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Файл" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Параметры" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Перезагрузить Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Перезагружает правила межсетевого экрана. Текущая постоянная конфигурация " "станет новой конфигурацией времени исполнения, то есть, все временные " "изменения будут потеряны при перезагрузке, если они не вошли в постоянную " "конфигурацию." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Выберите зону, которой принадлежит сетевое соединение." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Изменить зону по умолчанию" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Изменить стандартную зону для соединений и интерфейсов" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Изменить значение LogDenied" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Изменить правила ограничения журналирования" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Настройка назначения автоматического модуля поддержки" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Настройка назначения автоматического модуля поддержки." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "В режиме усиленной защиты все входящие и исходящие пакеты будут " "отбрасываться." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Режим усиленной защиты" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "При блокировке конфигурации межсетевого экрана только программы из белого " "списка смогут вносить изменения." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Блокировка" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Сделать рабочую конфигурацию постоянной" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Сохранить рабочие в постоянных" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Вид" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Типы ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Модули поддержки" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Прямая конфигурация" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Белый список блокировки" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Активные привязки" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Справка" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Изменить зону" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Изменить зону привязки" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Скрыть активные рабочие привязки подключений, интерфейсов и источников к " "зонам в среде выполнения" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Показать активные рабочие привязки подключений, интерфейсов и источников к " "зонам в среде выполнения" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Конфигурация:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Текущая конфигурация. Конфигурация времени выполнения, используемая в данный " "момент. Постоянная конфигурация будет активирована после перезапуска системы " "или службы." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Зона firewalld определяет уровень доверия для сетевых соединений, " "интерфейсов и адресов. Зона объединяет службы, порты, протоколы, " "маскирование, переадресацию портов и пакетов, фильтры icmp и расширенные " "правила. Зоны могут быть привязаны к интерфейсам и адресам." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Добавить зону" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Изменить зону" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Удалить зону" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Загрузить значения по умолчанию" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Здесь можно определить доверенные службы для зоны. Доверенные службы " "доступны со всех узлов и сетей, у которых есть доступ к компьютеру." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Службы" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Добавить дополнительные порты или диапазоны, которые должны быть доступны " "узлам и сетям, подключающимся к этому компьютеру." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Добавить порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Изменить порт" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Удалить порт" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Порты" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Добавьте протоколы, которые должны быть доступны с других узлов и сетей." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Добавить протокол" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Изменить протокол" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Удалить протокол" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Протоколы" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Добавьте дополнительные порты-источники или диапазоны портов, которые должны " "быть доступны для всех хостов и сетей, подключающихся к машине." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Порты-источники" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Возможность маскирования (только для IPv4) позволяет настроить узел или " "маршрутизатор, подключающий локальную сеть к Интернету. Локальная сеть при " "этом не будет видна извне, будет лишь доступен один адрес." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Маскирование зоны" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "При включении маскирования для сетей IPv4 будет включено перенаправление IP-" "пакетов." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Маскирование" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Добавьте записи для перенаправления портов либо с одного локального порта " "другому, либо из локальной системы другой системе. Перенаправление другой " "системе имеет смысл при маскараде интерфейса. Перенаправление портов " "используется только для IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Добавить перенаправляемый порт" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Изменить перенаправляемый порт" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Удалить перенаправляемый порт" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протокол ICMP (Internet Control Message Protocol) обычно используется для " "обмена сообщениями об ошибках между компьютерами в сети, но с его помощью " "также можно отправлять информационные сообщения, такие как запросы и ответы " "ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Отметьте в списке типы ICMP, которым следует отказать в прохождении через " "межсетевой экран. По умолчанию ограничений нет." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Если фильтр «Инверсия» включен, отмеченные записи ICMP принимаются, а " "остальные отклоняются. В зоне с отбрасыванием назначений они будут " "отбрасываться." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Фильтр «Инверсия»" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Фильтр ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Здесь определяются расширенные правила для зоны." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Добавить расширенное правило" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Изменить расширенное правило" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Удалить расширенное правило" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Расширенные правила" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Добавьте записи для привязки интерфейсов к зоне. Если соединение использует " "интерфейс, будет выбрана соответствующая ему зона." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Добавить интерфейс" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Изменить интерфейс" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Удалить интерфейс" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Добавьте записи, чтобы привязать исходных адресов или сегментов к зоне. " "Можно также привязать MAC-адрес, но с некоторыми ограничениями: в этом " "случае перенаправление портов и маскирование будут недоступны." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Добавить источник" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Изменить источник" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Удалить источник" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зоны" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Firewalld объединяет записи для портов, протоколов, модулей и адресов " "назначения." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Добавить службу" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Правка службы" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Удалить службу" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Загрузить значения по умолчанию" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Добавьте дополнительные порты или диапазоны портов, которые должны быть " "доступны из других сетей или узлов." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Изменить запись" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Удалить запись" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Добавьте дополнительные порты источника или диапазоны портов, которые должны " "быть доступны для всех хостов и сетей." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Порт источника" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Для некоторых служб требуются модули поддержки Netfilter" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модули" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "При указании адреса назначения, запись службы будет ограничена адресом " "назначения и типом. Если обе записи пусты, ограничений нет." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Службы можно изменить только в окне постоянной конфигурации. Конфигурация " "служб во время исполнения не изменяется." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet позволяет настроить «белые» и «черные» списки, а также сохранить IP, " "MAC-адреса, а также номера портов. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Добавить IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Изменить IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Удалить IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Загрузить стандартные значения IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Записи IPSet. В этом списке представлены только те записи, для которых не " "задано время действия, а также записи, которые добавил firewalld. Записи, " "которые были добавлены непосредственно командой ipset, не показаны." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Время действия этого IPSet ограничено, поэтому его записи здесь не показаны. " "Управление его записями должно осуществляться напрямую при помощи команды " "ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Добавить" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Записи" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "Управление списками IPSet выполняется в окне постоянной конфигурации." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "icmptype определяет тип ICMP (Internet Control Message Protocol) для " "firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Добавить тип ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Править тип ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Удалить тип ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Загрузить типы ICMP по умолчанию" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Укажите, доступен ли этот тип ICMP для IPv4 и IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Типы ICMP можно изменить только в окне постоянной конфигурации. Конфигурация " "типов ICMP во время исполнения не изменяется." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Модуль поддержки отслеживания соединений помогает сделать так, чтобы " "работали протоколы, использующие различные потоки для сигналов и передачи " "данных. Передачи данных используют порты, не связанные с сигнальным " "соединением и поэтому блокируемые сетевым экраном без модуля." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Добавьте порты или диапазоны портов, контролируемые модулем поддержки." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Прямая конфигурация предоставляет прямой доступ к межсетевому экрану. Для ее " "настройки необходимы знания iptables (таблицы, цепочки, команды, параметры и " "цели). Прямая конфигурация должна использоваться только в случаях крайней " "необходимости." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Аргумент ipv для каждого из параметров должен содержать ipv4 (для iptables), " "ipv6 (для ip6tables) или eb (для ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Дополнительные цепочки для правил" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Добавить цепочку" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Изменить цепочку" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Удалить цепочку" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Цепочки" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Добавьте правило к цепочке в таблице, определив список аргументов и " "приоритет." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Приоритет определяет порядок правил. Правила с нулевым приоритетом " "добавляются в начало цепочки. Порядок правил с одинаковым приоритетом может " "меняться. Чтобы точно определить порядок, присвойте им разный приоритет." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Добавить правило" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Изменить правило" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Удалить правило" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Правила" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Правила трансляции передаются через межсетевой экран напрямую, а не в " "составе цепочки. Правила могут содержать параметры iptables, ip6tables и " "ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Убедитесь, что правила трансляции не нарушают работу межсетевого экрана." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Добавить трансляцию" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Изменить трансляцию" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Удалить трансляцию" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Трансляция" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Функция блокировки представляет собой облегченную версию правил firewalld " "для пользователей и приложений. Белый список может содержать команды, " "контексты, идентификаторы и имена пользователей." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Под контекстом подразумевается контекст безопасности SELinux программы или " "службы. Чтобы узнать контекст работающей программы, выполните команду ps " "-e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Добавить контекст" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Изменить контекст" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Удалить контекст" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Контекст" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Команды в белом списке могут содержать символ подстановки «*». Если он не " "указан, будут обработаны лишь точные соответствия." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Добавить строку команды" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Изменить строку команды" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Удалить строку команды" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Команды" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Имена пользователей." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Добавить имя пользователя" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Изменить имя пользователя" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Удалить имя пользователя" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Пользователи" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Идентификаторы пользователей." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Добавить идентификатор пользователя" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Изменить идентификатор пользователя" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Удалить идентификатор пользователя" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Идентификаторы пользователей" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Текущая системная зона по умолчанию." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Запрет журналирования:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Режим усиленной защиты:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Автоматические модули поддержки:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Блокировка:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Зона по умолчанию:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Укажите название интерфейса:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Основные параметры IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Настройте основные параметры IPSet:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Тип:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Время действия:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Размер хэша:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Макс. число элементов:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Время действия записей в секундах" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Исходный размер хэша (по умолчанию — 1024)" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Максимальное число элементов в списке (по умолчанию — 65536)" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Выберите ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Укажите запись IPSet:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Запрет журналирования" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Выберите режим ограничения журналирования:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Отметка" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Введите отметку и дополнительно маску." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Поля отметки и маски должны содержать 32-разрядные числа без знака." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Отметка:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Маска:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Выберите модуль поддержки отслеживания соединений netfilter:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Выберите -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Другой модуль:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт и протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Введите порт и протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Прямое правило" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Выберите IPV, таблицу, приоритет цепочки и введите аргументы." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Приоритет:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Введите протокол." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Другой протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Правило" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Введите правило." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Отключите элемент, чтобы получить возможность управления черными и белыми " "списками узлов и сети." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Источник:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Получатель:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Журнал:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Аудит:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 и ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "инверсия" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Чтобы разрешить, поле «Действие» должно иметь значение «отказать», а " "«Семейство протоколов» — «ipv4» или «ipv6»." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "с типом:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "С ограничением:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Префикс:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Уровень:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Элемент:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Действие:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Основные настройки службы" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Укажите основные настройки службы:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Выберите службу." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Укажите источник." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Идентификатор пользователя" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Введите идентификатор пользователя." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Введите имя пользователя." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "метка" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Настройки основной зоны" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Укажите настройки основной зоны:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Цель по умолчанию" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Цель:" firewalld-0.8.2/po/uk.po0000664007115300711530000022111413641112252016247 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Maxim Dubovoy , 2003 # Yuri Chornoivan , 2010-2014, 2020. # Yuri Chornoivan , 2012, 2020. # Yuri Chornoivan , 2015. #zanata, 2020. # Yuri Chornoivan , 2016. #zanata, 2020. # Yuri Chornoivan , 2017. #zanata, 2020. # Yuri Chornoivan , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2020-01-17 18:15+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Аплет брандмауера" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Мережний екран" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Налаштовування мережного екрану" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;" "безпека;захист;айпітейблс;нетфільтр;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Виберіть зону для інтерфейсу «%s»" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Типова зона" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Виберіть зону для з’єднання «%s»" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Не вдалося встановити зону {zone} для зʼєднання {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Виберіть зону для джерела «%s»" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Налаштування відкритої і закритої зон" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Тут ви можете вибрати відкриту і закриту зони." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ця можливість буде корисною для тих, хто переважно використовує типові зони. " "Доцільність її використання у системах, де зони змінюються залежно від " "з’єднань, є доволі сумнівною." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Відкрита зона:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Скинути до типового" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Закрита зона:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Про %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Автори" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Умови ліцензування" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Відкрити" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Увімкнути сповіщення" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Змінити параметри брандмауера…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Змінити зони з’єднань…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Налаштувати відкриту і закриту зони…" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Заблокувати весь обмін даними мережею" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Відомості" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "З’єднання" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<інтерфейс>" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Джерела" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Спроба уповноваження зазнала невдачі." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Неправильний аргумент %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Назва вже існує" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Зона: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Типова зона: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Не вдалося отримати список з’єднань від NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Немає доступних джерел імпортування з NetworkManager" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Немає зв’язку з фоновою службою брандмауера" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Весь обмін даними мережею заблоковано." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Типова зона: «%s»" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Типова зона «{default_zone}» активна для з’єднання «{connection}» на " "інтерфейсі «{interface}»" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона «{zone}» використовується для з’єднання «{connection}» на інтерфейсі " "«{interface}»" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "На інтерфейсі «{interface}» працює зона «{zone}»" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Зону «{zone}» задіяно для джерела {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Немає активних зон." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Встановлено зв’язок з FirewallD." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Зв’язок з FirewallD втрачено." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD перезавантажено." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Типову зону змінено на «%s»." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Обмін даними мережею повністю розблоковано." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "увімкнено" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "вимкнено" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Типову зону «{default_zone}» {activated_deactivated} для з’єднання " "«{connection}» на інтерфейсі «{interface}»" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зону «{zone}» {activated_deactivated} для з’єднання «{connection}» на " "інтерфейсі «{interface}»" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зону «{zone}» {activated_deactivated} для інтерфейсу «{interface}»" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Для інтерфейсу «%2$s» задіяно зону «%1$s»" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зону «{zone}» {activated_deactivated} для джерела «{source}»" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зону «%s» задіяно для джерела «%s»" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Встановлено з’єднання з firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Намагаємося встановити з’єднання із firewalld, зачекайте…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Не вдалося встановити зв'язок із firewalld. Будь ласка, переконайтеся, що " "службу запущено належним чином, потім повторіть спробу." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Зміни застосовано." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Використано мережевим з’єднанням «%s»" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Типова зона, що використовується для з’єднання «%s»" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "увімкнено" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "вимкнено" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Не вдалося завантажити піктограми." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Контекст" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Командний рядок" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Ім’я користувача" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Ід. користувача" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Таблиця" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Ланцюжок" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Пріоритетність" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Аргументи" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Тимчасові" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Остаточні" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Служба" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "На порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "На адресу" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Прив’язки" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Запис" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Тип ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Сімейство" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Дія" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Елемент" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Дж." #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Призн." #: ../src/firewall-config.in:834 msgid "log" msgstr "журнал" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Аудит" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Інтерфейс" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Коментар" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Джерело" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Попередження" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Помилка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "приймання" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "відмова" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "відкидання" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "позначка" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "обмеження" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "служба" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "порт" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "протокол" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "підробка" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-блокування" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-тип" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "переспрямування портів" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "порт джерела" #: ../src/firewall-config.in:2097 msgid "level" msgstr "рівень" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "так" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Типова зона: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Зона: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона «%s»: немає доступу до служби «%s»." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Вилучити зону" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ігнорувати" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона «%s»: тип ICMP «%s» недоступний." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Вбудована зона, підтримки перейменування не передбачено." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "секунда" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "хвилина" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "година" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "день" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "надзвичайний стан" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "нагадування" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "критичний" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "помилка" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "попередження" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "зауваження" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "інформація" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "діагностика" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Переспрямовування до іншої системи працюватиме, лише якщо інтерфейс " "замасковано.\n" "Хочете увімкнути маскування цієї зони?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Вбудована служба, підтримки перейменування не передбачено." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Будь ласка, введіть адресу IPv4 у форматі «адреса[/маска]»." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Маску можна вказати у форматі маски мережі або числа." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Будь ласка, введіть адресу IPv6 у форматі «адреса[/маска]»." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Маску слід вказати у форматі числа." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Будь ласка, введіть адресу IPv4 або IPv6 у форматі «адреса[/маска]»." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Для IPv4 маску можна вказати у форматі маски мережі або числа.\n" "Для IPv6 маску слід вказати у форматі числа." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Вбудований ipset, підтримки перейменування не передбачено." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Будь ласка, виберіть файл" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "текстові файли" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "усі файли" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Усе" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" "Вбудований допоміжний засіб, підтримки перейменовування не передбачено." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Вбудований ICMP, підтримки перейменування не передбачено." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Не вдалося прочитати файл «%s»: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Виберіть зону для джерела %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Адреса" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Автоматичні допоміжні засоби" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Будь ласка, вибреіть значення для автоматичних допоміжних засобів:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Будь ласка, вкажіть рядок команди." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Будь ласка, вкажіть контекст." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Будь ласка, виберіть типову зону системи з наведеного нижче списку." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Безпосередній ланцюжок" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" "Будь ласка виберіть версію протоколу IP та таблицю та введіть назву ланцюжка." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Ланцюжок:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "без захисту" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "з захистом" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Таблиця:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Безпосереднє правило трансляції" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Будь ласка виберіть версію протоколу IP та введіть аргументи." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Аргументи:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Перенаправлення портів" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Виберіть параметри джерела та цілі." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт / діапазон портів:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Адреса IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Призначення" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Якщо ви увімкнете перенаправлення, треба вказати порт. Цей порт має " "відрізнятися від порту джерела." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локальне перенаправлення" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Направити іншому порту" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Параметри базового допоміжного засобу" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Будь ласка, налаштуйте параметри базового допоміжного засобу:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" "Пункти, позначені жирним, слід визначити обов’язково. Визначення інших " "пунктів є необов’язковим." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Назва:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Версія:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Скорочення:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Опис:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Сімейство:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Модуль:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Допоміжний засіб" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Будь ласка, виберіть допоміжний засіб:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Параметри основного типу ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Будь ласка, налаштуйте параметри основного типу ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Тип ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Будь ласка, виберіть тип ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Додати запис" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Додати записи з файла" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Вилучити позначений запис" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Вилучити усі записи" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Вилучити записи з файла" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Файл" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Параметри" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Перезавантажити Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Перезавантажити правила брандмауера. Поточні збережені налаштування стануть " "новими робочими налаштуваннями, тобто усі зміни у робочому просторі, внесені " "до перезавантаження правил, буде втрачено, якщо їх не було у збережених " "налаштуваннях." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Змінити зону, до якої належить з’єднання з мережею." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Змінити типову зону" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Змінити типову зону для з’єднань або інтерфейсів." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Змінити значення заборони журналювання" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Змінити значення LogDenied." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Налаштовування автоматичного призначення допоміжних засобів" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Налаштовування параметра автоматичного призначення допоміжних засобів." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Режим супербезпеки означає, що усіх вхідні та вихідні пакети відкидатимуться." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Режим супербезпеки" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "У режимі блокування буде заблоковано налаштування брандмауера так, щоб лише " "програми з «білого» списку блокування могли вносити до них зміни." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Блокування" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Зробити тимчасові налаштування постійними" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Тимчасові на постійні" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "П_ерегляд" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Типи ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Допоміжні засоби" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Безпосереднє налаштовування" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "«Білий» список блокування" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Активні прив’язки" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Довідка" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Змінити зону" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Змінити зону прив’язки" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Приховати активні динамічні прив’язки з’єднань, інтерфейсів або джерел до зон" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Показати активні динамічні прив’язки з’єднань, інтерфейсів або джерел до зон" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Налаштування:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Поточні видимі налаштування. Тимчасові налаштування — це поточні активні " "налаштування. Сталі налаштування буде використано після перезавантаження " "служби або системи." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Зона firewalld визначає рівень довіри до з’єднань у мережі, інтерфейсів та " "адрес джерел, пов’язаних із зоною. У записі зони поєднуються дані щодо " "служб, портів, протоколів, підробки адрес, переспрямування портів та " "пакетів, фільтрів icmp та розширених правил. Зону можна пов’язати з " "інтерфейсами або адресами джерел." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Додати зону" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Змінити зону" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Вилучити зону" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Завантажити типові параметри зони" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Тут можна визначити, які служби є довіреними у зоні. Довірені служби будуть " "доступними з усіх вузлів чи мереж, які мають доступ до комп’ютера за " "допомогою з’єднань, інтерфейсів та прив’язок джерел до цієї зони." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Служби" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Додати додаткові порти або діапазон портів, які мають бути доступні для всіх " "вузлів чи мереж, з якими може з’єднуватися комп’ютер." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "На порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Змінити зону" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Вилучити зону" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Порти" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Додати протоколи, доступ до яких має бути забезпечено для усіх вузлів або " "мереж." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Додати протокол" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Змінити протокол" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Вилучити протокол" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Протоколи" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Додати додаткові порти або діапазони портів джерела, доступ до яких має бути " "забезпечено для усіх вузлів або мереж, які встановлюють з’єднання з " "комп’ютером." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Порти походження" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Маскарад корисний для налаштовування вузла чи маршрутизатора, що з'єднує " "локальну мережу з Інтернет. Локальна мережа не буде видимою, у Інтернет буде " "видимий лише один вузол. Маскарад застосовується лише до IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Замаскувати зону" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Якщо ви увімкнете маскарад, буде увімкнено переспрямовування IP для ваших " "мереж IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Маскарад" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Додайте записи для перенаправлення портів або з одного порту другому в " "локальній системі, або з локальної системи іншій системі. Перенаправлення " "іншій системі має сенс при маскараді інтерфейсу. Перенаправлення портів " "використовується лише для IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Додати порт переспрямовування" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Змінити порт переспрямовування" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Вилучити порт переспрямовування" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протокол ICMP (Internet Control Message Protocol) зазвичай використовується " "для обміну повідомленнями про помилки між комп'ютерами у мережі, але також " "можна надсилати інформаційні повідомлення, такі як запити та відповіді ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Позначте у списку типи ICMP, яким слід відмовити у проходженні через " "мережний екран. Типово обмежень немає." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Якщо увімкнено інвертування фільтрування, позначені записи ICMP " "вважатимуться прийнятними, а інші відхилятимуться. У зоні із ціллю DROP, " "такі запити просто відкидатимуться." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Інвертувати фільтрування" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Фільтр ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Тут ви можете встановити розширені правила мови для зони." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Додати розширене правило" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Змінити розширене правило" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Вилучити розширене правило" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Розширені правила" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Додайте записи для пов’язування із зоною інтерфейсів. Якщо у з’єднанні буде " "використано вказаний інтерфейс, зону буде встановлено відповідно до зони, " "вказаної у записі з’єднання." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Додати інтерфейс" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Змінити інтерфейс" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Вилучити інтерфейс" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Додати записи для прив’язування адрес джерела або областей до зони. Можна " "також виконати прив’язування до MAC-адреси джерела, але із обмеженнями. Для " "прив’язок MAC-джерел не працюватимуть переспрямування портів та маскарад." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Додати джерело" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Змінити джерело" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Вилучити джерело" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зони" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "У записі служби firewalld поєднуються дані щодо портів, протоколів, модулів " "та адрес призначення." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Додати службу" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Змінити службу" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Вилучити службу" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Завантажити типові параметри служби" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Додати додаткові порти або діапазон портів, які мають бути доступні для всіх " "вузлів чи мереж." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Змінити запис" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ВИдалити запис" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Додати додаткові порти або діапазони портів джерела, доступ до яких має бути " "забезпечено для усіх вузлів або мереж." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Порт джерела" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Модулі допоміжних засобів фільтрування мережі потребують певних служб." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модулі" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Якщо вами вказано адресу призначення, запис служби діятиме лише для вказаної " "адреси і типу призначення. Якщо не буде вказано ні адреси, ні типу, запис " "служби діятиме для всіх адрес і типів." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Записи служб можна змінювати лише у остаточних налаштуваннях. Динамічні " "налаштування служб змінювати не можна." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet може бути використано для створення «білих» або «чорних» списків, у " "ньому можуть зберігатися, наприклад, IP-адреси, номери портів або MAC-" "адреси. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Додати IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Змінити IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Вилучити IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Завантажити типові параметри IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Записи IPSet. Видимими будуть лише записи, у яких не використовується " "параметр часу очікування, а також лише записи, які було додано firewalld. " "Записи, які було додано безпосередньо командою ipset, у цьому списку " "показано не буде." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "У цьому IPSet використано параметр часу очікування, тому записи тут не " "показуються. Про формування списку записів має безпосередньо подбати команда " "ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Додати" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Записи" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSet можна створювати або вилучати лише за допомогою панелі постійних " "налаштувань." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Тип ICMP firewalld містить дані щодо типу Internet Control Message Protocol " "(ICMP) для firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Додати тип ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Змінити тип ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Вилучити тип ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Завантажити типові параметри типу ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Вкажіть, чи цей тип ICMP доступний для IPv4 і/або IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Запис типів ICMP можна змінювати лише у остаточних налаштуваннях. Динамічні " "налаштування типів ICMP змінювати не можна." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Допоміжний засіб стеження за з’єднанням призначено для забезпечення " "працездатності протоколів, у яких використовуються різні потоки для " "передавання сигналів та даних. Для передавання даних використовуються порти, " "які не пов’язано із з’єднанням для передавання сигналів, тому без " "допоміжного засобу передавання даних такими портами блокуватиметься " "брандмауером." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Визначення портів або діапазонів портів, за якими стежитиме допоміжний засіб." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Безпосереднє налаштовування надає ширший доступ до брандмауера. Для " "керування параметрами налаштовування користувач має бути ознайомлений з " "базовими елементами роботи iptables, зокрема таблицями, ланцюжками, " "командами, параметрами та призначеннями фільтрів. Безпосереднім " "налаштовуванням слід користуватися лише, якщо бажаного не можна досягти за " "допомогою інших можливостей firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Аргументом версії протоколу IP (ipv) для кожного параметра має бути ipv4, " "ipv6 або eb. Аргументу ipv4 відповідає iptables, аргументу ipv6 — ip6tables, " "а аргументу eb — містки ethernet (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Додаткові ланцюжки, які слід використати з правилами." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Додати ланцюжок" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Змінити ланцюжок" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Вилучити ланцюжок" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ланцюжки" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Додати правило з аргументами до ланцюжка у таблицю з рівнем пріоритетності." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Пріоритетність використовується для упорядковування правил. Значення " "пріоритетності 0 відповідає додаванню правила на початок ланцюжка, правила з " "більшими значеннями пріоритетності розташовуються далі за ланцюжком. Правила " "з одним рівнем пріоритетності перебувають на одному рівні, порядок таких " "правил не є фіксованим і може змінюватися. Якщо ви хочете забезпечити певну " "послідовність правил, скористайтеся меншим значенням пріоритетності для " "першого з правил і більшим для другого." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Додати правило" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Змінити правило" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Вилучити правило" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Правила" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Трансляційні правила буде безпосередньо передано брандмауеру без " "розташовування у спеціальних ланцюжках. Можна використовувати усі параметри " "iptables, ip6tables та ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Будь ласка, будьте обережні з правилами трансляції, щоб не зашкодити роботі " "брандмауера." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Додати трансляцію" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Змінити трансляцію" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Вилучити трансляцію" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Трансляція" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Можливість з блокування є спрощеною версією правил firewalld для " "користувачів і програм. Вона обмежує зміни, які можна вносити до параметрів " "роботи брандмауера. «Білий» список блокування може містити команди, " "контексти, імена та ідентифікатори користувачів." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Контекст — контекст безпеки (SELinux) запущеної програми або служби. Для " "отримання даних щодо контексту запущеної програми скористайтеся командою " "ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Додати контекст" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Змінити контекст" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Вилучити контекст" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Контексти" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Якщо запис команди у «білому» списку завершується зірочкою, «*», його буде " "використано для обробки усіх рядків команд, що починаються відповідним " "чином. Якщо у записі немає «*», обробка виконуватиметься лише для вказано " "разом з аргументами команди." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Додати рядок команди" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Змінити рядок команди" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Вилучити рядок команди" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Рядки команд" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Імена користувачів." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Додати ім’я користувача" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Змінити ім’я користувача" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Вилучити ім’я користувача" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Імена користувачів" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Ід. користувачів." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Додати ідентифікатор користувача" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Змінити ідентифікатор користувача" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Вилучити ідентифікатор користувача" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Ід. користувачів" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Поточна типова зона системи." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Заборона журналювання:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Режим супербезпеки:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Автоматичні допоміжні засоби:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Блокування:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Типова зона:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Будь ласка, вкажіть назву інтерфейсу:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Параметри основного IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Будь ласка, вкажіть параметри основного ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Тип:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Час очікування:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Розмір хешу:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Макс. ел.:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Час очікування у секундах" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Початковий розмір хешу, типово 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Максимальна кількість елементів, типово 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Будь ласка, виберіть ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Будь ласка, вкажіть запис ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Журналювання заборонено" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Будь ласка, виберіть значення заборони журналювання:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Позначка" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Будь ласка, вкажіть позначку із додатковою маскою." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Значення полів позначки і маски мають бути 32-бітовими широкими цілими " "числами без знаку." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Позначка:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Маска:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" "Будь ласка, виберіть допоміжний засіб стеження за з’єднанням фільтра мережі:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Вибір -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Інший модуль:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт та протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Будь ласка, вкажіть порт і протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Безпосереднє правило" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Будь ласка виберіть версію протоколу IP та таблицю, пріоритетність ланцюжка " "та введіть аргументи." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Пріоритетність:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Будь ласка, вкажіть протокол." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Інший протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Розширене правило" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Будь ласка, вкажіть розширене правило." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Для вузла або мережі додавання до «білого» або «чорного» списку виключає " "елемент з правила." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Джерело:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Призначення:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Журнал:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Аудит:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 та ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "інвертування" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Щоб можна було скористатися цим, значення «Дія» має бути «відмова», а " "«Сімейством» має бути «ipv4» або «ipv6» (не обидва)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "з типом:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "З обмеженням:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Префікс:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Рівень:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Елемент:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Дія:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Параметри основної служби" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Будь ласка, налаштуйте параметри основної служби:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Будь ласка, виберіть службу." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Будь ласка, вкажіть джерело." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Ід. користувача" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Будь ласка, вкажіть ідентифікатор користувача." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Будь ласка, вкажіть ім’я користувача." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "мітка" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Параметри основної зони" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Будь ласка, налаштуйте параметри основної зони:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Типове призначення" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Призначення:" firewalld-0.8.2/po/or.po0000664007115300711530000021625613641112251016262 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Manoj Kumar Giri , 2008-2011,2014 # saroj kumar padhy , 2008 # Subhransu Behera , 2007 # Subhransu Behera , 2006-2007 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:33+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Oriya (http://www.transifex.com/projects/p/firewalld/language/" "or/)\n" "Language: or\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ଅଗ୍ନିକବଚ ଆପଲେଟ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ଅଗ୍ନିକବଚ" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ଅଗ୍ନିକବଚର ବିନ୍ଯାସ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "ଅନ୍ତରାପୃଷ୍ଠ '%s' ପାଇଁ ଅଞ୍ଚଳ ବାଛନ୍ତୁ" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳ" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "ସଂଯୋଗ '%s' ପାଇଁ ଅଞ୍ଚଳ ବାଛନ୍ତୁ" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "ସିଲ୍ଡ ଉପର/ତଳ ଅଞ୍ଚଳଗୁଡ଼ିକୁ ବିନ୍ୟାସ କରନ୍ତୁ" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ଏଠାରେ ଆପଣ ସିଲ୍ଡ ଉପର ଏବଂ ସିଲ୍ଡ ତଳ ପାଇଁ ବ୍ୟବହୃତ ଅଞ୍ଚଳକୁ ବାଛିପାରିବେ।" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ଏହି ବିଶେଷତାଟି ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ବ୍ୟବହାର କରୁଥିବା ବ୍ୟକ୍ତିଙ୍କ ପାଇଁ ଉପଯୋଗୀ ହୋଇଥାଏ। ସଂଯୋଗଗୁଡ଼ିକର " "ଅଞ୍ଚଳ ବଦଳାଉଥିବା ବ୍ୟବହାରକାରୀଙ୍କ ପାଇଁ, ଏହାର ଉପଯୋଗୀତା ସିମୀତ ଅଟେ।" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "ସିଲ୍ଡ ଉପର ଅଞ୍ଚଳ:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "ସିଲ୍ଡ ତଳ ଅଞ୍ଚଳ:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "ସିଲ ଉପରକୁ" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "ବିଜ୍ଞପ୍ତିଗୁଡ଼ିକୁ ସକ୍ରିୟ କରନ୍ତୁ" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ଫାୟାରୱାଲ ସେଟିଙ୍ଗଗୁଡିକୁ ସଂପାଦନକରନ୍ତୁ ..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ସଂଯୋଗଗୁଡ଼ିକର ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ କରନ୍ତୁ ..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "ସିଲ୍ଡ ଉପର/ତଳ ଅଞ୍ଚଳଗୁଡ଼ିକୁ ବିନ୍ୟାସ କରନ୍ତୁ ..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "ସମସ୍ତ ନେଟୱର୍କ ପ୍ରବାହକୁ ଅଟକାନ୍ତୁ" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "ସଂଯୋଗଗୁଡିକ" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ଅନ୍ତରାପୃଷ୍ଠ" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ଉତ୍ସ" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ବୈଧିକରଣ ବିଫଳ ହୋଇଛି।" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "ଅବୈଧ ନାମ" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "ନାମ ପୂର୍ବରୁ ଅବସ୍ଥିତ ଅଛି" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ଅଗ୍ନିକବଚ ଡେମନକୁ କୌଣସି ସଂଯୋଗ ନାହିଁ" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "ସମସ୍ତ ନେଟୱର୍କ ଯାତାୟାତକୁ ବନ୍ଦ କରାଯାଇଛି।" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳ: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ଅଞ୍ଚଳ '{zone}' ସଂଯୋଗ '{connection}' ପାଇଁ ଅନ୍ତରାପୃଷ୍ଠ'{interface}' ଉପରେ ସକ୍ରିୟ ଅଛି" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ଅଞ୍ଚଳ '{zone}' ଅନ୍ତରାପୃଷ୍ଠ '{interface}' ପାଇଁ ସକ୍ରିୟ ଅଛି" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "ଅଞ୍ଚଳ '{zone}' ଉତ୍ସ {source} ପାଇଁ ସକ୍ରିୟ ଅଛି" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "କୌଣସି ସକ୍ରିୟ ଅଞ୍ଚଳ ନାହିଁ।" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD ସହିତ ସଂଯୋଗ ସ୍ଥାପନ ହୋଇସାରିଛି।" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD ସହିତ ସଂଯୋଗ ନଷ୍ଟ ହୋଇଛି।" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD କୁ ପୁନର୍ଦ୍ଧାରଣ କରାଯାଇଛି।" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳ '%s' କୁ ପରିବର୍ତ୍ତନ ହୋଇଛି।" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "ନେଟୱର୍କ ଯାତାୟାତ ବର୍ତ୍ତମାନ ବନ୍ଦ ହୋଇନାହିଁ।" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "ସକ୍ରିୟ କରାଯାଇଛି" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "ନିଷ୍କ୍ରିୟ କରାଯାଇଛି" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ଅଞ୍ଚଳ '{zone}' {activated_deactivated} କୁ ସଂଯୋଗ '{connection}' ପାଇଁଅନ୍ତରାପୃଷ୍ଠ " "'{interface}' ରେ" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "ଅଞ୍ଚଳ '{zone}' {activated_deactivated} ଅନ୍ତରାପୃଷ୍ଠ '{interface}' ପାଇଁ" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ଅଞ୍ଚଳ '%s' ଟି ଅନ୍ତରାପୃଷ୍ଠ '%s' ପାଇଁ ସକ୍ରିୟ ହୋଇଛି" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "ଅଞ୍ଚଳ '{zone}' {activated_deactivated} ଉତ୍ସ '{source}' ପାଇଁ" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "ଅଞ୍ଚଳ '%s' କୁ ଉତ୍ସ '%s' ପାଇଁ ସକ୍ରିୟ କରାଯାଇଛି" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ପରିବର୍ତ୍ତନଗୁଡ଼ିକୁ ପ୍ରୟୋଗ କରାଯାଇଛି।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ନେଟୱର୍କ ସଂଯୋଗ '%s' ଦ୍ୱାରା ବ୍ୟବହୃତ" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ସକ୍ରିୟ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ନିଷ୍କ୍ରିୟ ହୋଇଛି" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ଚିତ୍ର ସଂକେତ ଧାରଣ କରିବାରେ ଅସଫଳ।" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ବ୍ୟବହାରକାରୀ ନାମ" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "ଚାଲୁଥିବା ସମୟ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ସ୍ଥାୟୀ" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ସେବା" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ସଂଯୋଗିକୀ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ପ୍ରୋଟୋକଲ" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ସଂଯୋଗିକୀ କୁ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ଠିକଣା କୁ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ପ୍ରକାର" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ପରିବାର" #: ../src/firewall-config.in:826 msgid "Action" msgstr "କାର୍ଯ୍ଯ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ଉପାଦାନ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "ଲକ୍ଷ୍ଯସ୍ଥଳ" #: ../src/firewall-config.in:834 msgid "log" msgstr "ଲଗ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ସମ୍ପାଦନ" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ଉତ୍ସ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "ଚେତାବନୀ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ତ୍ରୁଟି" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ଗ୍ରହଣ କରନ୍ତୁ" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ଅସ୍ବୀକାର କରନ୍ତୁ" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ପକାଅ" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ସୀମା" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ସର୍ଭିସ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ପୋର୍ଟ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ପ୍ରୋଟୋକଲ" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ଛଦ୍ମ ବେଶ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-ବ୍ଲକ" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ଅଗ୍ରସରଣ-ପୋର୍ଟ" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ସ୍ତର" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ହଁ" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "କ୍ଷେତ୍ର" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ଅଞ୍ଚଳ '%s': ସର୍ଭିସ '%s' ଉପଲବ୍ଧ ନାହିଁ।" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ହଟାଅ" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "ଆଗ୍ରହ୍ଯ କରିଦିଅନ୍ତୁ" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ଅଞ୍ଚଳ '%s': ICMP ପ୍ରକାର '%s' ଉପଲବ୍ଧ ନାହିଁ।" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "ପୂର୍ବନିର୍ମିତ ଅଞ୍ଚଳ, ପୁନଃ ନାମକରଣ ସମର୍ଥିତ ନୁହଁ।" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ସେକଣ୍ଡ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "ମିନିଟ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ଘଣ୍ଟା" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ଦିନ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "ଜରୁରୀକାଳୀନ" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "ଚେତାବନୀ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "ଗୁରୁତର" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ତୃଟି" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ଚେତାବନୀ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ଅଧିସୂଚନା" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ସୂଚନା" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ତୃଟିମୁକ୍ତ କରନ୍ତୁ" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ପଠାଇବା ଉପଯୋଗୀ ହୋଇଥାଏ ଯଦି ଅନ୍ତରାପୃଷ୍ଠ ଛଦ୍ମବେଶ ଧାରଣ କରିଥାଏ।\n" "ଆପଣ ଏହି ଅଞ୍ଚଳକୁ ଛଦ୍ମବେଶ ଧାରଣ କରାଇବାକୁ ଚାହୁଁଛନ୍ତି କି?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "ପୂର୍ବନିର୍ମିତ ସର୍ଭିସ, ପୁନଃ ନାମକରଣ ସମର୍ଥିତ ନୁହଁ।" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "ପୂର୍ବନିର୍ମିତ icmp, ପୁନଃ ନାମକରଣ ସମର୍ଥିତ ନୁହଁ।" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "ଉତ୍ସ '%s'ପାଇଁ ଅଞ୍ଚଳ ବାଛନ୍ତୁ" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ଠିକଣା" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ଦୟାକରି ନିର୍ଦ୍ଦେଶନାମାକୁ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ଦୟାକରି ପ୍ରସଙ୍ଗକୁ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ନିମ୍ନଲିଖିତ ତାଲିକାରୁ ଦୟାକରି ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ବାଛନ୍ତୁ।" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ସିଧାସଳଖ ସୃଙ୍ଖଳ" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ଦୟାକରି ipv ଏବଂ ସାରଣୀକୁ ବାଛନ୍ତୁ ଏବଂ ଶୃଙ୍ଖଳ ନାମକୁ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ସୃଙ୍ଖଳ:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ସୁରକ୍ଷା" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ସାରଣୀ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ସିଧାସଳଖ ଅଗ୍ରଗତି ନିୟମ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ଦୟାକରି ipv କୁ ବାଛନ୍ତୁ ଏବଂ args ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ସଂଯୋଗିକୀ ଅଗ୍ରସରଣ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ଆପଣଙ୍କର ଆବଶ୍ୟକତା ଅନୁସାରେ ଦୟାକରି ମୂଳ ସ୍ଥାନ ଏବଂ ଲକ୍ଷ୍ଯ ସ୍ଥଳ ବିକଳ୍ପଗୁଡ଼ିକୁ ଚୟନକରନ୍ତୁ." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ସଂଯୋଗିକୀ / ସଂଯୋଗିକୀ ପରିସର:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "ଆଇ.ପି. ଠିକଣା:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ପ୍ରୋଟୋକଲ:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ଲକ୍ଷ୍ଯସ୍ଥଳ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ଯଦି ଆପଣ ସ୍ଥାନୀୟ ଅଗ୍ରସରଣକୁ ସକ୍ରିୟ କରନ୍ତି, ତେବେ ଆପଣଙ୍କୁ ଗୋଟିଏ ସଂଯୋଗିକୀ ଉଲ୍ଲେଖ କରିବାକୁ ପଡ଼ିବ. ଏହି " "ସଂଯୋଗିକୀ ଉତ୍ସ ସଂଯୋଗିକୀ ଠାରୁ ଅଲଗା ହୋଇଥିବା ଉଚିତ." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ସ୍ଥାନୀୟ ଅଗ୍ରସରଣ" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ଅନ୍ୟ ଏକ ସଂଯୋଗିକୀକୁ ଅଗ୍ରସର ହୁଅନ୍ତୁ" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ଗାଢ଼ ନିବେଶଗୁଡ଼ିକ ବାଧ୍ଯତାମୂଳକ ଅଟେ, ଅନ୍ୟ ସମସ୍ତଗୁଡ଼ିକ ବୈକଳ୍ପିକ ଅଟେ।" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ନାମ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ସଂସ୍କରଣ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ସଂକ୍ଷିପ୍ତ ପଥ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ବର୍ଣ୍ଣନା:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ପରିବାର:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ଆଧାର ICMP ପ୍ରକାର ସେଟିଙ୍ଗଗୁଡିକ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ଦୟାକରି ଆଧାର ICMP ପ୍ରକାର ସେଟିଙ୍ଗଗୁଡିକୁ ବିନ୍ୟାସ କରନ୍ତୁ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ପ୍ରକାର" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ଦୟାକରି ICMP ପ୍ରକାରକୁ ବାଛନ୍ତୁ" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ଭରଣ ତଥ୍ୟକୁ ଯୋଗକରନ୍ତୁ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ଫାଇଲ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ବିକଲ୍ପ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld କୁ ପୁନର୍ଧାରଣ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ଫୟାରୱାଲ ନିୟମାବଳୀକୁ ପୁନର୍ଦ୍ଧାରଣ କରିଥାଏ। ପ୍ରଚଳିତ ସ୍ଥାୟୀ ସଂରଚନାଟି ନୂତନ ଚାଲୁଥିବା ସଂରଚନାରେ " "ପରିବର୍ତ୍ତନ ହୋଇଥାଏ ଯେପରିକି କେବଳ ପୁନର୍ଦ୍ଧାରଣ ପର୍ଯ୍ୟନ୍ତ ପରିବର୍ତ୍ତିତ ହୋଇଥିବା ସମସ୍ତ ଚଳନ୍ତି ସଂରଚନା " "ନଷ୍ଟ ହୋଇଥାଏ ଯଦି ସେଗୁଡ଼ିକ ସ୍ଥାୟୀ ସଂରଚନାରେ ନଥାଏ।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ନେଟୱର୍କ ସଂଯୋଗ କେଉଁ ଅଞ୍ଚଳ ଅନ୍ତର୍ଗତରେ ଆସିଥାଏ ତାହାକୁ ପରିବର୍ତ୍ତନ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ପୂର୍ବ ନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ସଂଯୋଗ ଅଥବା ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ ପାଇଁ ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳକୁ ପରିବର୍ତ୍ତନ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "ଆକସ୍ମିକ ଧାରା ଅର୍ଥ ହେଉଛି ସମସ୍ତ ଆସୁଥିବା ଏବଂ ଯାଉଥିବା ପ୍ୟାକେଟଗୁଡ଼ିକୁ ତ୍ୟାଗ କରାଯାଇଛି।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "ଆକସ୍ମିକ ଭୟ ପରିସ୍ଥିତି" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ଲକଡାଉନ ଫାୟାରୱାଲ ସଂରଚନାକୁ ଅପରିବର୍ତ୍ତନୀୟ କରିଥାଏ ଯାହାଫଳରେ କେବଳ ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟରେ ଥିବା " "ପ୍ରୟୋଗଗୁଡ଼ିକ ଏହାକୁ ପରିବର୍ତ୍ତନ କରିବାରେ ସକ୍ଷମ ହୋଇଥାନ୍ତି।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ଲକଡାଉନ" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "ଅସ୍ଥାୟୀ ସଂରଚନାକୁ ସ୍ଥାୟୀ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "ଚଳନ୍ତି ସମୟକୁ ସ୍ଥାୟୀ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "ଦୃଶ୍ଯ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ପ୍ରକାର" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ସିଧାସଳଖ ସଂରଚନା" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ସହାୟତା (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ସଂରଚନା:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ବର୍ତ୍ତମାନ ଦୃଶ୍ୟମାନ ସଂରଚନା। ଚାଲୁଥିବା ସମୟର ସଂରଚନା ହେଉଛି ପ୍ରକୃତ ସକ୍ରିୟ ସଂରଚନା। ସ୍ଥାୟୀ " "ସଂରଚନା ସର୍ଭିସ ପରେ କିମ୍ବା ତନ୍ତ୍ର ପୁନର୍ଦ୍ଧାରଣ କିମ୍ବା ପୁନଃଚାଳନ ପରେ ସକ୍ରିୟ ହେବ।" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ଗୋଟିଏ firewalld ଅଞ୍ଚଳ ନେଟୱର୍କ ସଂଯୋଗଗୁଡ଼ିକ, ଅନ୍ତରାପୃଷ୍ଠ ଏବଂ ଅଞ୍ଚଳ ସହିତ ସଂଶ୍ଳିଷ୍ଟ ଉତ୍ସ " "ଠିକଣାଗୁଡ଼ିକ ପାଇଁ ବିଶ୍ୱାସର ସ୍ତର ବ୍ୟାଖ୍ୟା କରିଥାଏ। ଏହି ଅଞ୍ଚଳ ସର୍ଭିସ, ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ଛଦ୍ମ ବେଶ, " "ପୋର୍ଟ/ପ୍ୟାକେଟ ଅଗ୍ରସରଣ, icmp ଫିଲଟର ଏବଂ ଶକ୍ତ ନିୟମାବଳୀକୁ ମିଶ୍ରଣ କରିଥାଏ। ଏହି ଅଞ୍ଚଳ " "ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ଏବଂ ଠିକଣାଗୁଡ଼ିକୁ ବାନ୍ଧିଥାଏ।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ଅଞ୍ଚଳକୁ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ଅଞ୍ଚଳକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ଅଞ୍ଚଳକୁ ହଟାନ୍ତୁ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ଅଞ୍ଚଳ ପୂର୍ବନିର୍ଦ୍ଧାରିତକୁ ଧାରଣ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "କେଉଁ ସେବା ଗୁଡିକ ବିଶ୍ଯସ୍ତ ଆପଣ ତାହା ଏଠାରେ ବ୍ଯାଖ୍ଯା କରିପାରିବେ। ଏହାର ଅର୍ଥ ହେଉଛି ଯେ ଏହି ସେବା " "ଗୁଡିକୁ ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କରୁ ଅଭିଗମ କରିହେବ।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ସର୍ଭିସଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ଅତିରିକ୍ତ ସଂଯୋଗିକୀ କିମ୍ବା ସଂଯୋଗିକୀ ପରିସର ମାନଙ୍କୁ ଯୋଗ କରନ୍ତୁ, ଯାହାକି ସମସ୍ତ ଆଧାର କିମ୍ବା ନେଟୱାର୍କ " "ଦ୍ବାରା ଅଭିଗମ୍ଯ ହେବା ଉଚିତ।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ପୋର୍ଟକୁ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ପୋର୍ଟକୁ ସଂପାଦନା କରନ୍ତୁ" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ପୋର୍ଟକୁ କାଢ଼ି ଦିଅନ୍ତୁ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ପୋର୍ଟଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ମିଥ୍ୟାଭନୟ ଆପଣଙ୍କୁ ଇଣ୍ଟରନେଟ ସହିତ ଆପଣଙ୍କ ସ୍ଥାନୀୟ ନେଟୱର୍କକୁ ସଂଯୋଗ କରୁଥିବା ଆଧାର କିମ୍ବା ରାଉଟରକୁ " "ବିନ୍ୟାସ କରିବାକୁ ଅନୁମତି ଦେଇଥାଏ. ଆପଣଙ୍କର ସ୍ଥାନୀୟ ନେଟୱର୍କ ଦେଖାଯିବ ନାହିଁ ଏବଂ ସେହି ଆଧାରଟି " "ଇଣ୍ଟରନେଟରେ ଗୋଟିଏ ଠିକଣା ପରି ଦେଖାଯିବ. କେବଳ IPv4 ମିଥ୍ୟାଭିନୟ କରୁଅଛି." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ଛଦ୍ମ ବେଶୀ ଅଞ୍ଚଳ" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "ଯଦି ଆପଣ ଛଦ୍ମ ବେଶ କରିବାରେ ସକ୍ରିୟ ହୁଅନ୍ତି, ତେବେ IP ଅଗ୍ରସରଣକୁ ଆପଣଙ୍କ IPv4 ନେଟୱର୍କଗୁଡ଼ିକ " "ପାଇଁସକ୍ରିୟ କରାଯିବ।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ଛଦ୍ମ ବେଶ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ସ୍ଥାନୀୟ ତନ୍ତ୍ରରେ ଗୋଟିଏ ସଂଯୋଗିକୀରୁ ଅନ୍ୟ ଏକ ସଂଯୋଗିକୀକୁ ଅଥବା ସ୍ଥାନୀୟ ତନ୍ତ୍ରରୁ ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ " "ଅଗ୍ରସରଣ ସଂଯୋଗିକୀରେ ଭରଣଗୁଡ଼ିକୁ ଯୋଗକରନ୍ତୁ. ଅନ୍ୟ ଏକ ତନ୍ତ୍ରକୁ ପଠାଇବା ହିଁ କେବଳ ଫଳପ୍ରଦ ହୋଇଥାଏ ଯଦି " "ଅନ୍ତରାପୃଷ୍ଠ ମିଥ୍ୟାଭିନୟ କରୁଥାଏ. ସଂଯୋଗିକୀ ଆଗେଇବାଟି କେବଳ IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ପୋର୍ଟ ଅଗ୍ରସରଣକୁ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ପୋର୍ଟ ଅଗ୍ରସରଣକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ପୋର୍ଟ ଅଗ୍ରସରଣକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ଇଣ୍ଟରନେଟ ନିୟନ୍ତ୍ରଣ ସନ୍ଦେଶ ପ୍ରୋଟୋକଲ (ICMP) ଟି ମୁଖ୍ୟତଃ ନେଟୱର୍କ କମ୍ପୁଟରଗୁଡ଼ିକ ମଧ୍ୟରେ ତ୍ରୁଟି ସନ୍ଦେଶ " "ପଠାଇବାରେ ବ୍ୟବହାର ହୋଇଥାଏ, କିନ୍ତୁ ଅତିରିକ୍ତ ଭାବରେ ସୂଚନାତ୍ମକ ସନ୍ଦେଶଗୁଡ଼ିକୁ ଯେପରି କି ping ଅନୁରୋଧ " "ଏବଂ ଉତ୍ତରଗୁଡ଼ିକ ପାଇଁ." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ICMP ପ୍ରକାରଗୁଡ଼ିକୁ ତାଲିକାରେ ଚିହ୍ନଟକରନ୍ତୁ, ଯାହାକୁ କି ଅସ୍ୱୀକାର କରିବା ଉଚିତ. ଅନ୍ୟ ସମସ୍ତ ICMP " "ପ୍ରକାରଗୁଡ଼ିକ ଅଗ୍ନିକବଚ ପାରକରିବା ପାଇଁ ଅନୁମତିପ୍ରାପ୍ତ. ପୂର୍ବନିର୍ଦ୍ଧାରିତରେ କୌଣସି ସୀମା ବନ୍ଧନ ନାହିଁ." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ଫିଲଟର" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ଏଠାରେ ଆପଣ ଅଞ୍ଚଳ ପାଇଁ ଶକ୍ତିଶାଳୀ ଭାଷା ନିୟମାବଳୀକୁ ସେଟ କରିପାରିବେ।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "ଶକ୍ତ ନିୟମ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "ଶକ୍ତ ନିୟମକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "ଶକ୍ତ ନିୟମକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ଶକ୍ତିଶାଳୀ ନିୟମାବଳୀ" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ଏହି ଅଞ୍ଚଳରେ ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକୁ ବାନ୍ଧିବା ପାଇଁ ଯୋଗ କରନ୍ତୁ। ଯଦି ଏହି ଅନ୍ତରାପୃଷ୍ଠଗୁଡ଼ିକ କୌଣସି ସଂଯୋଗ " "ଦ୍ୱାରା ବ୍ୟବହାର ହୋଇଥାଏ, ତେବେ ସେହି ଅଞ୍ଚଳଟି ସଂଯୋଗରେ ଉଲ୍ଲେଖିତ ଅଞ୍ଚଳରେ ସେଟ ହେବ।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ଅନ୍ତରାପୃଷ୍ଠ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ଅନ୍ତରାପୃଷ୍ଠକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ଅନ୍ତରାପୃଷ୍ଠକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ଉତ୍ସ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ଉତ୍ସକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ଉତ୍ସକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ଅଞ୍ଚଳ" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld ସର୍ଭିସ ହେଉଛି ପୋର୍ଟ, ପ୍ରୋଟୋକଲ, ମଡ୍ୟୁଲ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାଗୁଡ଼ିକର ଏକ ମିଶ୍ରଣ।" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ସର୍ଭିସ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ସର୍ଭିସକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ସର୍ଭିସକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ସର୍ଭିସ ପୂର୍ବନିର୍ଦ୍ଧାରିତକୁ ଧାରଣ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ପ୍ରବେଶ ସଂପାଦନା କର" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ଭରଣକୁ କାଢ଼ି ଦିଅନ୍ତୁ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ମୋଡ୍ୟୁଲଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ଯଦି ଆପଣ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣାକୁ ଉଲ୍ଲେଖ କରନ୍ତି, ତେବେ ସର୍ଭିସ ନିବେଶ ଲକ୍ଷ୍ଯସ୍ଥଳ ଠିକଣା ଏବଂ ପ୍ରକାରରେ " "ସିମୀତ ହେବ। ଯଦି ଉଭୟ ନିବେଶଗୁଡ଼ିକ ଖାଲିଥାଏ, ତେବେ ସେଠାରେ କୌଣସି ସୀମା ନଥାଏ।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ସର୍ଭିସଗୁଡ଼ିକ କେବଳ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ପରିବର୍ତ୍ତନ ହୋଇପାରିବ। ସର୍ଭିସଗୁଡ଼ିକର ପ୍ରଚଳିତ ବିନ୍ୟାସ ସ୍ଥାୟୀ " "ଅଟେ।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "ଏକ firewalld icmptype ଇଣ୍ଟରନେଟ ନିୟନ୍ତ୍ରଣ ସନ୍ଦେଶ ପ୍ରୋଟୋକଲ (ICMP) ପ୍ରକାର ପାଇଁ " "firewalld କୁ ସୂଚନା ପ୍ରଦାନ କରିଥାଏ।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ପ୍ରକାରକୁ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ପ୍ରକାରକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ପ୍ରକାରକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ପ୍ରକାର ପୂର୍ବନିର୍ଦ୍ଧାରିତକୁ ଧାରଣ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "ଏହି ICMP ପ୍ରକାରଟି IPv4 ଏବଂ/ଅଥବା IPv6 ରେ ଉପଲବ୍ଧ ହୋଇଥାଏ କି ନାହିଁ ତାହା ଉଲ୍ଲେଖ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ପ୍ରକାରଗୁଡ଼ିକ ସ୍ଥାୟୀ ବିନ୍ୟାସ ଦୃଶ୍ୟରେ ହିଁ କେବଳ ପରିବର୍ତ୍ତିତ ହୋଇଥାଏ। ICMP ପ୍ରକାରଗୁଡ଼ିକ ପ୍ରଚଳିତ " "ବିନ୍ୟାସ ସ୍ଥାୟୀ ଅଛି।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ସିଧାସଳଖ ସଂରଚନା ଫାୟାରୱାଲରେ ସିଧାସଳଖ ପ୍ରବେଶାନୁମତି ଦେଇଥାଏ। ଏହି ବିକଳ୍ପଗୁଡ଼ିକ ପାଇଁ " "ବ୍ୟବହାରକାରୀଙ୍କ ପାଖରେ ମୌଳିକ iptables ଜ୍ଞାନ ଥିବା ଆବଶ୍ୟକ, ଯେପରିକି ସାରଣୀ, ଶୃଙ୍ଖଳ, ନିର୍ଦ୍ଦେଶ, " "ପ୍ରାଚଳ ଏବଂ ଲକ୍ଷ୍ଯସ୍ଥଳ। ସିଧାସଳଖ ସଂରଚନାକୁ କେବଳ ଶେଷ ଆଶ୍ରୟ ଭାବରେ ବ୍ୟବହାର କରିବା ଉଚିତ " "ଯେତେବେଳେ ଅନ୍ୟ କୌଣସି firewalld ବିଶେଷତା ବ୍ୟବହାର କରିବା ସମ୍ଭବ ହୋଇନଥାଏ।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ପ୍ରତ୍ୟେକ ବିକଳ୍ପର ipv ସ୍ୱତନ୍ତ୍ରଚର ipv4 କିମ୍ବା ipv6 ଅଥବା eb ହୋଇଥିବା ଉଚିତ। ipv4 ସହିତ ଏହା " "iptables ପାଇଁ ହୋଇଥାଏ, ipv6 ସହିତ ip6tables ପାଇଁ ଏବଂ eb ସହିତ ଇଥରନେଟ ବ୍ରିଜଗୁଡ଼ିକ ପାଇଁ " "ହୋଇଥାଏ (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ନିୟମାବଳୀ ସହିତ ବ୍ୟବହାର ହେବାକୁ ଥିବା ଅତିରିକ୍ତ ଶୃଙ୍ଖଳ।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ସୃଙ୍ଖଳ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ସୃଙ୍ଖଳକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ସୃଙ୍ଖଳକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ସୃଙ୍ଖଳଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "ସ୍ୱତନ୍ତ୍ରଚର args ସହିତ ଏକ ଶୃଙ୍ଖଳରେ ପ୍ରାଥମିକତା ଦେଇ ଗୋଟିଏ ନିୟମ ଯୋଗ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ନିୟମାବଳୀକୁ କ୍ରମାନ୍ୱୟରେ ରଖିବା ପାଇଁ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରାଯାଇଥାଏ। ପ୍ରାଥମିକତା 0 ଅର୍ଥ ହେଉଛି " "ଶୃଙ୍ଖଳ ଉପରେ ନିୟମ ଯୋଗ କରନ୍ତୁ, ଉଚ୍ଚ ପ୍ରାଥମିକତା ସହିତ ନିୟମଟି ତଳେ ଯୋଗ କରାଯାଇଥାଏ। ସମାନ " "ପ୍ରାଥମିକତା ବିଶିଷ୍ଟ ନିୟମାବଳୀ ସମାନ ସ୍ତରରେ ଥାଏ ଏବଂ ସେହି ନିୟମାବଳୀର କ୍ରମ ସ୍ଥାୟୀନଥାଏ ଏବଂ " "ପରିବର୍ତ୍ତନ ହୋଇପାରେ। ଯଦି ଆପଣ ନିଶ୍ଚିତ କରିବାକୁ ଚାହୁଁଛନ୍ତି ଯେ ଅନ୍ୟ ଗୋଟିଏ ଉପରେ ନିୟମାବଳୀ ଯୋଗ ହେବ " "ତେବେ, ପ୍ରଥମେ କମ ପ୍ରାଥମିକତାକୁ ବ୍ୟବହାର କରନ୍ତୁ ଏବଂ ତାପରେ ଉଚ୍ଚ ପ୍ରାଥମିକତାକୁ ରଖନ୍ତୁ।" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ନିୟମ ୟୋଗକରନ୍ତୁ" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ନିୟମ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ନିୟମକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ନିୟମାବଳୀ" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ଅଗ୍ରଗତି ନିୟମାବଳୀ ସିଧାସଳଖ ଭାବରେ ଫାୟାରୱାଲ ମଧ୍ଯ ଦେଇ ଯାଇଥାଏ ଏବଂ ତାହା ବିଶେଷ ଶୃଙ୍ଖଳରେ " "ରଖାଯାଇନଥାଏ। ସମସ୍ତ iptables, ip6tables ଏବଂ etables ବିକଳ୍ପକୁ ବ୍ୟବହାର କରାଯାଇପାରିବ।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ଅଗ୍ରଗତି ନିୟମାବଳୀ ସହିତ ଦୟାକରି ସତର୍କ ରୁହନ୍ତୁ ଯେପରି ତାହା ଫାୟାରୱାଲକୁ କ୍ଷତି ନକରେ।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "ଅଗ୍ରଗତିକୁ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "ଅଗ୍ରଗତିକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "ଅଗ୍ରଗତିକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ଅଗ୍ରଗତି" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ଲକଡାଉନ ବିଶେଷତାଟି ହେଉଛି firewalld ପାଇଁ ବ୍ୟବହାରକାରୀ ଏବଂ ପ୍ରୟୋଗ ନିତୀଗୁଡ଼ିକର ହାଲୁକା ସଂସ୍କରଣ। " "ଏହା ଫାୟାରୱାଲର ପରିବର୍ତ୍ତନକୁ ସିମୀତ କରିଥାଏ। ଲକଡାଉନ ହ୍ୱାଇଟଲିଷ୍ଟ ନିର୍ଦ୍ଦେଶ, ପ୍ରସଙ୍ଗ, ବ୍ୟବହାରକାରୀ " "ଏବଂ ବ୍ୟବହାରକାରୀ id ଗୁଡ଼ିକୁ ଧାରଣ କରିଥାଏ।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "ପ୍ରସଙ୍ଗକୁ ଯୋଗକରନ୍ତୁ" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "ପ୍ରସଙ୍ଗକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "ପ୍ରସଙ୍ଗକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "ପ୍ରସଙ୍ଗ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ଯଦି ହ୍ୱାଇଟଲିଷ୍ଟରେ ଗୋଟିଏ ନିର୍ଦ୍ଦେଶ ନିବେଶ ଆସଟେରିସ୍କ '*' ରେ ସମାପ୍ତ ହୋଇଥାଏ, ତେବେ ସେହି ନିର୍ଦ୍ଦେଶ " "ସହିତ ଆରମ୍ଭ ହେଉଥିବା ସମସ୍ତ ନିର୍ଦ୍ଦେଶ ଧାରା ମେଳ ଖାଇବ। ଯଦି ସେହି '*' ସେଠାରେ ନଥାଏ ତେବେ ସେହି " "ସ୍ୱଚନ୍ତ୍ରଚର ସହିତ ମେଳଖାଉଥିବା ନିର୍ଦ୍ଦିଷ୍ଟ ନିର୍ଦ୍ଦେଶ ନିଶ୍ଚିତ ଭାବରେ ମେଳଖାଇବ।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ପାଠ୍ଯ ନିର୍ଦ୍ଦେଶକୁ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ପାଠ୍ଯ ନିର୍ଦ୍ଦେଶକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ପାଠ୍ଯ ନିର୍ଦ୍ଦେଶକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ନିର୍ଦ୍ଦେଶ ଧାରା" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ବ୍ୟବହାରକାରୀ ନାମଗୁଡ଼ିକ।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ବ୍ୟବହାରକାରୀ ନାମ ଯୋଗ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ବ୍ୟବହାରକାରୀ ନାମକୁ ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ବ୍ୟବହାରକାରୀ ନାମକୁ ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ବ୍ୟବହାରକାରୀ ନାମଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ବ୍ୟବହାରକାରୀ id ଗୁଡ଼ିକ।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ବ୍ୟବହାରକାରୀ Id ଯୋଗକରନ୍ତୁ" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ବ୍ୟବହାରକାରୀ Id ସମ୍ପାଦନ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ବ୍ୟବହାରକାରୀ Id ବାହାର କରନ୍ତୁ" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ବ୍ୟବହାରକାରୀ Id ଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ତନ୍ତ୍ରର ପ୍ରଚଳିତ ପୂର୍ବନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳ।" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "ଆକସ୍ମିକ ଭୟ ପରିସ୍ଥିତି:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ଲକଡାଉନ:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ପୂର୍ବ ନିର୍ଦ୍ଧାରିତ ଅଞ୍ଚଳ:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ସଂଯୋଗିକୀ ଏବଂ ପ୍ରୋଟୋକଲ" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ଦୟାକରି ଗୋଟିଏ ପୋର୍ଟ ଏବଂ ପ୍ରୋଟୋକଲ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ସିଧାସଳଖ ନିୟମ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ଦୟାକରି ipv ଏବଂ table, ଶୃଙ୍ଖଳ ଅଗ୍ରାଧୀକାରକୁ ବାଛନ୍ତୁ ଏବଂ args କୁ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ଅଗ୍ରାଧିକାର:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ଦୟାକରି ଗୋଟିଏ ପ୍ରୋଟୋକଲ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ଅନ୍ୟାନ୍ୟ ପ୍ରୋଟୋକଲ:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ଶକ୍ତ ନିୟମ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ଦୟାକରି ଗୋଟିଏ ଶକ୍ତ ନିୟମକୁ ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "ହୋଷ୍ଟ କିମ୍ବା ନେଟୱର୍କ ହ୍ୱାଇଟ କିମ୍ବା ବ୍ଲାକଲିଷ୍ଟ ପାଇଁ ଉପାଦାନକୁ ନିଷ୍କ୍ରିୟ କରିଥାଏ।" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ଉତ୍ସ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ଲକ୍ଷ୍ଯସ୍ଥଳ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ଲଗ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ସମ୍ପାଦନ:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ଏବଂ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ଓଲଟି ଯାଇଛି" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ଏହାକୁ ସକ୍ରିୟ କରିବା ପାଇଁ କାର୍ଯ୍ୟକୁ 'ପ୍ରତ୍ୟାଖ୍ୟାନ' କରିବା ଉଚିତ ଏବଂ 'ipv4' କିମ୍ବା 'ipv6' ପରିବାରର " "ହୋଇଥିବା ଉଚିତ (ଉଭୟ ନୁହଁ)।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ପ୍ରକାର ସହିତ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "ସୀମା ସହିତ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ଉପସର୍ଗ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "ସ୍ତର:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ଉପାଦାନ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "କାର୍ଯ୍ୟ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ମୂଳ ସର୍ଭିସ ସେଟିଙ୍ଗଗୁଡ଼ିକ" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ମୂଳ ସର୍ଭିସ ସେଟିଙ୍ଗଗୁଡ଼ିକୁ ଦୟାକରି ବିନ୍ୟାସ କରନ୍ତୁ:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ଦୟାକରି ଗୋଟିଏ ସର୍ଭିସ ବାଛନ୍ତୁ।" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ବ୍ୟବହାରକାରୀ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ଦୟାକରି ବ୍ୟବହାରକାରୀ id ଭରଣ କରନ୍ତୁ।" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ଦୟାକରି ବ୍ୟବହାରକାରୀ ନାମ ଭରଣ କରନ୍ତୁ" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ମୂଳ ଅଞ୍ଚଳ ସଂରଚନା" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ମୂଳ ଅଞ୍ଚଳ ସଂରଚନାକୁ ବିନ୍ୟାସ କରନ୍ତୁ:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ପୂର୍ବ ନିର୍ଦ୍ଧାରିତ ଲକ୍ଷ୍ଯ ସ୍ଥଳ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ଲକ୍ଷ୍ଯ ସ୍ଥଳ:" firewalld-0.8.2/po/de.po0000664007115300711530000017253113641112250016226 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Andreas Müller , 2003 # Bernd Bartmann , 2004 # Bernd Groh , 2002-2004 # tbull , 2010 # Daniela Kugelmann , 2008 # Dominik Sandjaja , 2008 # Fabian Affolter , 2008-2009 # Florian Festi , 2008 # hpeters , 2009 # hpeters , 2009,2014 # hpeters , 2014 # Marcus Gloeckner , 2006 # Marcus Nitzschke , 2009-2010 # Michael Schönitzer , 2007 # Michael Schönitzer , 2007 # Nadine Reissle , 2006 # Roman Spirgi , 2012-2013 # Ronny Buchmann , 2005-2006 # sknirT omiT , 2010 # tbull , 2010 # Thomas Woerner , 2008-2009,2012 # Thomas Woerner , 2012 # Thomas Woerner , 2012 # Verena , 2004 # Roman Spirgi , 2015. #zanata # Hedda Peters , 2016. #zanata # Lisa Stemmler , 2016. #zanata # Roman Spirgi , 2016. #zanata # Thomas Woerner , 2016. #zanata # Robert Scheck , 2017. #zanata # Roman Spirgi , 2017. #zanata # Eric Garver , 2018. #zanata # Fabian Affolter , 2018. #zanata # Phil Sutter , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Phil Sutter \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Firewall-Applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall-Konfiguration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "Firewall;Netzwerk;Sicherheit;Iptables;Netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Wählen Sie die Zone für die Schnittstelle »%s«" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standardzone" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Zone für Verbindung »%s« auswählen" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Fehler beim Angeben der Zone {zone} für Verbindung {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Zone für Quelle »%s« auswählen" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Konfiguriere geschützte/ offene Zonen" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Hier können Sie die Bereiche für aktive und offene Schutzschild-Zonen " "auswählen." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Diese Funktion ist besonders nützlich für Benutzer, die hauptsächlich die " "Standardzonen verwenden. Für Benutzer, die Verbindungs-Zonen ändern, ist es " "möglicherweise nur bedingt nützlich." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Aktive Schutzschild-Zone:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Auf Standardeinstellung zurücksetzen" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Offene Schutzschild-Zone:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Über %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autoren" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Lizenz" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Schutzschilde aktivieren" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Meldungen aktivieren" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Firewall-Einstellungen bearbeiten..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Verbindungszonen ändern..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Konfiguriere geschützte/offene Schutzschild-Zonen..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Sämtlichen Netzwerk-Verkehr blocken" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Info" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Verbindungen" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Schnittstellen" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Quellen" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorisierung fehlgeschlagen." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Ungültiger Name" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Name ist bereits vorhanden" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zone: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Standardzone: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Abrufen der Verbindungen von NetworkManager fehlgeschlagen" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Keine Importe von NetworkManager verfügbar" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Keine Verbindung zum Firewalldämon" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Sämtlicher Netzwerkverkehr wird geblockt." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Standardzone: »%s«" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standardzone '{default_zone}' aktiv für Verbindung '{connection}' auf " "Schnittstelle '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "'{zone}'-Zone aktiv für '{connection}'-Verbindung auf '{interface}'-" "Schnittstelle" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{zone}'-Zone aktiv für '{interface}'-Schnittstelle" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' aktiv für Quelle {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Keine aktiven Zonen" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Verbindung zu FirewallD hergestellt." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Verbindung zu FirewallD verloren." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD neu geladen." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Standardzone geändert auf »%s«." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Netzwerkverkehr wird nicht mehr geblockt." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktiviert" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deaktiviert" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standardzone '{default_zone}' {activated_deactivated} für Verbindung " "'{connection}' auf Schnittstelle '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{zone}'-Zone {activated_deactivated} für '{connection}'-Verbindung auf " "'{interface}'-Schnittstelle" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{zone}'-Zone {activated_deactivated} für '{interface}'-Schnittstelle" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "»%s«-Zone aktiviert für »%s«-Schnittstelle" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} für Quelle '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone »%s« aktiviert für Quelle »%s«" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Verbindung zu firewalld hergestellt." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Verbindungsversuch zu firewalld, warten..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Verbindung mit Firewall fehlgeschlagen. Stellen Sie sicher, dass der Dienst " "korrekt gestartet wurde, und versuchen Sie es erneut." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Änderungen angewendet." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Wird von der Netzwerkverbindung »%s« benutzt" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standardzone benutzt von Netzwerkverbindung '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aktiviert" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "deaktiviert" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Symbole konnten nicht geladen werden." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Befehlszeile" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Benutzername" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Benutzer-ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabelle" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Kette" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorität" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumente" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Runtime" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Dienst" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "An Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Zu Adresse" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Zuordnungen" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Eintrag" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-Typ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familie" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Aktion" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "Log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Schnittstelle" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Quelle" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Warnung" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fehler" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "akzeptieren" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ablehnen" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "abwählen" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "markieren" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "begrenzen" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "Dienst" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "Port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "Protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "Maskierung" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-Blockierung" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "ICMP-Typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "Weiterleitungsport" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "Quell-Port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "Stufe" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "Ja" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Standardzone: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone »%s«: Dienst »%s« ist nicht verfügbar." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Zone entfernen" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorieren" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone »%s«: ICMP-Typ »%s« ist nicht verfügbar." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Integrierte Zone, das Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "Sekunde" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "Minute" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "Stunde" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "Tag" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "Gefahr" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "Warnung" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritisch" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "Fehler" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "Warnung" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "Notiz" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "Info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "Debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Die Weiterleitung an ein anderes System ist nur dann sinnvoll, wenn die " "Schnittstelle maskiert ist.\n" "Wollen Sie diese Zone maskieren?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Integrierter Dienst, das Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Bitte geben Sie eine ipv4 Adresse im Format Adresse[/mask] ein." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Die Maske kann eine Netzwerkmaske oder eine Zahl sein." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Bitte geben Sie eine ipv6 Adresse im Format Adresse[/mask] ein." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Die Maske ist eine Zahl." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Bitte geben Sie eine ipv4 Adresse im Format Adresse[/mask] ein." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Die Maske kann eine Netzwerkmaske für ipv4 sein.\n" "Die Maske ist eine Zahl für ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Integriertes Ipset, Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Bitte wählen Sie eine Datei" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Textdateien" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Alle Dateien" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alle" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Enthaltene Helfer, Umbenennen nicht unterstützt." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Integriertes Icmp, das Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Lesen der Datei »%s« fehlgeschlagen: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Zone für Quelle %s auswählen" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresse" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatische Helfer" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Bitte den Wert für automatische Helfer wählen:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Bitte die Befehlszeile eingeben." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Bitte den Kontext eingeben." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Bitte wählen Sie die Standardzone aus der unteren Liste." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direkte Kette" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" "Bitte wählen Sie IP-Version sowie die Tabelle und geben Sie den Ketten-Namen " "ein." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Kette:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "Sicherheit" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabelle:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direkte Weiterleitungsregel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Bitte wählen Sie IP-Version und geben Sie die Argumente ein." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumente:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port-Weiterleitung" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Bitte wählen Sie die Quell- und Ziel-Einstellungen nach Ihren Bedürfnissen " "aus." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port/ Port-Bereich:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-Adresse:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Ziel" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Wenn Sie lokales Weiterleiten aktivieren, müssen Sie einen Port angeben. " "Dieser Port darf nicht mit dem Quell-Port übereinstimmen." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokales Weiterleiten" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "An einen anderen Port weiterleiten" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Basis-Helfer Einstellungen" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Bitte Basis-Helfer Einstellungen konfigurieren:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Fett markierte Einträge sind zwingend, alle anderen optional." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Name:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kurzbeschreibung:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beschreibung:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familie:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Module:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Helfer" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Bitte einen Helfer wählen:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Grundlegende ICMP Typ-Einstellungen" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Bitte konfigurieren Sie die grundlegenden Einstellungen des ICMP-Typs:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-Typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Einen ICMP-Typ auswählen" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Eintrag hinzufügen" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Einträge von Datei hinzufügen" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Ausgewählten Eintrag entfernen" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Alle Einträge entfernen" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Einträge aus Datei entfernen" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Datei" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Optionen" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld neu laden" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Firewall-Regeln neu laden. Die aktuelle permanente Konfiguration wird als " "neue Runtime-Konfiguration gesetzt, dadurch z.B. werden alle »Nur-Runtime«-" "Änderungen beim Neuladen verloren gehen, falls sich diese nicht auch in der " "permanenten Konfiguration befinden." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" "Wählen Sie zu welcher Zone eine Netzwerkverbindung zugeordnet werden soll." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Standardzone ändern" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Standardzone für Verbindungen oder Schnittstellen ändern." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "LogDenied ändern" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Wert für LogDenied ändern." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigurieren der automatischen Helferzuweisung" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigurieren der Einstellung für die automatische Helferzuweisung." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Sperrmodus bedeutet, dass sämtliche eingehende und ausgehende Pakete " "verworfen werden." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panik-Modus" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown sperrt die Firewall-Konfiguration, so dass nur Anwendungen auf der " "Sperr-Positivliste diese ändern können." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Sperrung" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Runtime-Konfiguration dauerhaft speichern" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime auf dauerhaft" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Ansicht" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-Typen" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Helfer" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direkte Konfiguration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Sperr-Positivliste" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktive Zuordnungen" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hilfe" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zone ändern" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Zone der Zuordnung ändern" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ausblenden aktiver Laufzeit-Zuordnungen der Verbindungen, Schnittstellen und " "Quellen für Zonen" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Anzeigen aktiver Laufzeit-Zuordnungen der Verbindungen, Schnittstellen und " "Quellen für Zonen" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Aktuell einsehbare Konfiguration. Die Runtime-Konfiguration ist die " "derzeitig aktive Konfiguration. Die dauerhafte Konfiguration wird nach dem " "erneuten Laden des Dienstes oder Systems aktiv sein." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Ein firewalld-Zone definiert die Vertrauensstufe für Netzwerkverbindungen, " "Schnittstellen und Quell-Adressen. Die Zone kombiniert Dienste, Ports, " "Protokolle, Maskierungen, Port-/ Paket-Weiterleitung, ICMP-Filter und " "umfassende Regeln. Die Zone kann mit Schnittstellen und Quelladressen " "verknüpft werden." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Zone hinzufügen" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Zone bearbeiten" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Zone entfernen" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Standardwerte der Zone laden" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Hier können Sie definieren, welche Dienste in der Zone vertrauenswürdig " "sind. Vertrauenswürdige Dienste sind zugänglich von allen Hosts und " "Netzwerken, die den Rechner über mit dieser Zone verbundenen Verbindungen, " "Schnittstellen und Quellen erreichen können." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Dienste" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Zusätzliche Ports oder Portbereiche hinzufügen, welche von allen Rechnern " "oder Netzwerken erreichbar sein müssen, die sich mit dem Gerät verbinden " "können." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Port hinzufügen" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Zone bearbeiten" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Zone entfernen" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Protokolle hinzufügen, die für alle Hosts oder Netzwerke erreichbar sein " "müssen." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Protokoll hinzufügen" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Protokoll bearbeiten" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Protokoll entfernen" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokolle" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Zusätzliche Ports oder Portbereiche hinzufügen, welche von allen Rechnern " "oder Netzwerken erreichbar sein müssen, die sich mit dem Gerät verbinden " "können." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Quellports" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading erlaubt es, einen Rechner oder Router einzurichten, der Ihr " "lokales Netzwerk mit dem Internet verbindet. Ihr lokales Netzwerk ist nicht " "sichtbar und erscheint als ein Rechner vom Internet aus betrachtet. " "Masquerading kann nur für IPv4 benutzt werden." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskierte Zone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Wenn Sie Masquerading aktivieren, wird IP Forwarding für Ihre IPv4-Netzwerke " "aktiviert." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Fügen Sie Einträge hinzu, um entweder einen Port auf einen anderen lokalen " "Port weiterzuleiten oder vom lokalen System auf ein anderes. Das " "Weiterleiten eines Ports auf ein anderes System ist nur dann sinnvoll, wenn " "die Schnittstelle maskiert ist. Port-Weiterleitung kann nur für IPv4 benutzt " "werden." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Weiterleitungs-Port hinzufügen" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Weiterleitungs-Port bearbeiten" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Weiterleitungs-Port entfernen" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Das Internet Control Message Protocol (ICMP) wird hauptsächlich dazu " "verwendet, um Fehlermeldungen zwischen vernetzten Computern zu senden und " "zusätzlich zu Informationszwecken wie z.B. Ping-Anfragen und -Antworten." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markieren Sie die ICMP-Typen in der Liste, die abgelehnt werden sollen. Alle " "anderen ICMP-Typen dürfen die Firewall passieren. Der Standardwert hat keine " "Beschränkung." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Falls Filter invertieren aktiviert ist, werden markierte ICMP-Einträge " "akzeptiert und andere zurückgewiesen. In einer Zone mit dem Ziel DROP, " "werden diese verworfen." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Filter invertieren" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Hier können umfassende Sprachregeln für die Zone definiert werden" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Umfassende Regel hinzufügen" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Umfassende Regel bearbeiten" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Umfassende Regel entfernen" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Umfassende Regeln" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Einträge hinzufügen, um Schnittstellen mit der Zone zu verknüpfen. Falls die " "Schnittstelle von einer Verbindung verwendet wird, wird die Zone in der " "Verbindung angegebenen Zone gesetzt." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Schnittstelle hinzufügen" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Schnittstelle bearbeiten" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Schnittstelle entfernen" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Einträge hinzufügen, um Quelladressen oder Bereiche mit der Zone zu " "verbinden. Sie können sie auch mit einer MAC-Quelladresse verbinden, " "allerdings mit Einschränkungen. Weiterleiten und Maskieren des Ports wird " "für MAC-Quellbindungen nicht funktionieren." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Quelle hinzufügen" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Quelle bearbeiten" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Quelle entfernen" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonen" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Ein firewalld-Dienst ist eine Kombination aus Ports, Protokollen, Modulen " "und Zieladressen." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Dienst hinzufügen" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Dienst bearbeiten" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Dienst entfernen" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Standard-Dienst-Einstellungen laden" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Zusätzliche Ports oder Port-Bereiche hinzufügen, die für alle Hosts oder " "Netzwerke erreichbar sein müssen." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Eintrag bearbeiten" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Eintrag entfernen" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Zusätzliche Ports oder Port-Bereiche hinzufügen, die für alle Rechner oder " "Netzwerke erreichbar sein müssen." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Quell-Port" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-Helfer-Module werden für einige Dienste benötigt." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Module" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Wenn Sie Zieladressen angeben, wird der Dienst-Eintrag auf die Zieladresse " "und den Typ beschränkt. Wenn beide Einträge leer sind, gibt es keine " "Einschränkung." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Dienste können nur in der permanenten Konfigurationsansicht geändert werden. " "Die Runtime-Konfiguration der Dienste ist unveränderlich." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Ein IPSet kann verwendet werden, um White- oder Blacklists zu erstellen, und " "es kann zum Beispiel IP-Adressen, Portnummern oder MAC-Adressen speichern. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet hinzufügen" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet bearbeiten" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet entfernen" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet Standardeinstellungen laden" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Einträge von IPSet. Sie werden nur Einträge von IPSet sehen können, die " "nicht die Timeout-Option verwenden, außerdem nur Einträge, die von firewalld " "hinzugefügt wurden. Einträge, die direkt mit dem IPSet Befehl hinzugefügt " "wurden, werden hier nicht angeführt." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Dieses IPSet benutzt die Timeout-Option, deswegen sind hier keine Einträge " "sichtbar. Die Einträge sollten direkt mit dem IPSet-Befehl verarbeitet " "werden." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Hinzufügen" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Einträge" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSets können nur in der dauerhaften Konfigurationsansicht erstellt oder " "gelöscht werden." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Ein firewalld-icmp-Typ stellt die Information für einen »Internet Control " "Message Protocol«-Typ (ICMP) für firewalld bereit." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP-Typ hinzufügen" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP-Typ bearbeiten" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP-Typ entfernen" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP Typ-Standardwerte laden" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Definieren, ob dieser ICMP-Typ für IPv4 und/ oder IPv6 verfügbar ist." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-Typen können nur in der permanenten Konfigurationsansicht geändert " "werden. Die Runtime-Konfiguration der ICMP-Typen ist unveränderlich." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Ein Verbindungsüberwachungs-Helfer unterstützt Protokolle, die " "unterschiedliche Ströme für Signalisierung und Datenübertragungen verwenden. " "Die Datenübertragungen verwenden Ports, die nicht mit der " "Signalisierungsverbindung verknüpft sind und daher von der Firewall ohne " "Helfer blockiert würden." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Ports oder Portbereiche definieren, welche vom Helfer überwacht werden." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Die direkte Konfiguration ergibt einen direkteren Zugang zum Firewall. Diese " "Optionen verlangen vom Benutzer grundlegende Kenntnisse über iptables-" "Konzepte, z.B. Tabellen, Ketten, Befehle, Parameter und Ziele. Direkte " "Konfiguration sollte nur als letzter Ausweg eingesetzt werden, wenn es nicht " "möglich ist, andere firewalld Funktionen zu verwenden." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Das ipv Argument jeder Option hat ipv4 oder ipv6 oder eb zu sein. Bei ipv4 " "wird es für iptables, mit ipv6 für ip6tables und mit eb für Ethernet-Brücken " "(ebtables) sein." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Weitere Ketten für den Einsatz mit Regeln." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Kette Hinzufügen" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Kette Bearbeiten" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Kette Entfernen" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ketten" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Fügen Sie eine Regel mit den Argumenten args zu einer Kette in einer Tabelle " "mit einer Priorität hinzu." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Die Priorität wird verwendet, um Regeln zu reihen. Priorität 0 bedeutet die " "Regel oben auf der Kette einzufügen, mit einer höheren Priorität wird die " "Regel weiter unten hinzugefügt werden. Regeln mit der gleichen Priorität " "sind auf der gleichen Ebene und die Reihenfolge dieser Regeln ist nicht " "festgelegt und kann sich ändern. Wenn Sie sicherstellen wollen, dass eine " "Regel nach einer anderen hinzugefügt werden soll, verwenden Sie eine " "niedrige Priorität für die erste und eine höhere für die folgende." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Regel hinzufügen" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Regel bearbeiten" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Regel löschen" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regeln" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Die Durchgangsregeln werden direkt durch die Firewall gelassen und werden " "nicht in Spezialketten gegeben. Alle iptables, ip6tables und ebtables " "Optionen können verwendet werden." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Bitte seien Sie vorsichtig mit Durchgangsregeln damit Sie nicht den Firewall " "beschädigen." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Durchgang Hinzufügen" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Durchgang Bearbeiten" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Durchgang Entfernen" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Durchgang" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Die Sperroption ist eine einfache Version von Benutzer- und " "Anwendungsrichtlinien für firewalld. Sie begrenzt Änderungen an der " "Firewall. Die Sperr-Positivliste kann Befehle, Kontexte, Benutzer und " "Benutzer-IDs enthalten." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Der Kontext ist der (SELinux-) Sicherheitskontext einer laufenden Anwendung " "oder eines Dienstes. Um den Kontext einer laufenden Anwendung einzusehen, " "verwenden Sie ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Kontext hinzufügen" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Kontext bearbeiten" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Kontext entfernen" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexte" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Falls ein Befehlseintrag der Positivliste mit einem Sternsymbol »*« endet, " "werden alle Kommandozeilen, die mit dem Befehl beginnen ausgewertet. Falls " "das »*«-Symbol nicht vorhanden ist, muss der absolute Befehl inklusive " "Argumenten übereinstimmen." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Kommandozeile hinzufügen" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Kommandozeile bearbeiten" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Kommandozeile entfernen" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Kommandozeilen" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Benutzernamen." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Benutzernamen hinzufügen" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Benutzernamen bearbeiten" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Benutzernamen entfernen" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Benutzernamen" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Benutzerkennungen." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Benutzer-ID hinzufügen" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Benutzer-ID bearbeiten" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Benutzer-ID entfernen" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Benutzerkennungen" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Aktuelle Standardzone des Systems" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log Denied:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panik-Modus:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatische Helfer:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Sperrung:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standardzone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Geben Sie einen Schnittstellennamen ein:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Grundlegende IPSet Einstellungen" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Bitte konfigurieren Sie die grundlegenden IPSet-Einstellungen:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashgröße:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Timeout in Sekunden" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Ursprüngliche Hashgröße, Standard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Max Anzahl von Elementen, Standard 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Bitte wählen Sie ein IPSet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Geben Sie einen Ipset-Eintrag ein:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log Denied" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Bitte wählen Sie einen Wert für LogDenied:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Markieren" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Bitte geben Sie eine Markierung mit optionaler Maske ein" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Die Felder für Markierung und Maske sind beides 32bit-breite, vorzeichenlose " "Zahlen." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Markieren:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maskieren:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Bitte einen Netfilter Conntrack Helfer wählen:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Auswählen -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Andere Module:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port und Protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Bitte einen Port und ein Protokoll eingeben." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direkte Regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Bitte wählen Sie ipv und table, " #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorität:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Bitte ein Protokoll angeben." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Anderes Protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Umfassende Regel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Bitte eine umfassende Regel eingeben." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Element deaktivieren, um Positiv- oder Negativlisten für Host oder Netzwerk " "zu verwenden." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Quelle:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Ziel:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 und ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertiert" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Zum Aktivieren muss diese Aktion 'reject' sein und die Familie muss entweder " "'ipv4' oder 'ipv6' sein (nicht beides)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "mit Typ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Mit Begrenzung:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Präfix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Stufe:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Aktion:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Dienst-Grundeinstellungen" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Bitte konfigurieren Sie Dienst-Grundeinstellungen:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Bitte einen Dienst auswählen." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Geben Sie eine Quelle ein." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Benutzerkennung" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Bitte die Benutzerkennung eingeben." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Bitte Benutzername eingeben." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "Kennung" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Grundlegende Zone-Einstellungen" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Bitte konfigurieren Sie die grundlegenden Zone-Einstellungen:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Standard-Ziel" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Ziel:" firewalld-0.8.2/po/pa.po0000664007115300711530000020224013641112251016226 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Amandeep Singh Saini , 2013-2014 # Amanpreet Singh Alam , 2004,2006 # Amanpreet Singh Alam , 2005 # A P Singh , 2006 # Amandeep Singh Saini , 2013 # A S Alam , 2006 # A S Alam , 2012 # Automatically generated, 2004 # Automatically generated , 2004 # Jaswinder Singh , 2011 # Jaswinder Singh , 2006-2010 # Jaswinder Singh Phulewala , 2005-2006 # Jaswinder Singh , 2011 # Thomas Woerner , 2016. #zanata # A S Alam , 2017. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2017-11-26 02:37+0000\n" "Last-Translator: A S Alam \n" "Language-Team: Panjabi (Punjabi) (http://www.transifex.com/projects/p/" "firewalld/language/pa/)\n" "Language: pa\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ਫਾਇਰਵਾਲ ਐਪਲੈੱਟ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ਫਾਇਰਵਾਲ" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "ਇੰਟਰਫੇਸ '%s' ਲਈ ਜ਼ੋਨ ਚੁਣੋ" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ਮੂਲ ਜ਼ੋਨ" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "ਸੰਪਰਕ '%s' ਲਈ ਜ਼ੋਨ ਚੁਣੋ" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "ਸ਼ੀਲਡ ਅੱਪ/ਡਾਊਨ ਜ਼ੋਨ ਸੰਰਚਨਾ" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ਇੱਥੇ ਤੁਸੀਂ ਸ਼ੀਲਡ ਅੱਪ ਅਤੇ ਸ਼ੀਲਡ ਡਾਊਨ ਲਈ ਵਰਤੇ ਜਾਣ ਵਾਲੇ ਜ਼ੋਨ ਚੁਣ ਸਕਦੇ ਹੋ।" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ਇਹ ਫ਼ੀਚਰ ਉਹਨਾਂ ਲੋਕਾਂ ਲਈ ਉਪਯੋਗੀ ਹੈ ਜਿਹੜੇ ਜਿਆਦਾਤਰ ਮੂਲ ਜ਼ੋਨ ਵਰਤਦੇ ਹਨ। ਉਹਨਾਂ ਯੂਜ਼ਰਾਂ, ਜਿਹੜੇ " "ਸੰਪਰਕਾਂ ਦੇ ਜੋ਼ਨਾਂ ਨੂੰ ਬਦਲਦੇ ਰਹੇ ਹਨ, ਇਹ ਸੀਮਿਤ ਵਰਤੋਂ ਵਾਲਾ ਹੋ ਸਕਦਾ ਹੈ।" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "ਸ਼ੀਲਡ ਅੱਪ ਜ਼ੋਨ:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "ਮੂਲ ਲਈ ਮੁੜ-ਸੈੱਟ ਕਰੋ" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "ਸ਼ੀਲਡ ਡਾਊਨ ਜ਼ੋਨ:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "%s ਬਾਰੇ" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "ਲੇਖਕ" #: ../src/firewall-applet.in:401 msgid "License" msgstr "ਲਸੰਸ" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "ਸ਼ੀਲਡ ਅੱਪ ਕਰਦਾ ਹੈ" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "ਸੂਚਨਾਵਾਂ ਚਾਲੂ ਕਰੋ" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "...ਫਾਇਰਵਾਲ ਸੈਟਿੰਗਾਂ ਸੋਧੋ" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ਸੰਪਰਕਾਂ ਦੇ ਜ਼ੋਨ ਬਦਲੋ..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "...ਸ਼ੀਲਡ ਅੱਪ/ਡਾਊਨ ਜ਼ੋਨ ਸੰਰਚਨਾ" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "ਸਭ ਨੈੱਟਵਰਕ ਆਵਾਜਾਈ ਉੱਤੇ ਪਾਬੰਦੀ" #: ../src/firewall-applet.in:500 msgid "About" msgstr "ਇਸ ਬਾਰੇ" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "ਕੋਈ ਕੁਨੈਕਸ਼ਨ ਨਹੀਂ" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ਇੰਟਰਫੇਸ" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ਸਰੋਤ" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ਪਰਮਾਣਿਕਤਾ ਅਸਫਲ ਹੋਈ।" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "ਅਢੁਕਵਾਂ ਨਾਂ" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "ਨਾਂ ਪਹਿਲਾਂ ਹੀ ਮੌਜੂਦ ਹੈ" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ਫਾਇਰਵਾਲ ਡੈਮਨ ਨਾਲ ਕੋਈ ਕੁਨੈਕਸ਼ਨ ਨਹੀਂ ਹੈ" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "ਸਭ ਨੈੱਟਵਰਕ ਟਰੈਫਿਕ ਉੱਤੇ ਪਾਬੰਦੀ ਲਗਾਈ ਗਈ।" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "ਮੂਲ ਜ਼ੋਨ: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{connection}' ਸੰਪਰਕ ਲਈ '{interface}' ਇੰਟਰਫੇਸ ਉੱਤੇ" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{interface}' ਇੰਟਰਫੇਸ ਲਈ" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "'{zone}' ਜ਼ੋਨ ਸਰੋਤ {source} ਲਈ ਸਰਗਰਮ" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "ਕੋਈ ਵੀ ਸਰਗਰਮ ਜ਼ੋਨ ਨਹੀਂ।" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਨਾਲ ਸੰਪਰਕ ਬਣਾਇਆ।" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਨਾਲ ਕੁਨੈਕਸ਼ਨ ਖਤਮ ਹੋਇਆ।" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਨੂੰ ਮੁੜ-ਲੋਡ ਕੀਤਾ ਜਾ ਚੁੱਕਾ ਹੈ।" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "ਮੂਲ ਜ਼ੋਨ '%s' ਨਾਲ ਬਦਲਿਆ ਗਿਆ।" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "ਨੈੱਟਵਰਕ ਟਰੈਫਿਕ ਉੱਤੇ ਹੁਣ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{zone}' ਜ਼ੋਨ {activated_deactivated} ਸੰਪਰਕ '{connection}' ਲਈ ਇੰਟਰਫੇਸ " "'{interface}' ਉੱਤੇ" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{zone}' ਜ਼ੋਨ {activated_deactivated} ਇੰਟਰਫੇਸ '{interface}' ਉੱਤੇ" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr " '%s' ਜ਼ੋਨ ਇੰਟਰਫੇਸ '%s' ਲਈ ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ ਗਿਆ" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{zone}' ਜ਼ੋਨ {activated_deactivated} ਸਰੋਤ '{source}' ਲਈ" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' ਜ਼ੋਨ ਸਰੋਤ '%s' ਲਈ ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ ਗਿਆ" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ਬਦਲਾਅ ਲਾਗੂ ਕੀਤੇ।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ਨੈੱਟਵਰਕ ਸੰਪਰਕ '%s' ਦੁਆਰਾ ਵਰਤਿਆ" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ਯੋਗ ਕੀਤਾ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ਅਯੋਗ ਕੀਤਾ" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ਆਈਕਨ ਲੋਡ ਕਰਨ ਵਿੱਚ ਅਸਫਲ ਹੋਇਆ।" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ਯੂਜ਼ਰ ਨਾਂ" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "ਚੱਲਣ ਸਮਾਂ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ਪੱਕਾ" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ਸੇਵਾ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ਪੋਰਟ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ਜਾਬਤਾ" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ਪੋਰਟ ਵੱਲ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ਪਤੇ ਵੱਲ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ਕਿਸਮ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ਟੱਬਰ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ਕਾਰਵਾਈ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ਤੱਤ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "ਸਰੋਤ" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "ਟਿਕਾਣਾ" #: ../src/firewall-config.in:834 msgid "log" msgstr "ਲੌਗ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ਆਡਿਟ" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ਸਰੋਤ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "ਚੇਤਾਵਨੀ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ਗਲਤੀ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ਸਵੀਕਾਰ ਕਰੋ" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ਅਸਵੀਕਾਰ ਕਰੋ" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ਸੁੱਟੋ" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ਹੱਦ" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ਸੇਵਾ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ਪੋਰਟ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ਜਾਬਤਾ" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ਮੁਖੌਟਾ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ਪੱਧਰ" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ਹਾਂ" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ਜ਼ੋਨ" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ਜ਼ੋਨ '%s': ਸੇਵਾ '%s' ਉਪਲੱਬਧ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ਜ਼ੋਨ ਹਟਾਉ" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "ਅਣਗੌਲਿਆ ਕਰੋ" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ਜ਼ੋਨ '%s': ICMP ਕਿਸਮ '%s' ਉਪਲੱਬਧ ਨਹੀਂ।" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "ਬਿਲਟ-ਇਨ ਜ਼ੋਨ, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ।" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ਦੂਜਾ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "ਮਿੰਨਟ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ਘੰਟਾ" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ਦਿਨ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "ਹੰਗਾਮੀ" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "ਖ਼ਬਰਦਾਰ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "ਨਾਜੁਕ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ਗਲਤੀ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ਚੇਤਾਵਨੀ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ਸੂਚਨਾ" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ਜਾਣਕਾਰੀ" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ਡੀਬੱਗ" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ਕਿਸੇ ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ ਉਸ ਵੇਲੇ ਹੀ ਵਰਤੋਂਯੋਗ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਦਾ ਮੁਖੌਟਾਪਨ ਕੀਤਾ ਹੈ।\n" "ਕੀ ਤੁਸੀਂ ਇਸ ਜ਼ੋਨ ਦਾ ਮੁਖੌਟਾਪਨ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "ਬਿਲਟ-ਇਨ ਸੰਰਚਨਾ, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "ਬਿਲਟ-ਇਨ icmp, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "ਸਰੋਤ %s ਲਈ ਜ਼ੋਨ ਚੁਣੋ" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ਪਤਾ" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਕਮਾਂਡ ਲਾਈਨ ਭਰੋ।" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਪ੍ਰਸੰਗ ਭਰੋ।" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਹੇਠਾਂ ਦਿੱਤੀ ਸੂਚੀ ਵਿੱਚੋਂ ਮੂਲ ਜ਼ੋਨ ਚੁਣੌ।" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ਸਿੱਧੀ ਲੜੀ" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ipv ਅਤੇ ਸਾਰਣੀ ਚੁਣੋ ਅਤੇ ਲੜੀ ਨਾਂ ਭਰੋ।" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ਲੜੀ:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ਕੱਚਾ" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ਸੁਰੱਖਿਆ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ਸਾਰਣੀ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ਸਿੱਧਾ ਪਾਸਥਰੂਅ ਨਿਯਮ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ipv ਚੁਣੋ ਅਤੇ ਆਰਗੂਮੈਂਟ ਭਰੋ।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ਆਰਗੂਮੈਂਟ:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ਕਿਰਪਾ ਕਰਕੇ ਆਪਣੀ ਲੋੜ ਅਨੁਸਾਰ ਸਰੋਤ ਤੇ ਨੀਯਤ ਚੋਣਾਂ ਚੁਣੋ।" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ਪੋਰਟ / ਪੋਰਟ ਰੇਂਜ:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ਪਤਾ:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ਜਾਬਤਾ:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ਟਿਕਾਣਾ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ਜੇ ਤੁਸੀਂ ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ ਯੋਗ ਕਰਦੇ ਹੋ, ਤੁਹਾਨੂੰ ਇੱਕ ਪੋਰਟ ਦੇਣੀ ਚਾਹੀਦੀ ਹੈ। ਇਹ ਪੋਰਟ ਸਰੋਤ ਪੋਰਟ ਲਈ " "ਵੱਖਰੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ਹੋਰ ਪੋਰਟ ਤੇ ਅੱਗੇ ਭੇਜਿਆ" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ਗੂੜ੍ਹੇ ਕੀਤੇ ਇੰਦਰਾਜ ਜਰੂਰੀ ਹਨ, ਬਾਕੀ ਸਭ ਚੋਣਵੀਆਂ ਹਨ।" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ਨਾਂ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ਸੰਸਕਰਣ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ਸੰਖੇਪ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ਵੇਰਵਾ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ਟੱਬਰ:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ਮੁੱਢਲੀ ICMP ਕਿਸਮ ਸੈਟਿੰਗ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਆਧਾਰ ICMP ਕਿਸਮ ਸੈਟਿੰਗਾਂ ਸੰਰਚਿਤ ਕਰੋ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ਕਿਸਮ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ICMP ਕਿਸਮ ਚੁਣੋ" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ਐਂਟਰੀ ਜੋੜੋ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ਫਾਈਲ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ਚੋਣਾਂ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਮੁੜ-ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ਫਾਇਰਵਾਲ ਨਿਯਮ ਮੁੜ ਲੋਡ ਕਰੋ। ਮੌਜੂਦਾ ਪੱਕੀ ਸੰਰਚਨਾ ਨਵੀਂ ਚੱਲ ਰਹੀ ਸੰਰਚਨਾ ਬਣ ਜਾਵੇਗੀ। ਮਤਲਬ ਕਿ ਮੁੜ-" "ਲੋਡ ਕਰਨ ਤੱਕ ਚਾਲੂ ਹਾਲਾਤ ਵਿੱਚ ਕੀਤੇ ਸਾਰੇ ਬਦਲਾਅ ਗੁੰਮ ਜਾਂਦੇ ਹਨ ਜੇ ਉਹ ਵੀ ਪੱਕੀ ਸੰਰਚਨਾ ਵਿੱਚ ਨਹੀਂ ਹਨ।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ਇੱਕ ਨੈੱਟਵਰਕ ਸੰਪਰਕ ਕਿਸ ਜ਼ੋਨ ਨਾਲ ਸੰਬੰਧ ਰੱਖਦਾ ਹੈ ਨੂੰ ਬਦਲੋ।" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ਮੂਲ ਜ਼ੋਨ ਬਦਲੋ" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ਸੰਪਰਕਾਂ ਜਾਂ ਇੰਟਰਫੇਸਾਂ ਲਈ ਮੂਲ ਜ਼ੋਨ ਬਦਲੋ।" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "ਖਲਬਲੀ ਮੋਡ ਦਾ ਮਤਲਬ ਕਿ ਸਾਰੇ ਜਾ ਰਹੇ ਅਤੇ ਆ ਰਹੇ ਪੈਕੇਟ ਸੁੱਟ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "ਖ਼ਲਬਲੀ ਮੋਡ" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ਤਾਲਾਬੰਦ ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ ਤੇ ਤਾਲਾ ਲਗਾ ਦਿੰਦਾ ਹੈ ਤਾਂ ਕਿ ਸਿਰਫ਼ ਤਾਲਾਬੰਦੀ ਦੀ ਵਾਈ੍ਹਟਲਿਸਟ " "ਉੱਪਰਲੀਆਂ ਐਪਲੀਕੇਸ਼ਨਾਂ ਹੀ ਇਸ ਨੂੰ ਬਦਲਣ ਦੇ ਯੋਗ ਹੋਣ।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ਤਾਲਾਬੰਦ" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "ਝਾਤ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ਕਿਸਮਾਂ" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ਸਿੱਧੀ ਸੰਰਚਨਾ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Whitelist ਤਾਲਾਬੰਦ ਕਰੋ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ਮਦਦ (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ਸੰਰਚਨਾ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ਮੌਜੂਦਾ ਪਰਗਟ ਸੰਰਚਨਾ। ਚਾਲੂ ਸੰਰਚਨਾ ਹੀ ਅਸਲ ਸਰਗਰਮ ਸੰਰਚਨਾ ਹੈ। ਸਥਾਈ ਸੰਰਚਨਾ ਸੇਵਾ ਜਾਂ ਸਿਸਟਮ ਦੇ " "ਮੁੜ-ਲੋਡ ਜਾਂ ਮੁੜ-ਸ਼ੁਰੂ ਹੋਣ ਤੋਂ ਬਾਅਦ ਸਰਗਰਮ ਹੋਵੇਗੀ" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ਇੱਕ ਫਾਇਰਵਾਲ ਵਾਲਾ ਜ਼ੋਨ ਨੈੱਟਵਰਕ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸਰੋਤਾਂ ਲਈ ਭਰੋਸੇ ਦਾ ਪੱਧਰ " "ਦਰਸਾਉਂਦਾ ਹੈ। ਜ਼ੋਨ ਸੇਵਾਵਾਂ, ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੁਖੌਟਾਪਨ, ਪੋਰਟ/ਪੈਕੇਟ ਫਾਰਵਰਡ ਕਰਨਾ, icmp ਫਿਲਟਰਾਂ " "ਅਤੇ ਉੱਚ-ਪੱਧਰ ਨਿਯਮਾਂ ਨੂੰ ਇਕੱਠਿਆਂ ਕਰਦਾ ਹੈ। ਜ਼ੋਨ ਨੂੰ ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤ ਪਤਿਆਂ ਨਾਲ ਬੰਨ੍ਹਿਆ ਜਾ ਸਕਦਾ ਹੈ।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ਜ਼ੋਨ ਸ਼ਾਮਿਲ ਕਰੋ" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ਜ਼ੋਨ ਸੋਧੋ" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ਜ਼ੋਨ ਹਟਾਉ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ਜ਼ੋਨ ਮੂਲ ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ਇੱਥੇ ਤੁਸੀਂ ਦੱਸ ਸਕਦੇ ਹੋ ਕਿ ਕਿਹੜੀ ਸੇਵਾ ਭਰੋਸੇਯੋਗ ਜ਼ੋਨ ਵਿੱਚ ਹੈ। ਭਰੋਸੇਯੋਗ ਸੋਵਾਵਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਅਤੇ ਨੈੱਟਵਰਕਾਂ " "ਤੋਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ ਜਿਹੜੇ ਇਸ ਜ਼ੋਨ ਨਾਲ ਬੱਝੇ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤਾਂ ਤੋਂ ਮਸ਼ੀਨ ਤੱਕ ਪਹੁੰਚ " "ਸਕਦੇ ਹਨ।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ਸੇਵਾਵਾਂ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ਵਾਧੂ ਪੋਰਟਾਂ ਜਾਂ ਪੋਰਟ ਰੇਂਜਾਂ ਸ਼ਾਮਿਲ ਕਰੋ, ਜੋ ਉਹਨਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਜਾਂ ਨੈੱਟਵਰਕਾਂ ਲਈ ਦਖਲ ਦੇਣ ਯੋਗ ਹੋਣ " "ਜਿਹੜੇ ਮਸ਼ੀਨ ਨਾਲ ਜੁੜ ਸਕਦੇ ਹਨ।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ਪੋਰਟ ਜੋੜੋ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ਜ਼ੋਨ ਸੋਧੋ" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ਜ਼ੋਨ ਹਟਾਉ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ਪੋਰਟ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ਮਖੌਟਾ ਤੁਹਾਨੂੰ ਮੇਜ਼ਬਾਨ ਜਾਂ ਰਾਊਟਰ ਨਿਰਧਾਰਤ ਕਰਨ ਵਿੱਚ ਮਦਦ ਕਰਦਾ ਹੈ ਜੋ ਤੁਹਾਡੇ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਨੂੰ " "ਇੰਟਰਨੈੱਟ ਨਾਲ ਜੋੜਦਾ ਹੈ। ਤੁਹਾਡਾ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਦਿੱਖ ਹੋਵੇਗਾ ਅਤੇ ਇੰਟਰਨੈੱਟ ਲਈ ਮੇਜ਼ਬਾਨ ਇੱਕ ਵੱਖਰੇ ਪਤੇ ਵਾਂਗ " "ਦਿਸਦਾ ਹੈ। ਮਖੌਟਾ ਸਿਰਫ IPv4 ਹੈ।" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ਮੁਖੌਟਾ ਜ਼ੋਨ" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "ਜੇ ਤੁਸੀਂ ਮੁਖੌਟਾ ਯੋਗ ਕੀਤਾ, IP ਫਾਰਵਰਡਿੰਗ ਵੀ ਤੁਹਾਡੇ IPv4 ਨੈੱਟਵਰਕਾਂ ਲਈ ਯੋਗ ਹੋ ਜਾਏਗੀ।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ਮੁਖੌਟਾ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ਪੋਰਟਾਂ ਨੂੰ ਸਥਾਨਕ ਸਿਸਟਮ ਉੱਪਰ ਇੱਕ ਪੋਰਟ ਤੋਂ ਦੂਜੀ ਪੋਰਟ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਜਾਂ ਸਥਾਨਕ ਸਿਸਟਮ ਤੋਂ ਹੋਰ " "ਸਿਸਟਮ ਵੱਲ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਇੰਦਰਾਜ ਸ਼ਾਮਿਲ ਕਰੋ। ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਨਾਲ ਸਿਰਫ ਤਾਂ ਹੀ " "ਲਾਹੇਵੰਦ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਮਖੌਟਾ ਹੈ। ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ IPv4 ਹੈ।" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ਫਾਰਵਰਡ ਪੋਰਟ ਜੋੜੋ" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ਫਾਰਵਰਡ ਪੋਰਟ ਸੋਧੋ" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ਪਾਰਵਰਡ ਪੋਰਟ ਹਟਾਉ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕਾਲ (ICMP) ਮੁੱਖ ਤੌਰ ਤੇ ਨੈੱਟਵਰਕ ਕੰਪਿਊਟਰਾਂ ਵਿੱਚ ਗਲਤੀ ਸੁਨੇਹੇ ਭੇਜਣ ਲਈ ਵਰਤਿਆ " "ਜਾਂਦਾ ਹੈ, ਪਰ ਨਾਲ ਹੀ ਵੀ ਭੇਜਦਾ ਹੈ ਜਿਵੇਂ ਪਿੰਗ ਬੇਨਤੀ ਅਤੇ ਜਵਾਬ।" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ਸੂਚੀ ਵਿੱਚ ICMP ਕਿਸਮਾਂ ਮਾਰਕ ਕਰੋ, ਜੋ ਰੱਧ ਕੀਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਹੋਰ ਸਭ ICMP ਕਿਸਮਾਂ ਫਾਇਰਵਾਲ " "ਵਿੱਚ ਲੰਘ ਸਕਦੀਆਂ ਹਨ। ਮੂਲ ਰੂਪ ਵਿੱਚ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ਫਿਲਟਰ" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ਇੱਥੇ ਤੁਸੀਂ ਜ਼ੋਨ ਲਈ ਉੱਚ-ਪੱਧਰੀ ਭਾਸ਼ਾ ਨਿਯਮ ਸੈੱਟ ਕਰ ਸਕਦੇ ਹੋ।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਸੋਧੋ" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਹਟਾਉ" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ਜ਼ੋਨ ਨਾਲ ਇੰਟਰਫੇਸ ਬੰਨ੍ਹਣ ਲਈ ਐਂਟਰੀਆਂ ਸਾਮਿਲ ਕਰੋ। ਜੇ ਇੰਟਰਫੇਸ ਸੰਪਰਕ ਦੁਆਰਾ ਵਰਤਿਆ ਜਾਵੇਗਾ, ਜ਼ੋਨ ਉਸ ਜ਼ੋਨ " "ਵਜੋਂ ਸੈੱਟ ਹੋਵੇਗਾ ਜੋ ਸੰਪਰਕ ਵਿੱਚ ਦਰਸਾਇਆ ਗਿਆ ਹੈ।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ਇੰਟਰਫੇਸ ਜੋੜੋ" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ਇੰਟਰਫੇਸ ਸੋਧੋ" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ਇੰਟਰਫੇਸ ਹਟਾਉ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ਸਰੋਤ ਜੋੜੋ" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ਸਰੋਤ ਸੋਧੋ" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ਸਰੋਤ ਹਟਾਉ" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ਜ਼ੋਨ" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "ਇੱਕ ਫਾਇਰਵਾਲ-ਡੀ ਸੇਵਾ ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੌਡਿਊਲਾਂ ਅਤੇ ਟਿਕਾਣਾ ਪਤਿਆਂ ਦਾ ਮਿਸ਼ਰਣ ਹੈ।" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ਸੇਵਾ ਜੋੜੋ" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ਸੇਵਾ ਸੋਧੋ" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ਸੇਵਾ ਹਟਾਉ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ਸੇਵਾ ਮੂਲ ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ਐਂਟਰੀ ਸੋਧੋ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ਐਂਟਰੀ ਹਟਾਉ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ਮੌਡਿਊਲ" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ਜੇ ਤੁਸੀਂ ਟਿਕਾਣਾ ਪਤੇ ਦਰਸਾਉਂਦੇ ਹੋ, ਸੇਵਾ ਇੰਦਰਾਜ ਟਿਕਾਣੇ ਦੇ ਪਤੇ ਅਤੇ ਕਿਸਮ ਤੱਕ ਸੀਮਿਤ ਰਹੇਗੀ। ਜੇ ਦੋਵੇਂ " "ਇੰਦਰਾਜ ਖਾਲੀ ਹਨ, ਫਿਰ ਕੋਈ ਬੰਦਿਸ਼ ਨਹੀਂ।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ਸੇਵਾਵਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਸੇਵਾਵਾਂ ਦੀ ਚਾਲੂ ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "ਫਾਇਰਵਾਲ-ਡੀ icmptype ਫਾਇਰਵਾਲ-ਡੀ ਦੀ ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕੌਲ (ICMP) ਕਿਸਮ ਦੀ " "ਜਾਣਕਾਰੀ ਮੁਹੱਈਆ ਕਰਵਾਉਂਦਾ ਹੈ।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ਕਿਸਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ਕਿਸਮ ਸੋਧੋ" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ਕਿਸਮ ਹਟਾਉ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ਕਿਸਮ ਮੂਲ ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "ਦਰਸਾਉ ਕਿ ਜੇ ਇਹ ICMP ਕਿਸਮ IPv4 ਅਤੇ/ਜਾਂ IPv6 ਲਈ ਉਪਲੱਬਧ ਹਨ।" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ਕਿਸਮਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ ਝਾਤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ICMP ਕਿਸਮ ਦੀ ਚਾਲੂ " "ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ਸਿੱਧੀ ਸੰਰਚਨਾ ਫਾਇਰਵਾਲ ਤੱਕ ਹੋਰ ਜਿਆਦਾ ਸਿੱਧਾ ਦਖਲ ਦਿੰਦੀ ਹੈ। ਇਹ ਚੋਣਾਂ ਲਈ ਲੋੜੀਂਦਾ ਹੈ ਕਿ ਯੂਜ਼ਰ ਨੂੰ " "iptables ਦੇ ਮੁੱਢਲੇ ਸਿਧਾਂਤ ਪਤਾ ਹੋਣ, i.e. ਸਾਰਣੀਆਂ, ਲੜੀਆਂ, ਕਮਾਂਡਾਂ, ਪੈਰਾਮੀਟਰ ਅਤੇ ਟਿਕਾਣੇ। " "ਸਿੱਧੀ ਸੰਰਚਨਾ ਆਖਿਰੀ ਹੱਲ ਵਜੋਂ ਵਰਤਣੀ ਚਾਹੀਦੀ ਹੈ ਜਦੋਂ ਹੋਰ ਫਾਇਰਵਾਲ-ਡੀ ਫੀਚਰਾਂ ਨੂੰ ਵਰਤਣਾ ਸੰਭਵ ਨਾ " "ਹੋਵੇ।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ਹਰੇਕ ਚੋਣ ਦੇ ipv ਆਰਗੂਮੈਂਟ ਦਾ ipv4 ਜਾਂ ipv6 ਜਾਂ eb ਹੋਣਾ ਹੈ। ipv4 ਨਾਲ ਇਹ iptables ਲਈ " "ਹੋਵੇਗਾ, ipv6 ਨਾਲ ਇਹ ip6tables ਲਈ ਅਤੇ eb ਨਾਲ ਇਹ ਈਥਰਨੈੱਟ ਬਰਿੱਜਾਂ (ebtables) ਲਈ।" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ਨਿਯਮਾਂ ਨਾਲ ਵਰਤਣ ਲਈ ਵਾਧੂ ਲੜੀਆਂ।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ਲੜੀ ਜੋੜੋ" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ਲੜੀ ਸੋਧੋ" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ਲੜੀ ਹਟਾਉ" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ਲੜੀਆਂ" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "ਤਰਜੀਹ ਵਾਲੀ ਇੱਕ ਸਾਰਣੀ ਵਿੱਚ ਲੜੀ ਨਾਲ ਆਰਗੂਮੈਂਟਾਂ args ਨਾਲ ਇੱਕ ਨਿਯਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ਤਰਜੀਹ ਨਿਯਮਾਂ ਨੂੰ ਤਰਤੀਬ ਦੇਣ ਲਈ ਵਰਤੀ ਜਾਂਦੀ ਹੈ। ਤਰਜੀਹ 0 ਦਾ ਮਤਲਬ ਨਿਯਮ ਨੂੰ ਲੜੀ ਵਿੱਚ ਸਿਖਰ ਤੇ " "ਜੋੜੋ, ਵੱਡੀ ਤਰਜੀਹ ਨਾਲ ਨਿਯਮ ਹੋਰ ਥੱਲੇ ਜੋੜੇ ਜਾਣਗੇ। ਇੱਕੋ ਤਰਜੀਹ ਵਾਲੇ ਨਿਯਮ ਇੱਕੋ ਪੱਧਰ ਤੇ ਹਨ ਅਤੇ ਇਹਨਾਂ " "ਨਿਯਮਾਂ ਦੀ ਤਰਤੀਬ ਪੱਕੀ ਨਹੀਂ ਹੈ ਤੇ ਬਦਲ ਸਕਦੀ ਹੈ। ਜੇ ਤੁਸੀਂ ਇਹ ਪੱਕਾ ਕਰਨਾ ਚਾਹੁੰਦੇ ਹੋ ਕਿ ਨਿਯਮ ਇੱਕ " "ਦੂਜੇ ਤੋਂ ਬਾਅਦ ਜੋੜੇ ਜਾਣਗੇ, ਪਹਿਲੇ ਲਈ ਘੱਟ ਅਤੇ ਬਾਅਦ ਵਾਲੇ ਲਈ ਵੱਡੀ ਤਰਜੀਹ ਵਰਤੋ।" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ਨਿਯਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ਨਿਯਮ ਸੋਧੋ" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ਨਿਯਮ ਹਟਾਉ" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ਨਿਯਮ" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ਪਾਸਥਰੂਅ ਨਿਯਮ ਸਿੱਧੇ ਫਾਇਰਵਾਲ ਤੱਕ ਲੰਘਾ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ ਅਤੇ ਖਾਸ ਲੜੀਆਂ ਵਿੱਚ ਨਹੀਂ ਰੱਖੇ ਜਾਂਦੇ। ਸਾਰੀਆਂ " "iptables, ip6tables ਅਤੇ ebtables ਚੋਣਾਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਪਾਸਥਰੂਅ ਨਿਯਮਾਂ ਨਾਲ ਸੁਚੇਤ ਰਹੋ ਕਿਤੇ ਫਾਇਰਵਾਲ ਨੂੰ ਨੁਕਸਾਨ ਨਾ ਪਹੁੰਚੇ।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "ਪਾਸਥਰੂਅ ਜੋੜੋ" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "ਪਾਸਥਰੂਅ ਸੋਧੋ" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "ਪਾਸਥਰੂਅ ਹਟਾਉ" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ਪਾਸਥਰੂਅ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ਤਾਲਾਬੰਦ ਗੁਣ ਫਾਇਰਵਾਲ-ਡੀ ਲਈ ਯੂਜ਼ਰ ਅਤੇ ਐਪਲੀਕੇਸ਼ਨ ਨੀਤੀਆਂ ਦਾ ਹਲਕਾ ਸੰਸਕਰਣ ਹੈ। ਇਹ ਫਾਇਰਵਾਲ-ਡੀ " "ਵਿੱਚ ਬਦਲਾਆਂ ਨੂੰ ਸੀਮਿਤ ਕਰਦਾ ਹੈ। ਤਾਲਾਬੰਦ ਵਾਈ੍ਹਟਲਿਸਟ ਵਿੱਚ ਕਮਾਂਡਾਂ, ਪ੍ਰਸੰਗ, ਯੂਜ਼ਰ ਅਤੇ ਯੂਜ਼ਰ idਆਂ ਹੋ " "ਸਕਦੀਆਂ ਹਨ।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "ਪ੍ਰਸੰਗ ਜੋੜੋ" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "ਪ੍ਰਸੰਗ ਸੋਧੋ" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "ਪ੍ਰਸੰਗ ਹਟਾਉ" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "ਪ੍ਰਸੰਗ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ਜੇ ਵਾਈ੍ਹਟਲਿਸਟ ਤੇ ਕੋਈ ਕਮਾਂਡ ਇੰਦਰਾਜ '*' ਨਾਲ ਖਤਮ ਹੁੰਦਾ ਹੈ, ਤਾਂ ਕਮਾਂਡ ਨਾਲ ਸ਼ੁਰੂ ਹੁੰਦੀਆਂ ਸਾਰੀਆਂ " "ਕਮਾਂਡ ਲਾਈਨਾਂ ਵੀ ਮੇਲ ਖਾਣਗੀਆਂ। ਜੇ '*' ਨਹੀਂ ਲੱਗਾ ਤਾਂ ਕਮਾਂਡ ਆਰਗੂਮੈਂਟਾਂ ਸਮੇਤ ਪੂਰੀ ਤਰ੍ਹਾਂ ਮੇਲ ਖਾਂਦੀ " "ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ਕਮਾਂਡ ਲਾਈਨ ਜੋੜੋ" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ਕਮਾਂਡ ਲਾਈਨ ਸੋਧੋ" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ਕਮਾਂਡ ਲਾਈਨ ਹਟਾਉ" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ਕਮਾਂਡ ਲਾਈਨਾਂ" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ਯੂਜ਼ਰ ਨਾਂ।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ਯੂਜ਼ਰ ਨਾਂ ਜੋੜੋ" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ਯੂਜ਼ਰ ਨਾਂ ਸੋਧੋ" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ਯੂਜ਼ਰ ਨਾਂ ਹਟਾਉ" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ਯੂਜ਼ਰ ਨਾਂ" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ਯੂਜ਼ਰ id-ਆਂ।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ਯੂਜ਼ਰ Id ਜੋੜੋ" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ਯੂਜ਼ਰ Id ਸੋਧੋ" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ਯੂਜ਼ਰ Id ਹਟਾਉ" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ਯੂਜ਼ਰ id-ਆਂ" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ਸਿਸਟਮ ਦਾ ਮੌਜੂਦਾ ਮੂਲ ਜ਼ੋਨ।" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "ਖ਼ਲਬਲੀ ਮੋਡ:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ਤਾਲਾਬੰਦ:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ਮੂਲ ਜ਼ੋਨ:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ਪੋਰਟ ਅਤੇ ਜਾਬਤਾ" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ਪੋਰਟ ਅਤੇ ਜਾਬਤਾ ਦਿਉ ਜੀ।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ਸਿੱਧਾ ਨਿਯਮ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ipv ਅਤੇ ਸਾਰਣੀ, ਲੜੀ ਤਰਜੀਹ ਚੁਣੋ ਅਤੇ ਆਰਗੂਮੈਂਟ ਭਰੋ।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ਤਰਜੀਹ:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਜਾਬਤਾ ਭਰੋ।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ਹੋਰ ਜਾਬਤਾ:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਭਰੋ।" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "ਮੇਜਬਾਨ ਜਾਂ ਨੈੱਟਵਰਕ ਲਈ ਵਾਈ੍ਹਟ ਜਾਂ ਬਲੈਕ-ਲਿਸਟਿੰਗ ਤੱਤ ਨੂੰ ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕਰਦਾ ਹੈ।" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ਸਰੋਤ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ਟਿਕਾਣਾ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ਲੌਗ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ਆਡਿਟ:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ਅਤੇ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ਪਲਟਾਇਆ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ਇਸ ਨੂੰ ਯੋਗ ਕਰਨ ਲਈ ਕਾਰਵਾਈ 'reject' ਅਤੇ ਟੱਬਰ ਜਾਂ ਤਾਂ 'ipv4' ਜਾਂ 'ipv6' (ਦੋਵੇਂ ਨਹੀਂ) ਹੋਵੇ।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ਕਿਸਮ ਨਾਲ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "ਹੱਦ ਨਾਲ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ਅਗੇਤਰ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "ਪੱਧਰ:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ਤੱਤ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ਕਾਰਵਾਈ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ਮੁੱਢਲੀਆਂ ਸੇਵਾ ਸੈਟਿੰਗਾਂ" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ਮੁੱਢਲੀਆਂ ਸੇਵਾ ਸੈਟਿੰਗਾਂ ਸੰਰਚਿਤ ਕਰੋ:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਸੇਵਾ ਚੁਣੋ।" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ਯੂਜ਼ਰ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਯੂਜ਼ਰ id ਭਰੋ।" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਯੂਜ਼ਰ ਨਾਂ ਭਰੋ।" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ਮੂਲ ਜ਼ੋਨ ਸੈਟਿੰਗਾਂ" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ਮੂਲ ਜ਼ੋਨ ਸੈਟਿੰਗਾਂ ਦਿਉ ਜੀ:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ਮੂਲ ਨਿਸ਼ਾਨਾ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ਨਿਸ਼ਾਨਾ:" firewalld-0.8.2/po/te.po0000664007115300711530000021270513641112251016245 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Krishnababu Krothapalli , 2007-2010 # Krishnababu Krothapalli , 2013 # Krishnababu Krothapalli , 2013 # Krishnababu Krothapalli , 2014 # Sree Ganesh , 2006 # Sudheesh Singanamalla , 2013 # Sudheesh Singanamalla , 2013 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:44+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Telugu (http://www.transifex.com/projects/p/firewalld/" "language/te/)\n" "Language: te\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ఫైర్వాల్ ఆప్లెట్" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ఫైర్‌వాల్" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall ఆకృతీకరణ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "ఇంటర్ఫేస్ '%s' కొరకు జోన్ ఎంపికచేయి" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "అప్రమేయ క్షేత్రం" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "అనుసంధానం '%s' కొరకు క్షేత్రం ఎంపికచేయి" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "అప్ / జోన్స్ డౌన్ షీల్డ్స్ కన్ఫిగర్ చెయ్యి" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ఇక్కడ మీరు టాప్ షీల్డ్స్ మరియు డౌన్ షీల్డ్స్ ఉపయోగించే మండలాలు ఎంచుకోవచ్చు." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ఈ ఫీచర్ ఎక్కువగా డిఫాల్ట్ మండలాల్లో ఉపయోగించడం ప్రజలు కోసం ఉపయోగపడుతుంది. వినియోగదారులు కోసం, " "కనెక్షన్ల మండలాలు మారుతున్న, అది పరిమిత వినియోగం కావచ్చు." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "అప్ షీల్డ్స్ జోన్:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "డౌన్ షీల్డ్స్ జోన్:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "షీల్డ్ చేయి" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "నోటిఫికేషన్లను ప్రారంభించు" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ఫైర్వాల్ సెట్టింగ్లను సవరించండి..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "అనుసంధానాల జోన్ మార్చు..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "అప్ / జోన్స్ డౌన్ షీల్డ్స్ కన్ఫిగర్ చెయ్యి..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "అన్నీ నెట్వర్క్ ట్రాఫిక్ నిరోధించు" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "అనుసంధానాలు" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "మూలాలు" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ధృవీకరణ విఫలమైంది." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "చెల్లని ఆర్గుమెంట్ %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "పేరు యిప్పటికే వుంది" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ఫైర్వాల్ డెమోన్ కోసం కనెక్షన్ లేదు" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "నెట్వర్కు ట్రాఫిక్ అంచా నిరోధించబడెను." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "అప్రమేయ జోన్: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ఇంటర్ఫేస్ '{interface}' పైన అనుసంధానం '{connection}' కొరకు జోన్ '{zone}' " "క్రియాశీలపరచబడెను" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ఇంటర్ఫేస్ '{interface}' కొరకు జోన్ '{zone}' క్రియాశీలపరచబడెను" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "జోన్ '{zone}' మూలం {source} కొరకు క్రియాశీలపరచబడెను" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "క్రియాశీల జోన్స్ లేవు." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD కనెక్షన్ స్థాపించబడింది." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD కనెక్షన్ కోల్పోయింది." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD తిరిగిలోడైంది." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "అప్రమేయ జోన్ '%s' కు మార్చబడెను." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "నెట్వర్కు ట్రాఫిక్ నిరోధించబడుటలేదు." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "క్రియాశీలం" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "క్రియాహీనం" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "జోన్ '{zone}' {activated_deactivated} అనుసంధానం '{connection}' కొరకు ఇంటర్ఫేస్ " "'{interface}' పైన" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "జోన్ '{zone}' {activated_deactivated} ఇంటర్ఫేస్ '{interface}' కొరకు" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "జోన్ '%s' ఇంటర్ఫేస్ '%s' కొరకు క్రియాశీలమైంది" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "జోన్ '{zone}' {activated_deactivated} వనరు '{source}' కొరకు" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "జోన్ '%s' మూలం '%s' కొరకు క్రియాశీలమైంది" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "మార్పులు అనువర్తించబడెను." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "నెట్వర్కు అనుసంధానం '%s' చేత వుపయోగించబడింది" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "చేతనమైన" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "అచేతనమైన" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ప్రతిమలు లోడుచేయుటకు విఫలమైంది." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "వాడుకరి పేరు" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "రన్‌టైమ్" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "శాశ్వత" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "సేవ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "పోర్టును" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "చట్టం" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ఈ పోర్ట్‍‌కు" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "పంపవలిసిన చిరునామా" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp రకం" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ఫ్యామిలీ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "చర్య" #: ../src/firewall-config.in:828 msgid "Element" msgstr "మూలకం" #: ../src/firewall-config.in:830 msgid "Src" msgstr "మూలం" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "గమ్యం" #: ../src/firewall-config.in:834 msgid "log" msgstr "లాగ్" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ఆడిట్" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "మూలం" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "హెచ్చిరక" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "దోషము" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ఆమోదించు" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "తిరస్కరించు" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "విడువు" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "పరిమితి" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "సేవ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "పోర్ట్" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ప్రొటోకాల్" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "మాస్క్వరేడ్" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-బ్లాక్" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ఫార్వార్డ్-పోర్ట్" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "స్థాయి" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "అవును" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "జోన్" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "జోన్ '%s': సేవ '%s' అందుబాటులో లేదు." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "తీసివేయి" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "విస్మరించు" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "జోన్ '%s': ICMP రకం '%s' అందుబాటులో లేదు." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "బిల్ట్-ఇన్ జోన్, తిరిగిపేరు పెట్టుటకు తోడ్పాటులేదు." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "క్షణం" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "నిమిషం" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "గంట" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "రోజు" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "అత్యవసర" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "జాగరూకత" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "సంక్లిష్ట" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "దోషం" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "హెచ్చరిక" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "సూచన" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "సమాచారం" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "డీబగ్" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ఇంటర్ఫేస్ మారువేషంలో వుంటేనే వేరొక వ్యవస్థకు పంపుట వుపయోగకరంగా వుంటుంది.\n" "ఈ క్షేత్రాన్ని మారువేషంలో వుంచాలనుకొంటున్నారా?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "బిల్ట్-ఇన్ సేవ, తిరిగిపేరు పెట్టుటకు తోడ్పాటులేదు." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "బిల్ట్-ఇన్ icmp, తిరిగిపేరు పెట్టుటకు తోడ్పాటులేదు." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "మూలం %s కొరకు జోన్ ఎంపికచేయి" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "చిరునామా" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ఆదేశ వరుస ప్రవేశపెట్టండి." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "సందర్భం ప్రవేశ పెట్టండి." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "కింది జాబితా నుండి అప్రమేయ క్షేత్రం ఎంపికచేయండి." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "డైరెక్ట్ చైన్" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "దయచేసి ipv మరియు పట్టిక ఎంపికచేసి చైన్ పేరు ప్రవేశపెట్టుము." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "చైన్:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "రక్షణ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "పట్టిక:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "సూటి పాస్‌త్రూ నియమం" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv ఎంపికచేసి ఆర్గుమెంట్స్ ప్రవేశపెట్టు." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ఆర్గుమెంట్లు:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "పోర్టు ఫార్వార్డింగ్" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "మీ అవసరములకు తగినట్లు ములం మరియు గమ్యం ఐచ్చికాలను దయచేసి ఎంపికచేసికొనుము." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "పోర్టు/పోర్టు పరిమితి:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP చిరునామా:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "చట్టం:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "గమ్యం" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "మీరు స్థానిక ఫార్వార్డింగ్‌ను చేతనం చేస్తే, మీరు పోర్ట్‍‌ను తెలుపవలసి వుంటుంది. మూలం పోర్ట్‍‌కు ఈ పోర్ట్‍ " "భిన్నంగా వుండాలి." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "స్థానిక ఫార్వార్డింగ్" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "వేరొక పోర్ట్‍‌కు పంపుము" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "బోల్డ్ గా వున్న ప్రవేశాలు తప్పనిసరి, మిగతావి అన్నీ ఐచ్చికాలు." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "పేరు:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "వర్షన్:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "షార్ట్:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "వివరణ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ఫ్యామిలి:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ఆధార ICMP రకం అమరికలు" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "దయచేసి ఆధార ICMP రకం అమరికలు ఆకృతీకరించు:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP రకము" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "దయచేసి ICMP రకం యెంపికచేయి" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ప్రవేశమును జతపరచుము" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "దస్త్రం (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ఐచ్చికాలు (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld తిరిగిలోడుచేయి" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ఫైర్‌వాల్ నియమాలు తిరిగిలోడుచేయి. ప్రస్తుత శాశ్వత ఆకృతీకరణ కొత్త రన్‌టైమ్ ఆకృతీకరణగా ఆగును. అనగా తిరిగిలోడు " "చేసే వరకు చేసిన అన్ని రన్‌టైమ్ మార్పులూ శాశ్వత ఆకృతీకరణనందు లేకపోతే తిరిగిలోడు చేయగానే పోతాయి." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "నెట్వర్కు అనుసంధానం ఏ క్షేత్రమునకు చెందునో మార్చుము." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "అప్రమేయ జోన్ మార్చు" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "అనుసంధానాలు లేదా ఇంటర్ఫేసుల కొరకు అప్రమేయ క్షేత్రం మార్చుము." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "పానిక్ రీతి అనగా లోనికివచ్చు మరియు బయటకిపోవు అన్ని పాకెట్లు వదిలివేయబడును." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "పానిక్ రీతి" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "లాక్‌డౌన్ అనునది ఫైర్‌వాల్ ఆకృతీకరణను లాక్ చేయును అలా లాక్‌డౌన్ వైట్‌లిస్ట్ పైని అనువర్తనాలు మాత్రమే దానిని " "మార్చగలవు." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "లాక్‌డౌన్" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "రన్‌టైమ్ ఆకృతీకరణను శాశ్వతం చేయుము" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "రన్‌టైమ్ నుండి శాశ్వతం" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "దర్శించు (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP రకాలు" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "సూటి ఆకృతీకరణ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "లాక్‌డౌన్ వైట్‌లిస్ట్" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "సహాయం (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ఆకృతీకరణ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ప్రస్తుతం దర్శనీయమైన ఆకృతీకరణ. రన్‌టైమ్ ఆకృతీకరణ అనునది యథార్ధ క్రియాశీల ఆకృతీకరణ. శాశ్వత ఆకృతీకరణ " "అనునది సేవ తర్వాత లేదా వ్యవస్థ తిరిగిలోడైన తర్వాత లేదా పునఃప్రారంభం తరువాత క్రియాశీలమగును." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld జోన్ అనునది జోన్‌కు బందనమైన నెట్వర్కు అనుసంధానాలు, ఇంటర్ఫేసులు మరియు మూలపు చిరునామాల " "నమ్మిక స్థాయిను నిర్వచించును. జోన్ అనునది సేవలను, పోర్టులను, ప్రొటోకాల్సును, మాస్క్వారేడింగ్‌ను, పోర్ట్/" "పాకెట్ ఫార్వార్డింగ్‌ను, icmp ఫిల్టర్లను మరియు రిచ్ నియమాలను కలుపును. జోన్ అనునది ఇంటర్ఫేసులకు మరియు " "మూలపు చిరునామాలకు బందనం కాగలదు." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "జోన్ జతచేయి" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "జోన్ సరికూర్చు" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "జోన్ తీసివేయి" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "జోన్ అప్రమేయాలు లోడుచేయి" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "జోన్ నందు ఏ సేవలు నమ్మదగినవో మీరు యిక్కడ నిర్వచించవచ్చు. ఈ జోన్‌కు బందనం అయిన అనుసంధానాలు, " "ఇంటర్ఫేసులు మరియు మూలాల నుండి మిషన్‌ను చేరగల అన్ని అతిధేయలు మరియు నెట్వర్కుల నుండి నమ్మదగిన సేవలు " "ఏక్సెస్ చేయవచ్చు." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "సేవలు" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "మిషన్‌కు అనుసంధానం కాగల అన్ని అతిధేయలు లేదా నెట్వర్కుల నుండి ఏక్సెస్ కావలసిన, పోర్టులు లేదా పోర్టుల " "విస్తృతిని జతచేయి." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ఈ పోర్ట్‍‌కు" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "పోర్ట్ సరికూర్చు" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "పోర్టు తీసివేయి" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "పోర్టులు" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "మీరు అతిధేయ నుగాని లేదా రూటర్ ను గాని మీ స్థానిక నెట్వర్కును ఇంటర్‌నెట్ కు అనుసంధానించుటకు " "మారువేషదారణ ఉపయోగకరంగా ఉంటుంది.మీ స్థానిక నెట్వర్కు కనిపించదు మరియు ఇంటర్‌నెట్ కు ఒక అతిధేయ లాగా " "కనబడుతుంది. మారువేషదారణ IPv4 మాత్రమే." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "మాస్క్వరేడ్ జోన్" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "మీరు మాస్క్వరేడింగ్ చేతనంచేస్తే, ఐపి ఫార్వార్డింగ్ అనునది మీ IPv4 నెట్వర్కుల కొరకు చేతనమగును." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ఒక పర్ట్‍ నుండి వేరక పోర్ట్‍‌కు స్థానిక సిస్టమ్ నందు పంపుటకు లేదా స్థానిక సిస్టమ్ నుండి వేరొక సిస్టమ్‌కు " "పంపుటకు ప్రవేశాలను పోర్ట్స్‍‌కు జతచేయుము. వేరొక సిస్టమ్‌కు పంపుట ఇంటర్‌ఫేస్ మారువేషంలోవుంటేనే " "ఉపయోగకరంగా వుంటుంది. పోర్ట్‍ పంపుట IPv4 మాత్రమే." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ఫార్వార్డ్ పోర్ట్ జతచేయి" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ఫార్వార్డ్ పోర్ట్ సరికూర్చు" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ఫార్వార్డ్ పోర్ట్ తీసివేయి" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రోటోకాల్ (ICMP) ముఖ్యంగా నెట్వర్క్‍‌డ్ కంప్యూటర్స్‍ మద్య దోషపు సందేశాలను " "పంపుటకు ఉపయోగించబడుతుంది, అయితే అదనంగా పింగ్ అభ్యర్దనలు మరియు ప్రత్యుత్తరాలు వంటి సమాచార " "సందేశాలు కు." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "జాబితానందు ICMP రకాలను గుర్తుంచుము, ఏవైతే తిరస్కరించాలో. అన్ని ఇతర ICMP రకములు ఫైర్‌వాల్ దాటుటకు " "అనుమతించబడినవి. అప్రమేయంగా ఏ పరిమితి లేదు." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP వడపోత" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "జోన్ కొరకు ఇక్కడ మీరు రిచ్ భాషా నియమాలను అమర్చవచ్చు." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "రిచ్ నియమం జతచేయి" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "రిచ్ నియమం సరికూర్చు" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "రిచ్ నియమం తీసివేయి" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "రిచ్ నియమాలు" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ఇంటర్ఫేసులను జోన్‌కు బందనం చేయుటకు ప్రవేశాలను జతచేయి. ఒకవేళ ఇంటర్ఫేస్ అనునది అనుసంధానం చేత " "వుపయోగించబడితే, జోన్ అనునది అనుసంధానం నందు తెలిపిన జోన్‌కు అమర్చబడును." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ఇంటర్ఫేస్ జతచేయి" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ఇంటర్ఫేస్ సరికూర్చు" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ఇంటర్ఫేస్ తీసివేయి" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "మూలం జతచేయి" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "మూలం సరికూర్చు" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "మూలం తీసివేయి" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "జోన్స్" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld సేవ అనునది పోర్టులు, ప్రొటోకాల్స్, మాడ్యూళ్ళు మరియు గమ్యపు చిరునామాల సమ్మేళనం." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "సేవ జతచేయి" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "సేవ సరికూర్చు" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "సేవ తీసివేయి" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "సేవా అప్రమేయాలు లోడుచేయి" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ప్రవేశమును సరిచేయుము" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ప్రవేశమును తీసివేయి" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "మాడ్యూళ్ళు" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ఒకవేళ మీరు గమ్యపు చిరునామాలను తెలిపితే, సేవా ప్రవేశం అనునది గమ్యపు చిరునామా మరియు రకమునకు పరిమితం " "అగును. ఒకవేళ రెండు ప్రవేశాలు ఖాళీ అయితే, అప్పుడు ఏ పరిమితి వుండదు." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "సేవలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. సేవల యొక్క రన్‌టైమ్ ఆకృతీకరణ అనునది " "నిర్ధిష్టం." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype అనునది firewalld కొరకు ఇంటర్నెట్ కంట్రోల్ మెసేజ్ ప్రొటోకాల్ (ICMP) కు " "చెందిన సమాచారం ఇచ్చును." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP రకం జతచేయి" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP రకం సరికూర్చు" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP రకం తీసివేయి" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP రకం అప్రమేయాలు లోడుచేయి" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "IPv4 మరియు/లేదా IPv6 కొరకు ఈ ICMP రకం అందుబాటులో వుందో లేదో తెలుపుము." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP రకాలు అనునవి శాశ్వత ఆకృతీకరణ దర్శని నందు మాత్రమే మారగలవు. ICMP రకాల యొక్క రన్‌టైమ్ " "ఆకృతీకరణ అనునది నిర్ధిష్టం." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "సూటి ఆకృతీకరణ అనునది ఫైర్‌వాల్‌కు మరింత సూటిగా ఏక్సెస్ ఇచ్చును. ఈ ఐచ్చికాలు వుపయోగించుటకు వాడుకరికి " "ప్రాథమిక ఐపిపట్టికల విషయాలు తెలవాలి, అనగా పట్టికలు, చైన్స్, ఆదేశాలు, పారామితులు మరియు లక్ష్యాలు. ఇతర " "firewalld విశేషణాలు ఏవీ వుపయోగించుటకు సాధ్యకానప్పుడు మాత్రమే సూటి ఆకృతీకరణను వుపయోగించాలి." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ప్రతి ఐచ్చికం యొక్క ipv ఆర్గుమెంట్ ipv4 లేదా ipv6 లేదా eb కావాలి. ipv4 తో అది ఐపిపట్టికల కొరకు, " "ipv6 కొరకు ఐపి6పట్టికల కొరకు మరియు eb తో ఈథర్నెట్ బ్రిడ్జులు (ఈబిపట్టికలు) కొరకు." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "నియమాలతో వుపయోగించుటకు అదనపు చైన్స్." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "చైన్ జతచేయి" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "చైన్ సరికూర్చు" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "చైన్ తీసివేయి" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "చైన్స్" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "పట్టిక నందలి చైన్‌కు ప్రాముఖ్యతతో ఆర్గుమెంట్స్ args వుపయోగించి నియమం జతచేయి." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ఆర్డర్ నియమాలను వుపయోగించటమే ప్రాముఖ్యం. ప్రాముఖ్యత 0 అనగా నియమాన్ని చైన్ పైన జతచేయమని, అత్యధిక " "ప్రాముఖ్యతతో నియమం అనునది ఇంకా కిందకు చేర్చబడును. ఒకే ప్రాముఖ్యతతో వున్న నియమాలు ఒకే స్థాయిలో వుంటాయి " "మరియు ఈ నియమాల క్రమం నిర్దిష్టంకాదు మారవచ్చు. ఒకదాని తరువాత మళ్ళీ ఒక నియమం జతచేయబడును అనేది " "నిర్థారించుకొనుటకు, ఒకదానికి తక్కువ ప్రాముఖ్యత ఇచ్చి తరువాతదానికి ఎక్కువ ప్రాముఖ్యత ఇవ్వండి." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "నియమం జతచేయి" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "నియమం సరికూర్చు" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "నియమం తీసివేయి" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "నియమాలు" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "పాస్‌త్రూ నియమాలు అనునవి నేరుగా ఫైర్‌వాల్‌కు పంపుబడును మరియు ప్రత్యేక చైన్స్ నందు వుంచబడవు. అన్ని " "ఐపిపట్టికలు, ఐపి6పట్టికలు మరియు ఈబిపట్టికల ఐచ్చికాలు వుపయోగించవచ్చు." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ఫైర్‌వాల్‌కు నష్టంవాటిల్లకుండా వుండుటకు పాస్‌త్రూ నియమాలతో జాగ్రత్తగా వుండండి." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "పాస్‌త్రూ జతచేయి" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "పాస్‌త్రూ సరికూర్చు" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "పాస్‌త్రూ తీసివేయి" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "పాస్‌త్రూ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "లాక్‌డౌన్ విశేషణం అనునది firewalld కొరకు వాడుకరి మరియు అనువర్తనం విధానాల లైట్ వర్షన్. ఇది మార్పులను " "ఫైర్‌వాల్‌కు పరిమితం చేయును. లాక్‌డౌన్ వైట్‌లిస్ట్ అనునది ఆదేశాలను, సందర్భాలను, వాడుకరులను మరియు వాడుకరి " "ఐడిలను కలిగివుండవచ్చు." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "సందర్భం జతచేయి" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "సందర్భం సరికూర్చు" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "సందర్భం తీసివేయి" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "సందర్భాలు" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "వైట్‌లిస్ట్ పైన ఆదేశం ప్రవేశం ఏస్ట్రిక్ '*' తో ముగిస్తే, అప్పుడు ఆ ఆదేశంతో ప్రారంభమయ్యే అన్ని ఆదేశ " "వరుసలు సరిపోలును. ఒకవేళ '*' లేకపోతే అప్పుడు ఆదేశం అనునది ఆర్గుమెంట్లతో సహా ఖచ్చితంగా సరిపోలాలి." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ఆదేశ వరుస జతచేయి" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ఆదేశ వరుస సరికూర్చు" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ఆదేశ వరుస తీసివేయి" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ఆదేశ వరుసలు" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "వాడుకరి పేరులు." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "వాడుకరి పేరు జతచేయి" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "వాడుకరి పేరు జతచేయి" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "వాడుకరి పేరు తీసివేయి" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "వాడుకరి పేరులు" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "వాడుకరి ఐడిలు." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "వాడుకరి ఐడి జతచేయి" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "వాడుకరి ఐడి సరికూర్చు" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "వాడుకరి ఐడి తీసివేయి" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "వాడుకరి ఐడిలు" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "వ్యవస్థ యొక్క ప్రస్తుత అప్రమేయ జోన్." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "పానిక్ మోడ్:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "లాక్‌డౌన్:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "అప్రమేయ జోన్:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "పోర్ట్‍ మరియు నియమం" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "దయచేసి పోర్ట్ మరియు ప్రొటోకాల్ ప్రవేశపెట్టండి." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "సూటి నియమం" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "దయచేసి ipv మరియు పట్టిక, చైన్ ప్రాముఖ్యత ఎంపికచేసి ఆర్గుమెంట్లు ప్రవేశపెట్టు." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ప్రాముఖ్యత:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "దయచేసి ప్రొటోకాల్ ప్రవేశపెట్టండి." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ఇతర ప్రొటోకాల్:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "రిచ్ నియమం" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "దయచేసి రిట్ నియమం ప్రవేశపెట్టండి." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "అతిధేయ లేదా నెట్వర్కునకు వైట్ లేదా బ్లాక్‌లిస్టింగ్ అనునది మూలకం క్రియాహీనం చేయును." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "మూలం:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "గమ్యం:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "లాగ్:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ఆడిట్:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 మరియు ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "తిరగతిప్పిన" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "దీనిని చేతనం చేయుటకు చర్య అనేది 'తిరస్కరించు' అవ్వాలి మరియు ఫ్యామిలీ 'ipv4' లేదా 'ipv6' అవ్వాలి " "(రెండూ కాదు)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "రకం తో:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "పరిమితి తో:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ప్రిఫిక్స్:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "స్థాయి:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "మూలకం:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "చర్య:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ప్రాధమిక సేవ అమరికలు" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "దయచేసి ప్రాధమిక సేవ అమరికలు ఆకృతీకరించు:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "దయచేసి సేవను ఎంపికచేయి." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "వాడుకరి ఐడి" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "దయచేసి వాడుకరి ఐడిను ప్రవేశపెట్టుము." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "దయచేసి వాడుకరి పేరు ప్రవేశపెట్టుము." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ఆధార జోన్ అమరికలు" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "దయచేసి ఆధార జోన్ అమరికలు ఆకృతీకరించు:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "అప్రమేయ లక్ష్యం" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "లక్ష్యం:" firewalld-0.8.2/po/ca.po0000664007115300711530000017177313641112250016230 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Angels Sala , 2004 # Josep Puigdemont , 2004-2006 # Josep Sànchez , 2010 # Josep Sànchez , 2010 # Pedro , 2005 # Robert Antoni Buj i Gelonch, 2014 # Xavier Conde Rueda , 2009 # Robert Antoni Buj Gelonch , 2015. #zanata # Robert Antoni Buj Gelonch , 2016. #zanata # Eric Garver , 2017. #zanata # Robert Antoni Buj Gelonch , 2017. #zanata # Robert Antoni Buj Gelonch , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-08-20 10:43+0000\n" "Last-Translator: Robert Antoni Buj Gelonch \n" "Language-Team: Catalan (http://www.transifex.com/projects/p/firewalld/" "language/ca/)\n" "Language: ca\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Miniaplicació del tallafoc" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Tallafoc" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuració del tallafoc" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "tallafoc;xarxa;seguretat;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecciona la zona per a la interfície «%s»" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona predeterminada" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecciona la zona per a la connexió «%s»" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "No s'ha pogut establir la zona {zone} per a la connexió {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Selecciona la zona per a l'origen «%s»" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configura les zones d'escuts aixecats/baixats" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Aquí podeu seleccionar les zones utilitzades per als escuts aixecats i " "escuts abaixats." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Aquesta funció és útil per a la gent que utilitza majoritàriament les zones " "predeterminades. Per als usuaris que canvien les zones de les connexions " "haurien de fer-ne un ús limitat." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zona d'escuts aixecats:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Restableix al predeterminat" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zona d'escuts abaixats:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Quant a %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autors" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Llicència" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Escuts aixecats" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Habilita les notificacions" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Edita els ajusts del tallafoc..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Canvia les zones de les connexions..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configura les zones d'escuts aixecats/baixats..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloqueja tot el trànsit de xarxa" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Quant a" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Connexions" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfícies" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Orígens" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentificació fallida." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "El nom no és vàlid" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "El nom ja existeix" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (zona predeterminada: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "No s'ha pogut obtenir les connexions de NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Sense importacions disponibles de NetworkManager" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Sense connexió al dimoni del tallafoc" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Tot el trànsit de xarxa està bloquejat." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Zona predeterminada: «%s»" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "La zona predeterminada '{default_zone}' està activa per a la connexió " "'{connection}' en la interfície '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "La zona '{zone}' es troba activa per a la connexió '{connection}' en la " "interfície '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "La zona '{zone}' es troba activa per a la interfície '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "La zona '{zone}' es troba activa per a l'origen {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Sense zones actives." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "S'ha establert la connexió amb FirewallD." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "S'ha perdut la connexió amb FirewallD." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "S'ha tornat a carregar FirewallD." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "La zona predeterminada ha estat canviada a «%s»." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "El trànsit de xarxa ja no està bloquejat." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "activat" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "desactivat" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "La zona predeterminada '{default_zone}' {activated_deactivated} per a la " "connexió '{connection}' en la interfície '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} per a la connexió '{connection}' en la " "interfície '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} per a la interfície '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "La zona «%s» es va activar per a la interfície «%s»" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} per a l'origen '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "La zona «%s» es va activar per a l'origen «%s»" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "S'ha establert la connexió amb firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "S'està intentant connectar amb firewalld, a l'espera..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "No s'ha pogut connectar a firewalld. Assegureu-vos que el servei s'ha " "iniciat correctament i torneu-ho a intentar." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "S'han aplicat els canvis." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "És utilitzat en la connexió de xarxa «%s»" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "La zona predeterminada que s'utilitza en la connexió de xarxa «%s»" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "habilitat" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "inhabilitat" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "S'ha produït un error en la càrrega de les icones." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Context" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Línia d'ordres" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nom d'usuari" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Id. d'usuari" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Taula" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Encadenament" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritat" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Arguments" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Temps d'execució" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servei" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Cap al port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Cap a l'adreça" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vincles" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrada" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipus d'icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Família" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Acció" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Origen" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Destí" #: ../src/firewall-config.in:834 msgid "log" msgstr "enregistra" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Revisa" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfície" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comentari" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Origen" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Advertència" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accepta" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rebutja" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "descarta" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marca" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "límit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servei" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "emmascarament" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "bloqueig-icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "reenviament-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "port-origen" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivell" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sí" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Zona predeterminada: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona «%s»: El servei «%s» no està disponible." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Suprimeix" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignora" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona «%s»: El tipus d'ICMP «%s» no està disponible." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Zona integrada, no es permet el canvi de nom." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segons" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuts" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hores" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dies" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergència" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crític" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "advertència" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notificació" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informació" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "depuració" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "El reenviament a un altre sistema tan sols és útil si la interfície de xarxa " "està emmascarada.\n" "Voleu emmascarar aquesta zona?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Servei integrat, no es permet el canvi de nom." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Si us plau, introduïu una adreça ipv4 de la forma adreça[/màscara]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "La màscara pot ser una màscara de xarxa o un número." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Si us plau, introduïu una adreça ipv6 de la forma adreça[/màscara]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "La màscara és un número." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Si us plau, introduïu una adreça ipv4 o ipv6 de la forma adreça[/màscara]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "La màscara pot ser una màscara de xarxa o un número per a ipv4.\n" "La màscara és un número per a ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "ipset integrat, no es permet el canvi de nom." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Seleccioneu un fitxer" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Fitxers de text" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Tots els fitxers" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tot" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Ajudant incrustat, el canvi de nom no està admès." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "ICMP integrat, no es permet el canvi de nom." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "No s'ha pogut llegir el fitxer «%s»: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Selecciona la zona per a l'origen %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adreça" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Ajudants automàtics" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Ajusts dels ajudants automàtics:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Introduïu la línia d'ordres." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Introduïu el context." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Seleccioneu la zona predeterminada de la llista de sota." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Encadenament directe" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Seleccioneu l'ipv i la taula i introduïu el nom de l'encadenament." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Encadenament:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "en cru" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "seguretat" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Taula:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regla de traspàs directe" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Seleccioneu l'ipv i introduïu els arguments." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Arguments:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Reenviament de ports" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Seleccioneu les opcions d'origen i de destí segons les vostres necessitats." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port o interval de ports:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Adreça IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destinació" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Si habiliteu el reenviament local, heu d'especificar un port. Aquest port ha " "de ser diferent del port origen." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Reenviament local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reenvia a un altre port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Ajusts de l'ajudant automàtic" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configureu els ajusts de l'ajudant automàtic:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Les entrades en negreta són obligatòries, i les altres són opcionals." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nom:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versió:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Resum:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descripció:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Família:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Mòdul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Ajudant" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Seleccioneu un ajudant:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Base dels ajusts del tipus d'ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configureu la base dels ajusts del tipus d'ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipus d'ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Seleccioneu un tipus d'ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Afegeix una entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Afegeix entrades des d'un fitxer" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Suprimeix l'entrada seleccionada" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Suprimeix totes les entrades" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Suprimeix entrades des d'un fitxer" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fitxer" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opcions" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recarrega Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recarrega les regles del tallafoc. La configuració permanent actual es " "convertirà en la nova configuració temps d'execució. P. ex. tots els canvis " "que s'hagin fet en el temps d'execució fins a la nova recàrrega es perdran, " "sí no s'han fet també en la configuració permanent." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Canvia la zona a la qual pertany una connexió de xarxa." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Canvia la zona predeterminada" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" "Canvia la zona predeterminada per a les connexions o per a les interfícies." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Canvia la denegació de l'enregistrament" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Canvia el valor de la denegació de l'enregistrament." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configura l'assignació de l'ajudant automàtic" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configura l'establiment de l'assignació de l'ajudant automàtic." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "El mode pànic significa que tots els paquets d'entrada i de sortida són " "descartats." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Mode pànic" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "El confinament bloqueja la configuració del tallafoc, d'aquesta manera " "únicament les aplicacions en la llista blanca del confinament poden canviar-" "ho." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Confinament" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Fes permanent la configuració temps d'execució" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Temps d'execució a permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Visualitza" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipus d'ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Ajudants" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuració directa" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Llista blanca de confinaments" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Vincles actius" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "A_juda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Canvia la zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "canvia la zona del vincle" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Oculta els vincles actius en temps d'execució a les zones, de les " "connexions, de les interfícies i dels orígens." #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Mostra els vincles actius en temps d'execució a les zones, de les " "connexions, de les interfícies i dels orígens." #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuració:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "La configuració actualment visible. La configuració en temps d'execució és " "la configuració que realment està activa. La configuració permanent serà la " "configuració activa després que el servei o el sistema es torni a carregar o " "iniciar." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Una zona firewalld defineix el nivell de confiança per a les connexions de " "xarxa, les interfícies i les adreces enllaçades a la zona. La zona combina " "serveis, ports, protocols, emmascarament, reenviament de ports/paquets, " "filtres icmp i regles d'enriquiment. La zona pot ser enllaçada a interfícies " "i adreces d'origen." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Afegeix una zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Edita la zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Suprimeix la zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carrega els valors predeterminats de la zona" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aquí podeu definir quins són els serveis de confiança de la zona. Els " "serveis de confiança són accessibles des de tots els amfitrions i xarxes que " "puguin aconseguir connectar-se amb la màquina, les interfícies i els orígens " "enllaçats en aquesta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Serveis" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Afegiu els ports o els intervals de ports addicionals que hagin de ser " "accessibles per a tots els amfitrions o xarxes perquè es puguin connectar " "amb la màquina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Afegeix un port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edita el port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Suprimeix el port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Afegiu els protocols que hagin de ser accessibles per a tots els amfitrions " "o xarxes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Afegeix un protocol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Afegeix el protocol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Suprimeix el protocol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocols" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Afegiu els ports o els intervals de ports addicionals d'origen que hagin de " "ser accessibles per a tots els amfitrions o xarxes perquè es puguin " "connectar amb la màquina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Ports d'origen" # translation auto-copied from project firewalld, version RHEL-7, document po/firewalld, author Robert Antoni Buj Gelonch #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "L'emmascarament us permet configurar un amfitrió o encaminador que connecta " "la vostra xarxa local a Internet. La vostra xarxa local no serà visible i " "els amfitrions apareixeran com una simple adreça en Internet. " "L'emmascarament únicament es pot utilitzar amb IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona emmascarada" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Si habiliteu l'emmascarament, el reenviament IP estarà habilitat en les " "vostres xarxes IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Emmascarament" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Afegiu entrades per reenviar ports o bé des d'un port cap a un altre del " "sistema local o bé des del sistema local cap a un altre sistema. El " "reenviament a un altre sistema és útil només si la interfície està " "emmascarada. El reenviament de ports únicament es pot utilitzar amb IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Afegeix un reenviament de port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edita el reenviament de port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Suprimeix el reenviament de port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP (Internet Control Message Protocol) s'utilitza principalment per enviar " "els missatges d'error entre ordinadors en xarxa, però addicionalment per als " "missatges d'informació com ara sol·licituds i respostes del ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marqueu a la llista els tipus d'ICMP que han de rebutjar-se. Tots els altres " "tipus d'ICMP tenen permès passar pel tallafoc. Per defecte no hi ha cap " "limitació." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Si s'habilita Inverteix el filtre, s'accepten les entrades ICMP marcades i " "es rebutgen les altres. En una zona amb l'objectiu DROP, es deixen caure." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Inverteix el filtre" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtre ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" "Aquí podeu establir les regles del llenguatge d'enriquiment per a la zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Afegeix una regla d'enriquiment" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Edita la regla d'enriquiment" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Suprimeix la regla d'enriquiment" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regles d'enriquiment" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Afegiu entrades per crear un vincle entre les interfícies i la zona. Si la " "interfície serà utilitzada per una connexió, la zona s'establirà a la zona " "indicada en la connexió." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Afegeix una interfície" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Edita la interfície" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Suprimeix la interfície" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Afegiu entrades per crear un vincle entre les adreces d'origen o àrees amb " "la zona. Podeu crear un vincle a una adreça d'origen MAC, però amb " "limitacions. El reenviament de ports i l'emmascarat no funcionarà per als " "vincles d'origen MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Afegeix un origen" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Edita l'origen" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Suprimeix l'origen" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un servei firewalld és una combinació de ports, protocols, mòduls i adreces " "de destinació." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Afegeix un servei" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Edita el servei" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Suprimeix el servei" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carrega els valors predeterminats del servei" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Afegiu els ports o els intervals de ports addicionals que hagin de ser " "accessibles per a tots els amfitrions o xarxes." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Edita l'entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Suprimeix l'entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Afegiu els ports o els intervals de ports addicionals d'origen que hagin de " "ser accessibles per a tots els amfitrions o xarxes." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Port d'origen" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Alguns serveis necessiten els mòduls de l'ajudant de Netfilter." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Mòduls" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Si especifiqueu una adreça de destinació, l'entada del servei estarà " "limitada a l'adreça de destinació i al tipus. Si ambdues entrades estan " "buides, aleshores no hi ha cap limitació." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Els serveis es poden canviar únicament en la vista de configuració " "permanent. La configuració en temps d'execució dels serveis és fixa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Un IPSet pot utilitzar-se per crear llistes blanques o negres, és capaç " "d'emmagatzemar per exemple les adreces IP, els números dels ports o les MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Afegeix un IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Edita l'IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Suprimeix l'IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Carrega els valors predeterminats d'IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Les entrades de l'IPSet. Únicament podreu veure les entrades dels ipsets que " "no estiguin utilitzant l'opció de temps d'expiració, i també únicament " "aquelles entrades que hagin estat afegides amb firewalld. Aquí no es " "llistaran aquelles entrades que s'hagin afegit directament amb l'ordre ipset." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Aquest IPSet utilitza l'opció de temps d'expiració, per tant aquí no hi ha " "cap entrada visible. Les entrades s'han de supervisar directament amb " "l'ordre ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Afegeix" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entrades" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Els IPSets únicament es poden crear en la vista de configuració permanent." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Un firewalld icmptype proporciona la informació per un tipus d'ICMP " "(Internet Control Message Protocol) per a firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Afegeix un tipus d'ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edita el tipus d'ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Suprimeix el tipus d'ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carrega els valor predeterminats d'ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especifiqueu si aquest tipus d'ICMP està disponible per IPv4 i/o IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Els tipus d'ICMP únicament es poden canviar en la vista de configuració " "permanent. La configuració dels tipus d'ICMP en temps d'execució és fixa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Un ajudant de seguiment de connexió ajuda a fer que funcionin els protocols " "que utilitzen diferents fluxos per a la senyalització i les transferències " "de dades. Les transferències de dades utilitzen ports que no estan " "relacionats amb la senyalització de la connexió, per tant, sense l'ajudant " "són bloquejades pel tallafoc." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Defineix els ports o els intervals de ports els quals estan monitorats per " "l'ajudant." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configuració directa dóna un accés més directe al tallafoc. Aquestes " "opcions requereixen que l'usuari conegui conceptes bàsics d'iptables, com " "taules, encadenaments, ordres, paràmetres i destinacions. La configuració " "directa ha d'utilitzar-se únicament com a últim recurs quan no és possible " "utilitzar les altres funcions de firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "L'argument ipv de cada opció ha de ser ipv4, ipv6 o eb. Amb ipv4 " "s'utilitzarà en iptables, amb ipv6 en ip6tables, i amb eb per als ponts de " "xarxa (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Encadenaments addicionals per utilitzar amb regles." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Afegeix un encadenament" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edita l'encadenament" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Suprimeix l'encadenament" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Encadenament" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Afegiu una regla amb arguments a un encadenament en una taula amb una " "prioritat." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La prioritat s'utilitza per ordenar les regles. Una prioritat 0 significa " "que s'afegeix al principi de l'encadenament, amb una prioritat superior la " "regla serà afegida per sota. Les regles amb la mateixa prioritat estan en el " "mateix nivell i l'ordre d'aquestes regles no es fixa i pot canviar. Si voleu " "assegurar-vos que una regla sigui afegida després d'una altra, utilitzeu una " "prioritat inferior per a la primera i superior per a la següent." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Afegeix una regla" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Edita la regla" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Suprimeix la regla" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regles" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Les regles de traspàs passen directament a través tallafoc i no es " "col·loquen en encadenaments especials. Es poden fer ús de totes les opcions " "d'iptables, d'ip6tables i d'ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Aneu amb compte amb les regles de traspàs per no danyar el tallafoc." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Afegeix un traspàs" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Edita el traspàs" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Suprimeix el traspàs" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Traspàs" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La funció de confinament és una versió lleugera de les polítiques d'usuari i " "aplicació per a firewalld. Limita els canvis al tallafoc. La llista blanca " "de confinaments pot contenir ordres, contexts, usuaris i id. d'usuaris." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Aquest context és el context de seguretat (SELinux) d'una aplicació o servei " "en execució. Per obtenir el context d'una aplicació en execució, utilitzeu " "ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Afegeix un context" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Edita el context" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Suprimeix el context" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contexts" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Si l'entrada d'una ordre en una llista blanca acaba amb '*', aleshores totes " "les línies d'ordres que comencin amb la comanda coincidiran. Si no hi ha '*' " "els arguments inclusius de la comanda absoluta han de coincidir." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Afegeix una línia d'ordres" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Edita la línia d'ordres" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Suprimeix la línia d'ordres" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Línies d'ordres" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Els noms d'usuaris." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Afegeix un nom d'usuari" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Edita el nom d'usuari" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Suprimeix el nom d'usuari" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Noms d'usuaris" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Id. d'usuaris" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Afegeix un Id. d'usuari" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Edita l'Id. d'usuari" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Suprimeix l'Id. d'usuari" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Id. d'usuaris" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "L'actual zona predeterminada del sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Denegació de l'enregistrament:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Mode pànic:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Ajudants automàtics:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Confinament:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona predeterminada:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Introduïu el nom d'una interfície:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Base dels ajusts d'IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configureu la base dels ajusts d'ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipus:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Temps d'expiració:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Mida del hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Nombre màxim d'elements:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valor del temps d'expiració en segons" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "mida del hash inicial, per defecte és 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Nombre màxim d'elements, per defecte és 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Seleccioneu un ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Introduïu una entrada ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Denegació de l'enregistrament" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Seleccioneu el valor de la denegació de l'enregistrament:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marca" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Introduïu una marca amb una màscara opcional." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "El camp de la marca i el camp de la màscara són nombres sense signe de 32 " "bits d'amplada." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marca:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Màscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Seleccioneu un ajudant conntrack de netfilter:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecciona -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Altres mòduls:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port i protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Introduïu el port i el protocol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regla directa" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Seleccioneu l'ipv i la taula, la prioritat de l'encadenament i introduïu els " "arguments." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritat:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Introduïu un protocol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Un altre protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regla d'enriquiment" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Introduïu una regla d'enriquiment." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Per a l'amfitrió o la xarxa en la llista blanca o en la llista negra " "desactiva l'element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origen:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destinació:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Enregistra:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Revisa:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 i ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverteix" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Per habilitar-ho l'acció ha de ser «rebutja» i la família «ipv4» o " "«ipv6» (no ambdós)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "amb tipus:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Amb un límit de:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nivell:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Acció:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Base dels ajusts del servei" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configureu la base dels ajusts del servei:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Seleccioneu un servei." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Introduïu un origen." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Id. d'usuari" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Especifiqueu l'id. d'usuari." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Introduïu el nom d'usuari." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiqueta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Base dels ajusts de la zona" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Configureu la base dels ajusts de la zona:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destinació predeterminada" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destinació:" firewalld-0.8.2/po/POTFILES.in0000664007115300711530000002123013620317435017051 0ustar00egarveregarver00000000000000config/firewall-applet.desktop.in config/firewall-config.desktop.in config/icmptypes/address-unreachable.xml config/icmptypes/bad-header.xml config/icmptypes/beyond-scope.xml config/icmptypes/communication-prohibited.xml config/icmptypes/destination-unreachable.xml config/icmptypes/echo-reply.xml config/icmptypes/echo-request.xml config/icmptypes/failed-policy.xml config/icmptypes/fragmentation-needed.xml config/icmptypes/host-precedence-violation.xml config/icmptypes/host-prohibited.xml config/icmptypes/host-redirect.xml config/icmptypes/host-unknown.xml config/icmptypes/host-unreachable.xml config/icmptypes/ip-header-bad.xml config/icmptypes/neighbour-advertisement.xml config/icmptypes/neighbour-solicitation.xml config/icmptypes/network-prohibited.xml config/icmptypes/network-redirect.xml config/icmptypes/network-unknown.xml config/icmptypes/network-unreachable.xml config/icmptypes/no-route.xml config/icmptypes/packet-too-big.xml config/icmptypes/parameter-problem.xml config/icmptypes/port-unreachable.xml config/icmptypes/precedence-cutoff.xml config/icmptypes/protocol-unreachable.xml config/icmptypes/redirect.xml config/icmptypes/reject-route.xml config/icmptypes/required-option-missing.xml config/icmptypes/router-advertisement.xml config/icmptypes/router-solicitation.xml config/icmptypes/source-quench.xml config/icmptypes/source-route-failed.xml config/icmptypes/time-exceeded.xml config/icmptypes/timestamp-reply.xml config/icmptypes/timestamp-request.xml config/icmptypes/tos-host-redirect.xml config/icmptypes/tos-host-unreachable.xml config/icmptypes/tos-network-redirect.xml config/icmptypes/tos-network-unreachable.xml config/icmptypes/ttl-zero-during-reassembly.xml config/icmptypes/ttl-zero-during-transit.xml config/icmptypes/unknown-header-type.xml config/icmptypes/unknown-option.xml config/org.fedoraproject.FirewallD1.desktop.policy.in config/org.fedoraproject.FirewallD1.server.policy.in config/services/amanda-client.xml config/services/amanda-k5-client.xml config/services/amqps.xml config/services/amqp.xml config/services/apcupsd.xml config/services/audit.xml config/services/bacula-client.xml config/services/bacula.xml config/services/bb.xml config/services/bgp.xml config/services/bitcoin-rpc.xml config/services/bitcoin-testnet-rpc.xml config/services/bitcoin-testnet.xml config/services/bitcoin.xml config/services/bittorrent-lsd.xml config/services/ceph-mon.xml config/services/ceph.xml config/services/cfengine.xml config/services/cockpit.xml config/services/condor-collector.xml config/services/ctdb.xml config/services/dhcpv6-client.xml config/services/dhcpv6.xml config/services/dhcp.xml config/services/distcc.xml config/services/dns-over-tls.xml config/services/dns.xml config/services/docker-registry.xml config/services/docker-swarm.xml config/services/dropbox-lansync.xml config/services/elasticsearch.xml config/services/etcd-client.xml config/services/etcd-server.xml config/services/finger.xml config/services/freeipa-4.xml config/services/freeipa-ldaps.xml config/services/freeipa-ldap.xml config/services/freeipa-replication.xml config/services/freeipa-trust.xml config/services/ftp.xml config/services/ganglia-client.xml config/services/ganglia-master.xml config/services/git.xml config/services/grafana.xml config/services/gre.xml config/services/high-availability.xml config/services/https.xml config/services/http.xml config/services/imaps.xml config/services/imap.xml config/services/ipp-client.xml config/services/ipp.xml config/services/ipsec.xml config/services/ircs.xml config/services/irc.xml config/services/iscsi-target.xml config/services/isns.xml config/services/jenkins.xml config/services/kadmin.xml config/services/kdeconnect.xml config/services/kerberos.xml config/services/kibana.xml config/services/klogin.xml config/services/kpasswd.xml config/services/kprop.xml config/services/kshell.xml config/services/kube-apiserver.xml config/services/ldaps.xml config/services/ldap.xml config/services/libvirt-tls.xml config/services/libvirt.xml config/services/lightning-network.xml config/services/llmnr.xml config/services/managesieve.xml config/services/matrix.xml config/services/mdns.xml config/services/memcache.xml config/services/minidlna.xml config/services/mongodb.xml config/services/mosh.xml config/services/mountd.xml config/services/mqtt-tls.xml config/services/mqtt.xml config/services/mssql.xml config/services/ms-wbt.xml config/services/murmur.xml config/services/mysql.xml config/services/nfs3.xml config/services/nfs.xml config/services/nmea-0183.xml config/services/nrpe.xml config/services/ntp.xml config/services/nut.xml config/services/openvpn.xml config/services/ovirt-imageio.xml config/services/ovirt-storageconsole.xml config/services/ovirt-vmconsole.xml config/services/plex.xml config/services/pmcd.xml config/services/pmproxy.xml config/services/pmwebapis.xml config/services/pmwebapi.xml config/services/pop3s.xml config/services/pop3.xml config/services/postgresql.xml config/services/privoxy.xml config/services/prometheus.xml config/services/proxy-dhcp.xml config/services/ptp.xml config/services/pulseaudio.xml config/services/puppetmaster.xml config/services/quassel.xml config/services/radius.xml config/services/rdp.xml config/services/redis-sentinel.xml config/services/redis.xml config/services/RH-Satellite-6.xml config/services/rpc-bind.xml config/services/rsh.xml config/services/rsyncd.xml config/services/rtsp.xml config/services/salt-master.xml config/services/samba-client.xml config/services/samba-dc.xml config/services/samba.xml config/services/sane.xml config/services/sips.xml config/services/sip.xml config/services/slp.xml config/services/smtp-submission.xml config/services/smtps.xml config/services/smtp.xml config/services/snmptrap.xml config/services/snmp.xml config/services/spideroak-lansync.xml config/services/spotify-sync.xml config/services/squid.xml config/services/ssdp.xml config/services/ssh.xml config/services/steam-streaming.xml config/services/svdrp.xml config/services/svn.xml config/services/syncthing-gui.xml config/services/syncthing.xml config/services/synergy.xml config/services/syslog-tls.xml config/services/syslog.xml config/services/telnet.xml config/services/tentacle.xml config/services/tftp-client.xml config/services/tftp.xml config/services/tile38.xml config/services/tinc.xml config/services/tor-socks.xml config/services/transmission-client.xml config/services/upnp-client.xml config/services/vdsm.xml config/services/vnc-server.xml config/services/wbem-https.xml config/services/wbem-http.xml config/services/wsmans.xml config/services/wsman.xml config/services/xdmcp.xml config/services/xmpp-bosh.xml config/services/xmpp-client.xml config/services/xmpp-local.xml config/services/xmpp-server.xml config/services/zabbix-agent.xml config/services/zabbix-server.xml config/zones/block.xml config/zones/dmz.xml config/zones/drop.xml config/zones/external.xml config/zones/home.xml config/zones/internal.xml config/zones/public.xml config/zones/trusted.xml config/zones/work.xml src/firewall-applet.in src/firewall/client.py src/firewall-cmd.in src/firewall/command.py src/firewall-config.in src/firewall/config/dbus.py src/firewall-config.glade src/firewall/core/base.py src/firewall/core/ebtables.py src/firewall/core/fw_config.py src/firewall/core/fw_direct.py src/firewall/core/fw_helper.py src/firewall/core/fw_icmptype.py src/firewall/core/fw_ifcfg.py src/firewall/core/fw_ipset.py src/firewall/core/fw_nm.py src/firewall/core/fw_policies.py src/firewall/core/fw.py src/firewall/core/fw_service.py src/firewall/core/fw_transaction.py src/firewall/core/fw_zone.py src/firewall/core/helper.py src/firewall/core/icmp.py src/firewall/core/__init__.py src/firewall/core/io/direct.py src/firewall/core/io/firewalld_conf.py src/firewall/core/io/functions.py src/firewall/core/io/helper.py src/firewall/core/io/icmptype.py src/firewall/core/io/ifcfg.py src/firewall/core/io/__init__.py src/firewall/core/io/io_object.py src/firewall/core/io/ipset.py src/firewall/core/io/lockdown_whitelist.py src/firewall/core/io/service.py src/firewall/core/io/zone.py src/firewall/core/ipset.py src/firewall/core/ipXtables.py src/firewall/core/logger.py src/firewall/core/modules.py src/firewall/core/nftables.py src/firewall/core/prog.py src/firewall/core/rich.py src/firewall/core/watcher.py src/firewalld.in src/firewall/dbus_utils.py src/firewall/errors.py src/firewall/functions.py src/firewall/fw_types.py src/firewall/__init__.py src/firewall-offline-cmd.in src/firewall/server/config_helper.py src/firewall/server/config_icmptype.py src/firewall/server/config_ipset.py src/firewall/server/config.py src/firewall/server/config_service.py src/firewall/server/config_zone.py src/firewall/server/decorators.py src/firewall/server/firewalld.py src/firewall/server/__init__.py src/firewall/server/server.py firewalld-0.8.2/po/nl.po0000664007115300711530000016564113641112251016254 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Bart Couvreur , 2007 # Geert Warrink , 2009-2014 # Richard E. van der Luit , 2009-2010 # Taco Witte , 2002 # Tino Meinen , 2002-2003 # Geert Warrink , 2015. #zanata # Geert Warrink , 2016. #zanata # Geert Warrink , 2017. #zanata # Eric Garver , 2018. #zanata # Geert Warrink , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:26+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Dutch (http://www.transifex.com/projects/p/firewalld/language/" "nl/)\n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Firewall applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall configuratie" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;netwerk;beveiliging;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecteer zone voor interface '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standaard zone" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecteer zone voor verbinding '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Instellen van zone {zone} voor verbinding {connection_name} mislukte" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Selecteer zone voor bron '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configureer Schild omhoog/omlaag zones" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Hier kun de zones selecteren gebruikt voor Schild omhoog en Schild omlaag." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Deze eigenschap is nuttig voor hen die meestal de standaard zones gebruiken. " "Voor gebruikersverbindingszones veranderen kan het van beperkt nut zijn." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Schild omhoog zone:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Terugzetten naar standaard" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Schild omlaag zone:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Over %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Auteurs" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licentie" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Schild omhoog brengen" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Meldingen inschakelen" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Bewerk firewall instellingen..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Verander verbindingszones..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configureer Schild omhoog/omlaag zones..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokkeer alle netwerkverkeer" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Over" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Verbindingen" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "interface" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Bronnen" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorisatie is mislukt." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Ongeldige naam" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Naam bestaat al" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zone: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Standaard zone: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Verbinding van NetworkManager krijgen mislukte" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Er is geen NetworkManager import beschikbaar" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Geen verbinding met firewall daemon" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Alle netwerkverkeer is geblokkeerd" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Standaard zone: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standaard zone '{default_zone}' actief voor verbinding '{connection}' op " "interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' actief voor verbinding '{connection}' op interface " "'{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' actief voor interface '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' is actief voor bron {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Geen actieve zones." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Verbinding met FirewallD hersteld" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Verbinding met FirewallD verloren." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD is opnieuw geladen." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Standaard zone veranderd naar '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Netwerkverkeer in niet meer geblokkeerd." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "geactiveerd" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "gedeactiveerd" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standaard zone '{default_zone}' {activated_deactivated} voor verbinding " "'{connection}' op interface '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} voor verbinding '{connection}' op " "interface '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} voor interface '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' geactiveerd voor interface '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} voor bron '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' is geactiveerd voor bron '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Verbinding met firewalld ingesteld" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Bezig met met verbinden naar firewalld, wacht..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Verbinding maken met de firewall is mislukt. Zorg ervoor dat de dienst juist " "is opgestart en probeer het opnieuw." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Veranderingen zijn toegepast." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Wordt gebruikt door netwerkverbinding '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standaard zone wordt gebruikt door netwerkverbinding '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aangezet" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "uitgezet" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Iconen laden is mislukt." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Context" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Opdrachtregel" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Gebruikersnaam" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Gebruikers-id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabel" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Keten" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioriteit" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenten" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Runtime" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Poort" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Naar poort" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Naar adres" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Verbindingen" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Ingang" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familie" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Actie" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Bron" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Bestemming" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Opmerking" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Bropn" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Waarschuwing" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fout" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accepteren" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "afwijzen" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "laten vallen" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "markeer" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "beperken" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "poort" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-blok" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "doorstuur-poort" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "bronpoort" #: ../src/firewall-config.in:2097 msgid "level" msgstr "niveau" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ja" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Standaard zone: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Service '%s' is niet beschikbaar." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Verwijder zone" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Negeer" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP type '%s' is niet beschikbaar." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Ingebouwde zone, hernoemen niet ondersteund" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "seconde" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuut" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "uur" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dag" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "noodgeval" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritiek" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "fout" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "waarschuwing" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "opmerking" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Het doorsturen naar een ander systeem is alleen nuttig als de interface " "gemaskeerd is.\n" "Wil je deze zone maskeren?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Ingebouwde service, hernoemen niet ondersteund" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Vul een ipv4 adres in met het formaat adres[/masker]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Het masker kan een netwerkmasker of een getal zijn." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Vul een ipv6 adres in met het formaat adres[/masker]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Het masker is een getal." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Vul een ipv4 of ipv6 adres in met het formaat adres[/masker]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Het masker kan een netwerkmasker of een getal zijn voor ipv4.\n" "Het masker is een getal voor ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Ingebouwde ipset, hernoemen wordt niet ondersteund." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Selecteer een bestand" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Tekstbestanden" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Alle bestanden" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alles" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Ingebouwde helper, hernoemen wordt niet ondersteund" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Ingebouwde icmp, hernoemen niet ondersteund" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Het lezen van bestand '%s' mislukte: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Selecteer zone voor bron %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adres" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatische helpers" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Selecteer de automatische helpers waarde:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Voer de commandoregel in." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Voer de context in." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Selecteer de standaard zone uit de lijst hieronder." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Directe keten " #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Selecteer ipv en tabel en vul de keten naam in." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Keten:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ruw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "beveiliging" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabel:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direct doorgeven regel " #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Selecteer ipv en vul de argumenten in." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumenten:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Poort doorsturen" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Selecteer a.u.b. de bron en bestemming opties naar jouw behoefte." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Poort / poort reeks:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adres:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Bestemming" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Als je lokaal doorzenden aanzet, moet je een poort opgeven. Deze poort moet " "verschillen van de bron poort." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokaal doorsturen" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Doorsturen naar een andere poort" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Basis helperinstellingen" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configureer de basis helperinstellingen" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Vetee ingangen zijn verplicht, alle andere zijn optioneel." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Naam:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versie:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Afgekort:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beschrijving:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familie:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Module:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Helper" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Selecteer een helper:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Basis ICMP type instellingen" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configureer basis ICMP type instellingen:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Selecteer een ICMP type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Ingang toevoegen" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Voeg ingangen uit het bestand" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Verwijder geselecteerde ingang" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Verwijder alle ingangen" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Verwijder ingangen uit het bestand" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Bestand" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opties" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld herladen" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Laadt firewall regels opnieuw in. De huidige permanente configuratie zal de " "nieuwe runtime configuratie worden. D.w.z. dat alle runtime veranderingen " "gemaakt tot herladen verloren gaan bij het herladen als ze niet in de " "permanente configuratie toegepast zijn. " #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Verander de zone waartoe een netwerkverbinding behoort." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Verander standaard zone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Verander standaard zone voor verbindingen of interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Verander log-geweigerd" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Verander log-geweigerd waarde" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configureer automatische helper toekenning" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configureer automatische helper toekenningsinstellingen" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Paniekmodus betekent dat alle binnenkomende en uitgaande pakketten verloren " "gaan." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Paniek modus" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Vergrendelen vergrendelt de firewall configuratie zodat alleen toepassingen " "op de vergrendel witte lijst deze kunnen veranderen." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Vergrendelen" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Maak runtime configuratie permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime naar Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_View" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP types" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Helpers" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "directe configuratie" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Vergrendel whitelist" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Actieve verbindingen" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hulp" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zone wijzigen" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Verander zone van verbinding" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Verberg actieve runtime bindingen van verbindingen, interfaces en bronnen " "aan zones" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Toon actieve runtime bindingen van verbindingen, interfaces en bronnen aan " "zones" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuratie:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Huidige zichtbare configuratie. Runtime configuratie is de actuele actieve " "configuratie. Persistente configuratie zal actief zijn na het herladen of " "herstarten van service of systeem." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Een firewalld zone definieert het vertrouwensniveau voor " "netwerkverbindingen, interfaces en bronadressen die aan de zone gekoppeld " "zijn. De zone combineert services, poorten, protocols, maskerade, poort/" "pakket doorsturen, icmp filters en rich regels. De zone kan gekoppeld zijn " "aan interfaces en bronadressen." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Voeg zone toe" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Bewerk zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Verwijder zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Laad zone standaardinstellingen" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Hier kun je definiëren welke services vertrouwd zijn in de zone. Vertrouwde " "services zijn toegankelijk vanaf alle hosts en netwerken die de machine " "kunnen bereiken met verbindingen, interfaces en bronnen die aan de zone " "gekoppeld zijn." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Voeg extra poorten of poortreeksen toe welke toegankelijk moeten zijn voor " "alle hosts of netwerken die met de machine kunnen verbinden." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Naar poort" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Bewerk zone" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Verwijder zone" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Poorten" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Voeg protocollen toe die toegankelijk moeten zijn voor alle hosts of " "netwerken." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Voeg protocol toe" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Bewerk protocol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Verwijder protocol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocollen" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Voeg extra bronpoorten of poortreeksen toe welke toegankelijk moeten zijn " "voor alle hosts of netwerken die met de machine kunnen verbinden." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Bronpoorten" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Vermomming staat het instellen van een host of router toe die jouw lokale " "netwerk met het internet verbindt. Jouw lokale netwerk zal niet zichtbaar " "zijn en de hosts verschijnen als een enkel adres op het internet. Vermomming " "is alleen in IPv4 beschikbaar." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskerade zone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Als je maskerade aanzet, zal IP forwarding aangezet worden voor je IPv4 " "netwerken." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Vermomming" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Voeg ingangen toe voor het doorsturen van een poort naar een andere poort op " "het lokale systeem of van het lokale systeem naar een ander systeem. " "Doorsturen naar een ander systeem is alleen nuttig als het interface vermomd " "is. Poorten doorsturen kan alleen met IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Voeg Forward poort toe" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Bewerk Forward poort" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Verwijder Forward poort" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Het Internet Control Message Protocol (ICMP) wordt voornamelijk gebruikt om " "foutmeldingen te versturen tussen computers op het netwerk, maar bovendien " "voor informatieve boodschappen zoals ping verzoeken en antwoorden." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markeer de ICMP types die geweigerd moeten worden in de lijst. Aan alle " "andere ICMP types is het toegestaan de firewall te passeren. De standaard is " "geen beperking." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Als Omkeerfilter aangezet is dan worden ingangen gemarkeerd met ICMP " "aanvaard en alle andere geweigerd. In een zone met het doel Laat vallen " "gebeurd dat." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Omkeerfilter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Hier kun je rich taalregels instellen voor de zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Voeg rich regel toe" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Bewerk rich regel" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Verwijder rich regel" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rich regels" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Voeg ingangen toe om interface aan de zone te binden. Als de interface " "gebruikt gaat worden door een verbinding, zal de zone ingesteld worden op de " "zone die in de verbinding gespecificeerd wordt." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Voeg interface toe" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Bewerk interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Verwijder interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Voeg ingangen toe om bronadressen of gebieden te binden aan de zone. Je kunt " "ook een MAC bronadres binden, echter met beperkingen. Poort doorsturen en " "maskeren zal niet werken voor MAC bronbindingen." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Voeg bron toe" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Bewerk bron" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Verwijder bron" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Een firewalld service is een combinatie van poorten, protocollen, modules en " "bestemmingsadressen." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Voeg service toe" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Bewerk service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Verwijder service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Laad service standaardinstellingen" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Voeg extra poorten of poortreeksen toe welke toegankelijk moeten zijn voor " "alle hosts of netwerken." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Ingang bewerken" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Ingang verwijderen" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Voeg extra bronpoorten of poortreeksen toe welke toegankelijk moeten zijn " "voor alle hosts of netwerken." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Bronpoort" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter helper modules zijn nodig voor sommige services." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Als je bestemmingsadressen specificeert, zal de service ingang beperkt " "worden tot het bestemmingsadres en type. Als beide ingangen leeg zijn dan is " "er geen beperking." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Services kunnen alleen veranderd worden in de permanente configuratie view. " "De runtime configuratie van services is gefixeerd." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Een IPSet kan gebruikt worden voor het aanmaken van witte of zwarte lijsten " "en kan bijvoorbeeld IP adressen, poortnummers of MAC adressen opslaan." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Voeg IPSet toe" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Bewerk IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Verwijder IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Laad IPSet standaardinstellingen" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Ingangen van de IPSet. Je kunt alleen ingangen van ipsets zien die de " "timeout optie niet gebruiken, en ook alleen de ingangen die toegevoegd zijn " "door firewalld. Ingangen die rechtstreeks toegevoegd zijn met het ipset " "commando zullen hier niet getoond worden." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Deze IPSet gebruikt de timeout optie, daarom zijn er hier geen ingangen " "zichtbaar. De ingangen moeten rechtstreeks met het ipset commando behandeld " "worden." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Toevoegen" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Ingangen" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSets kunnen alleen in het permanente configuratiescherm aangemaakt of " "verwijderd worden." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Een firewalld icmp type geeft de informatie voor een Internet Control " "Message Protocol (ICMP) type voor firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Voeg ICMP type toe" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Bewerk ICMP type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Verwijder ICMP type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Laad ICMP type standaardinstellingen" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Specificeer of dit ICMP type beschikbaar is voor IPv4 en/of IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP types kunnen alleen in de permanente configuratie view veranderd " "worden. De runtime configuratie van ICMP types is gefixeerd." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Een verbindings trackhelper assisteert bij het laten werken van protocollen " "die verschillende flows gebruiken voor signalering en data overdrachten. De " "data overdrachten gebruiken poorten die niet gerelelateerd zijn aan de " "signaleringsverbinding en worden daarom zonder de helper geblokkeerd door " "de firewall." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Definieer poorten of poortreeksen die bewaakt worden door de helper." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "De directe configuratie biedt een rechtstreekse toegang tot de firewall aan. " "Deze opties vereisen dat de gebruiker basis iptables concepten begrijpt, d.w." "z. tabellen, ketens, commando's, parameters en doelen. Directe configuratie " "moet alleen als laatste redmiddel gebruikt worden als het niet mogelijk is " "om andere firewalld functies te gebruiken. " #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Het ipv argument van elke optie moet ipv4, ipv6 of eb zijn. Bij ipv4 zal het " "voor iptables, bij ipv6 voor ip6tables en bij eb voor ethernet bruggen " "(ebtables) zijn." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Extra ketens voor gebruik met regels." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Voeg keten toe" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Bewerk keten" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Verwijder keten" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ketens" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Voeg een regel met de argumenten args toe aan een keten in een tabel met een " "prioriteit. " #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "De prioriteit wordt gebruikt om regels te rangschikken. Prioriteit 0 " "betekent het toevoegen van een regel bovenin de keten, met een hogere " "prioriteit wordt de regel lager toegevoegd. Regels met dezelfde prioriteit " "bevinden zich op hetzelfde niveau en de volgorde van deze regels is niet " "gefixeerd en kan veranderen. Als je er zeker van wilt zijn dat dat een regel " "wordt toegevoegd na een andere, gebruik je een lage prioriteit voor de " "eerste en een hogere voor de volgende." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Voeg regel toe" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Bewerk regel" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Verwijder regel" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regels" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "De regels voor doorgeven wordt direct doorgegeven aan de firewall en worden " "niet in speciale ketens geplaatst. Alle iptables, ip6tables en ebtables " "opties kunnen gebruikt worden." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Wees voorzichtig met regels voor doorgeven zodat je de firewall niet " "beschadigt." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Voeg doorgeven toe" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Bewerk doorgeven" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Verwijder doorgeven" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Doorgeven" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "De vergrendel eigenschap is een verlichte versie van gebruikers en " "toepassingstactieken voor firewalld. Het beperkt de veranderingen in de " "firewall. De vergrendel whitelist kan commando's, context, gebruikers en " "gebruiker id's bevatten." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "De context is de beveiligings (SELinux) context van een draaiende toepassing " "of service. Om de context van een draaiende toepassing te krijgen gebruik je " "ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Voeg context toe" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Bewerk context" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Verwijder context" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Context" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ials een commando ingang in de whitelist eindigt met een asterisk '*', dan " "zullen alle commandoregels die beginnen met het commando matchen. Als de '*' " "niet aanwezig is, dan moet het gehele commando matchen inclusief argumenten." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Voeg commandoregel toe" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Bewerk commandoregel" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Verwijder commandoregel" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Commandoregels" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Gebruikersnamen." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Voeg gebruikersnaam toe" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Bewerk gebruikersnaam" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Verwijder gebruikersnaam" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Gebruikersnamen" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Gebruiker id's." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Voeg gebruikers ID toe" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Bewerk gebruikers ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Verwijder gebruikers ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Gebruiker id's" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Huidige standaard zonen van het systeem." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log-geweigerd" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Paniek modus:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatische helpers:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Vergendeling:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standaard zone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Voer een interfacenaam in:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Basis IPSet instellingen" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configureer de basis ipset instellingen:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Type:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashgrootte:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Timeout waarde in seconden" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Initiële hash grootte, standaard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximum aantal elementen, standaard 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Selecteer een ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Voer een ipsetinvoer in:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log-geweigerd" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Selecteer de log-geweigerd waarde" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Markeer" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Vul een markeerteken in met een optioneel masker" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "De martkeer en masker velden zijn beid 32 bits brede gehele getaalen zonder " "teken" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Markering:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Masker:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Selecteer een netfilter conntrack helper:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecteer -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Andere module:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Poort en protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Vul een poort en protocol in." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Directe regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Selecteer ipv en tabel, ketenprioriteit en vul de argumenten in." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioriteit:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Voer een protocol in." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Ander protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rch regel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Voer een rich regel in." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Deactiveer het element voor toevoegen aan host of netwerk white of black " "list. " #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Bron:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Bestemming:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 en ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "geïnverteerd" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Om dit aan te zetten moet Actie 'afwijzen' zijn en Familie 'ipv4' of " "'ipv6' (niet beide)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "met type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Met limiet:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Niveau:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Actie:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Basis service instellingen" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configureer basis instellingen:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Selecteer een service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Voer een bron in." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Gebruiker ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Vul een gebruiker id in." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Vul een gebruikersnaam in." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "label" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Basis zone instellingen" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Configureer de basis zone instellingen:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Standaard doel" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Doel:" firewalld-0.8.2/po/fr.po0000664007115300711530000017473313641112251016254 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # <>, 2006 # Alain PORTAL , 2007 # Audrey Simons , 2003-2005 # Damien Durand , 2006 # Decroux Fabien , 2006 # Gé Baylard , 2013 # Gauthier Ancelin , 2007-2008 # Gé Baylard , 2013 # Jean-Paul Aubry , 2004 # Jérôme Fenal , 2012-2013 # Martin-Gomez Pablo , 2009 # Michael Ughetto , 2008 # Martin-Gomez Pablo , 2009 # Sam Friedmann , 2009-2010,2014 # Samuel Mutel , 2005-2006 # Stephane Raimbault , 2004 # Thomas Canniot , 2006,2008-2010 # Jean-Baptiste Holcroft , 2015. #zanata # Jean-Baptiste Holcroft , 2016. #zanata # Julie Carbone , 2016. #zanata # Thomas Woerner , 2016. #zanata # corina roe , 2016. #zanata # Eric Garver , 2017. #zanata # Jean-Baptiste Holcroft , 2017. #zanata # Laurent Bigonville , 2017. #zanata # Eric Garver , 2018. #zanata # Jean-Baptiste Holcroft , 2018. #zanata # Julien Humbert , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Julien Humbert \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Appliquette pare-feu" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Pare-feu" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuration du pare-feu" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "pare-feu;réseau;sécurité;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Sélectionner la zone pour l’interface « %s »" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zone par défaut" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Sélectionner la zone pour la connexion « %s »" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "N’a pas pu définir la zone {zone} pour la connexion {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Sélectionner la zone pour la source « %s »" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configurer des zones à protection active/inactive" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Vous pouvez choisir ici les zones avec protections active ou inactive." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Cette fonctionnalité est pratique pour ceux qui utilisent essentiellement le " "zonage par défaut. Pour les utilisateurs, qui changent de zones de " "connexion, son intérêt pourrait se révéler limité." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zone à protection active :" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Réinitialiser aux paramètres par défaut" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zone à protection inactive :" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "À propos %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Auteurs" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licence" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Protections activées" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Activer les notifications" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Modifier les paramètres du pare-feu…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Modifier les zones de connexions…" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configurer des zones à protection active/inactive…" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloquer tout trafic réseau" #: ../src/firewall-applet.in:500 msgid "About" msgstr "À propos" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Connexions" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sources" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Échec de l’autorisation." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nom non valide" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Le nom existe déjà" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zone : {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (zone par défaut : {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "N’a pas pu obtenir les connexions de NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Aucune importation de NetworkManager n’est disponible" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Pas de connexion au démon du pare-feu" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Tout trafic réseau est bloqué." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Zone par défaut : « %s »" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone par défaut « {default_zone} » active pour connexion « {connection} » " "sur l’interface « {interface} »" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone « {zone} » active pour la connexion « {connection} » sur l’interface " "« {interface} »" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone « {zone} » active pour l’interface « {interface} »" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zone « {zone} » active pour la source « {source} »" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Aucune zone active." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "La connexion à FirewallD est établie." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "La connexion à FirewallD a été perdue." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD a été rechargé." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "La zone par défaut devient « %s »." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Le trafic réseau n’est plus bloqué." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "activé" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "désactivé" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zone par défaut « {default_zone} » {activated_deactivated} pour connexion " "« {connection} » sur l’interface « {interface} »" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone « {zone} » {activated_deactivated} pour la connexion « {connection} » " "sur l’interface « {interface} »" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Zone « {zone} » {activated_deactivated} pour l’interface « {interface} »" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "La zone « %s » est activée pour l’interface « %s »" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone « {zone} » {activated_deactivated} pour la source « {source} »" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone « %s » activée pour la source « %s »" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "La connexion à FirewallD est établie." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Tentative de connexion à FirewallD, veuillez patientez…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Impossible de se connecter à FirewallD. Vérifiez que le service a été " "démarré correctement, puis réessayez." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Modifications appliquées." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Utilisé par la connexion réseau « %s »" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zone par défaut utilisée par la connexion réseau « %s »" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "activé(e)" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "désactivé(e)" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Impossible de charger les icônes." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexte" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Ligne de commande" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nom d’utilisateur" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Identifiant utilisateur" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Table" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Chaine" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorité" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Arguments" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Temps d’exécution" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocole" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Vers le port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Vers l’adresse" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Liaisons" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrée" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Type ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Famille" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Action" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Élément" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "journal" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Commentaire" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Source" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Avertissement" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erreur" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accept" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reject" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marque" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquer" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "level" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "oui" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Zone par défaut : %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zone : %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone « %s » : le service « %s » n’est pas disponible." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Supprimer une zone" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorer" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone « %s » : le type ICMP « %s » n’est pas disponible." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Zone intégrée, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "seconde" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minute" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "heure" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "jour" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerte" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "warning" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Rediriger vers un autre système est utile seulement si l’interface est " "masquée.\n" "Voulez-vous masquer cette zone ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Service intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Veuillez saisir une adresse ipv4 avec l’adresse du formulaire [/mask]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Le masque peut être un masque de réseau ou un numéro." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Veuillez saisir une adresse ipv6 avec l’adresse du formulaire [/mask]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Le masque est un numéro." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Veuillez saisir une adresse ipv4 ou ipv6 avec l’adresse du formulaire [/" "mask]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Le masque peut être un masque de réseau ou un numéro pour ipv4.\n" "Le masque est un numéro pour ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Ipset intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Sélectionner un fichier" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Fichier texte" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Tous les fichiers" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tout" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Assistant intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Icmp intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "impossible de lire le fichier « %s » : %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Sélectionner la zone pour la source « %s »" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresse" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Assistants automatiques" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Veuillez sélectionner la valeur des assistants automatiques :" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Veuillez saisir la ligne de commande." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Veuillez saisir le contexte." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Veuillez sélectionner la zone par défaut dans la liste ci-dessous." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Chaine directe" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Veuillez sélectionner l’ipv et la table, et saisir le nom de chaine." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv :" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Chaine :" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "sécurité" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Table :" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Règle Passthrough directe" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Veuillez sélectionner l’ipv et saisir les arguments." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Arguments :" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Réacheminement de port" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Veuillez sélectionner les options de source et de destination en fonction de " "vos besoins." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Intervalle de ports :" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Adresse IP :" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocole :" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Si vous activez un réacheminement local, vous devez définir un port. Celui-" "ci doit être différent du port source." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Réacheminement local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Réacheminer vers un autre port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Paramètres de l’assistant de base" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Veuillez configurer les paramètres de l’assistant de base :" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Les entrées en gras sont obligatoires, les autres sont optionnelles." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nom :" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version :" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Court :" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Description :" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Famille :" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Module :" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Assistant" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Veuillez sélectionner un assistant :" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Paramètres de base de type ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Veuillez configurer les paramètres de base de type ICMP :" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Type ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Veuillez sélectionner un type ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Ajouter une entrée" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Ajouter les entrées en provenance du fichier" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Supprimer l’entrée sélectionnée" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Supprimer toutes les entrées" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Supprimer les entrées du fichier" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fichier" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Options" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recharger Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recharger les règles du pare-feu. La configuration permanente actuelle " "deviendra la nouvelle configuration d’exécution. Par exemple toutes les " "modifications d’exécution faite avant le rechargement seront perdues si " "elles n’ont pas été aussi dans la configuration permanente." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Modifier la zone à laquelle la connexion réseau appartient." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Modifier la zone par défaut" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Modifier la zone par défaut pour les connexions ou interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Changer DéniDeLog" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Changer la valeur du DéniDeLog." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurer les assignations de l’assistant automatique" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configurer les paramètres d’assignations de l’assistant automatique." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Le mode panique signifie que tous les paquets entrants et sortants sont " "supprimés." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Mode panique" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown verrouille la configuration du pare-feu afin que seules les " "applications de la liste blanche puissent la modifier." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Verrouillage" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Rendre la configuration d’exécution permanente" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Exécution sur Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Affichage" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Types ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Assistants" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuration directe" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Liste blanche" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Liaisons actives" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Aide" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Modifier la zone" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Modifier la zone de liaison" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Cacher les liaisons de runtime actives de connexions, interfaces et sources " "à des zones" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Afficher les liaisons de runtime actives de connexions, interfaces et " "sources à des zones" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuration :" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuration visible actuellement. La configuration d’exécution est la " "configuration active en fait. La configuration persistante deviendra active " "après avoir rechargé ou redémarré le service ou le système." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Une zone FirewallD définit le niveau de confiance pour les connexions " "réseau, les interfaces et les adresses de sources liées à cette zone. La " "zone combine les services, ports, protocoles, translations d’adresse, port " "ou paquet réacheminés, filtres ICMP et règles riches. La zone peut être liée " "aux interfaces et aux adresses de source." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Ajouter une zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Modifier une zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Supprimer une zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Charger les zones par défaut" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Vous pouvez définir ici quels services sont de confiance dans la zone. Les " "services de confiance sont accessibles depuis tous les hôtes et réseaux qui " "peuvent accéder à la machine depuis les connexions, interfaces et sources " "liées à cette zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Ajouter des ports ou des plages de ports supplémentaires, qui doivent être " "accessibles à tous les hôtes ou réseaux qui peuvent se connecter à la " "machine." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Vers le port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Modifier une zone" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Supprimer une zone" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Ajoutez des protocoles qu’il faut rendre accessibles à tous les hôtes ou " "réseaux." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Ajouter un protocole" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Modifier un protocole" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Supprimer un protocole" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocoles" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Ajouter des ports sources ou des plages de ports supplémentaires, qui " "doivent être accessibles à tous les hôtes ou réseaux qui peuvent se " "connecter à la machine." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Ports sources" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "La translation d’adresses est très utile si vous configurez un hôte ou un " "routeur qui connecte votre réseau local à Internet. Votre réseau local ne " "sera pas visible et vos hôtes apparaitront sous une adresse unique sur " "Internet. La translation d’adresse est une spécificité d’IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zone de translation d’adresse" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Si vous activez la translation d’adresse, la redirection IP sera activée " "pour votre réseau IPV4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Translation d’adresses" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Ajouter des entrées pour rediriger les ports soit d’un port à un autre sur " "le système local, soit du système local vers un autre. Rediriger vers un " "autre système n’est utile que si l’interface est masquée. La redirection de " "port est une spécificité d’IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Ajouter une transmission de port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Modifier une transmission de port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Supprimer une transmission de port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Le protocole de message de contrôle Internet (ICMP, pour « Internet Control " "Message Protocol ») est utilisé essentiellement pour envoyer des messages " "d’erreurs vers les ordinateurs d’un réseau, mais également pour envoyer des " "messages d’information, comme les requêtes « ping » et leurs réponses." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marquez les types ICMP de la liste qui doivent être rejetés. Tous les autres " "types ICMP sont autorisés à traverser le pare-feu. Par défaut, il n’y a " "aucune restriction." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Si Filtrage Inversion est actif, les saisies marquées ICMP seront acceptées " "et les autres seront rejetées. Dans une zone ayant pour cible « DROP », " "elles seront rejetées." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Filtrage Inversion" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtre ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Vous pouvez définir ici les règles linguistiques riches pour la zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Ajouter une règle riche" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Afficher une règle riche" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Supprimer une règle riche" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Règles riches" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Ajouter des entrées pour lier des interfaces à la zone. Si l’interface est " "utilisée par une connexion, la zone sera définie sur la zone indiquée dans " "la connexion." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Ajouter une interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Quitter l’interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Supprimer l’interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Ajouter des entrées pour lier les adresses ou zones source à la zone. Vous " "pouvez également les lier à une adresse source MAC mais avec certaines " "limites. Le transfert et masquage ne fonctionneront pas pour les liaisons " "sources de MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Ajouter une source" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Afficher la source" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Supprimer une source" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un service FirewallD est une combinaison de ports, de protocoles, de modules " "et d’adresses de destination." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Ajouter un service" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Éditer un service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Supprimer un service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Charger les services par défaut" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Ajoutez les ports ou intervalles de ports supplémentaires qu’il faut rendre " "accessibles à tous les hôtes ou réseaux." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Modifier une entrée" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Supprimer une entrée" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Ajoutez les ports source ou intervalles de ports supplémentaires qu’il faut " "rendre accessibles à tous les hôtes ou réseaux." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Port source" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" "Les modules d’assistance Netfilter sont nécessaires pour certains services." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Si vous spécifiez une adresse de destination, l’entrée de service sera " "limitée au type et à l’adresse de destination. Si ces deux entrées sont " "vides, il n’y a pas de limitation." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4 :" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6 :" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Les services ne peuvent être modifiés que dans la fenêtre de configuration " "permanente. La configuration d’exécution des services est fixée." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Un IPSet peut être utilisé pour créer des listes noires ou blanches et peut " "stocker des adresses IP, numéros de port ou adresses MAC. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Ajouter IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Modifier IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Supprimer IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Charger IPSet par défaut" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Entrées de l’IPSet. Vous ne pourrez voir que des entrées d’IPSets qui " "n’utilisent pas l’option timeout et uniquement les entrées qui ont été " "ajoutées par FirewallD. Les entrées qui ont été ajoutées directement avec la " "commande IPSet n’apparaissent pas ici." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Cet IPSet utilise l’option timeout, donc aucune entrée n’est visible ici. " "Les entrées doivent être utilisées avec la commande IPSet directement." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Ajouter" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entrées" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Les IPSets peuvent uniquement être créés ou supprimés dans l’affichage de " "configuration permanent." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "L’icmptype de FirewallD fournit les informations pour le type de protocole " "de contrôle du réseau Internet (ICMP) pour FirewallD." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Ajoute un type d’ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Modifier le type d’ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Supprimer le type d’ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Charger le type ICMP par défaut" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Précisez si ce type d’ICMP est disponible pour IPv4 et/ou IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Les types d’ICMP ne peuvent être modifiés que dans la fenêtre de " "configuration permanente. La configuration en cours d’exécution des types " "d’ICMP est fixée." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Un assistant de suivi de connexion aide à faire fonctionner les protocoles " "qui utilisent différents flux pour signaler et transférer des données. Les " "transferts de données utilisent des ports qui ne sont pas liés à la " "connexion signalée et sont en conséquence bloqués par le pare-feu sans cet " "assistant." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Définir les ports ou plages de port, surveillés par l’assistant." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configuration directe donne un accès plus direct au pare-feu. Ces options " "exigent que l’utilisateur connaisse les concepts de base de iptables, c.-à-" "d. tables chaines, commandes, paramètres et cibles. La configuration directe " "devrait être utilisée qu’en dernier ressort, quand il n’est pas possible " "d’utiliser les autres fonctionnalités de FirewallD." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "L’argument ipv de chaque option doit être ipv4 ou ipv6 ou eb. ipv4 pour " "iptables, ipv6 pour ip6tables et eb pour une passerelle Ethernet (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Chaines supplémentaires à utiliser avec les règles." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Ajouter une chaine" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Afficher une chaine" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Supprimer une chaine" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Chaines" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Ajoutez une règle avec les arguments « args » à une chaine dans une table " "avec une priorité." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La priorité est utilisée pour ordonner les règles. La priorité 0 signifie " "ajouter la règle en début de chaine, avec une priorité plus élevée la règle " "sera ajoutée plus bas. Les règles avec le même niveau de priorité sont sur " "le même niveau et l’ordre de ces règles n’est pas fixé et peut être modifié. " "Si vous voulez être sûr qu’une règle est ajoutée après une autre, utilisez " "une priorité basse pour la première et une plus élevée pour les suivantes." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Ajouter une règle" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Afficher une règle" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Supprimer une règle" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Règles" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Les règles passthrough sont directement répercutées sur le pare-feu et ne " "sont pas placées dans les chaines particulières. Toutes les options " "iptables, ip6tables et ebtables peuvent être utilisées." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Veuillez être prudent avec les règles passthrough pour ne pas endommager le " "pare-feu." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Ajouter le Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Afficher le Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Supprimer le Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La fonction verrouillage est une version allégée de l’utilisateur et des " "politiques d’application pour FirewallD. Elle limite les modifications au " "pare-feu. La liste blanche peut comprendre des commandes, des contextes, des " "utilisateurs et des identifiants d’utilisateur." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Le contexte est le contexte de sécurité (SELinux) d’une application en cours " "d’exécution ou d’un service. Pour obtenir le contexte d’une application en " "cours d’exécution utilisez ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Ajouter un contexte" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Modifier un contexte" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Supprimer un contexte" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextes" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Si une commande de la liste blanche se termine par un astérisque « * », " "alors toutes les lignes de commande commençant par cette commande seront " "prises en compte. Si « * » est absent alors la commande seule sera prise en " "compte." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Ajouter une ligne de commande" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Afficher une ligne de commande" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Supprimer une ligne de commande" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Lignes de commande" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Noms d’utilisateur" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Ajouter un nom d’utilisateur" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Modifier un nom d’utilisateur" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Supprimer un nom d’utilisateur" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Noms d’utilisateur" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identifiants d’utilisateur" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Ajouter un identifiant utilisateur" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Afficher un identifiant utilisateur" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Supprimer un identifiant utilisateur" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identifiants d’utilisateur" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zone actuelle par défaut du système." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "DéniDeLog :" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Mode panique :" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Assistants automatiques :" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Verrouiller :" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zone par défaut :" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Veuillez saisir un nom d’interface :" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Paramètres IPSet de base" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Veuillez configurer les paramètres de l’IPSet de base :" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Type :" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout :" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Taille du hachage :" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem :" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valeur du timeout en secondes" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Taille du hachage initial, valeur par défaut : 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Nombre maximal d’éléments, valeur par défaut : 65 536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Veuillez sélectionner un IPSet :" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Veuillez saisir une entrée IPSet :" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "DéniDeLog" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Veuillez sélectionner la valeur du DéniDeLog :" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marque" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Veuillez saisir une marque avec un masque en option." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Les champs marque et masque sont tous les deux des nombres non signés de 32 " "octets de largeur." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marque :" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Masque :" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Veuillez sélectionner un assistant conntrack netfilter :" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Sélectionner -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Autre module :" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port et protocole" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Veuillez saisir un port et un protocole." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Règle directe" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Veuillez sélectionner l’ipv et la table, la chaine prioritaire et saisissez " "las arguments." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorité :" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Veuillez saisir un protocole." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Autres protocoles :" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Règle riche" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Veuillez saisir une règle riche." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Désactiver l’élément pour un hôte ou un réseau blanc ou sur liste noire." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Source :" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination :" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Journal :" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit :" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 et ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inversé" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Pour activer ceci, Action doit être paramétré sur « reject » et Famille soit " "sur « Ipv4 » ou « Ipv6 » (pas les deux)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "avec le type :" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "avec la limite :" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Préfixe :" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Niveau :" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Élément :" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Action :" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Paramètres du service de base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Veuillez configurer les paramètres du service de base :" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Veuillez sélectionner un service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Veuillez saisir une source." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID utilisateur" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Veuillez saisir l’ID de l’utilisateur." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Veuillez saisir le nom d’utilisateur." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "étiquette" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Paramètres de la zone de base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Veuillez configurer les paramètres de la zone de base :" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Cible par défaut" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cible :" firewalld-0.8.2/po/fi.po0000664007115300711530000015111613641112251016231 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Juhani Numminen , 2012-2013 # Lauri Nurmi , 2004 # Lauri Nurmi , 2004 # Mikko Ikola , 2004 # Juhani Numminen , 2016. #zanata # Jiri Grönroos , 2017. #zanata, 2020. # Toni Rantala , 2017. #zanata # Jiri Grönroos , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-01-13 14:38-0500\n" "PO-Revision-Date: 2020-03-19 09:38+0000\n" "Last-Translator: Jiri Grönroos \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 3.11.3\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Palomuurisovelma" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Palomuuri" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Palomuuriasetukset" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;" "netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Valitse alue liitännälle '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Oletusalue" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Valitse alue yhteydelle '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Alueen {zone} asettaminen yhteydelle {connection_name} epäonnistui" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Valitse alue lähteelle '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Määritä Kilvet ylös/alas -alueet" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Kilvet ylös -alue:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Palauta oletukset" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Kilvet alas -alue:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Tietoja – %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Tekijät" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Lisenssi" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Kilvet ylös" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Ota ilmoitukset käyttöön" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Muokkaa palomuurin asetuksia…" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Muuta yhteyksien alueita..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Määritä Kilvet ylös/alas -alueet..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Estä kaikki verkkoliikenne" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Tietoja" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Yhteydet" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Verkkoliitännät" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Lähteet" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Tunnistautuminen epäonnistui." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Virheellinen nimi" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Nimi on jo olemassa" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Alue: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Oletusalue: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Yhteyksien haku NetworkManagerilta epäonnistui" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "NetworkManager-tuonteja ei ole saatavilla" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Ei yhteyttä palomuurin taustaprosessiin" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Kaikki verkkoliikenne on estetty." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Oletusalue: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Oletusalue '{default_zone}' aktiivisena yhteydelle '{connection}' " "liitännällä '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Alue '{zone}' aktiivisena yhteydelle '{connection}' liitännällä '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Alue '{zone}' käytössä verkkoliitännälle '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Alue '{zone}' aktiivisena lähteelle {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Ei aktiivisia alueita." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Yhteys FirewallD:hen muodostettu." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Yhteys FirewallD:hen kadotettu." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD on ladattu uudelleen." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Oletusalueeksi asetettu '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Verkkoliikennettä ei enää estetä." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "käytössä" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "ei käytössä" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Oletusalue '{default_zone}' {activated_deactivated} yhteydellä " "'{connection}' liitännällä '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Alue '{zone}' {activated_deactivated} yhteydellä '{connection}' liitännällä " "'{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Alue '{zone}' {activated_deactivated} liitännällä '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Alue '%s' aktivoitu liitännälle '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Alue '{zone}' {activated_deactivated} lähteelle '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Alue '%s' aktivoitu lähteelle '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Yhteys firewalld:hen muodostettu." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Yritetään muodostaa yhteys firewalld:hen, odotetaan…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Yhteys firewalld:hen epäonnistui. Varmista että palvelu on päällä ja yritä " "uudelleen." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Muutokset otettu käyttöön." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Yhteyden ”%s” käytössä" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Verkkoyhteyden '%s' käyttämä oletusalue" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "käytössä" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "pois käytöstä" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Kuvakkeiden lataus ei onnistunut." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Konteksti" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Komentorivi" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Käyttäjänimi" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Käyttäjätunniste" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Ajonaikainen" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Pysyvä" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Palvelu" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Portti" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokolla" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Porttiin" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Osoitteeseen" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Sidokset" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Tietue" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-tyyppi" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Perhe" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Toiminto" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elementti" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Lähde" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Kohde" #: ../src/firewall-config.in:834 msgid "log" msgstr "kirjaa" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Liitäntä" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentti" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Lähde" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Varoitus" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Virhe" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "hyväksy" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "hylkää" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "pudota" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "merkitse" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "rajoita" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "palvelu" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "portti" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokolla" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskeeraa" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-esto" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "välitysportti" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "lähdeportti" #: ../src/firewall-config.in:2097 msgid "level" msgstr "taso" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "kyllä" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Alue" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Oletusalue: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Alue: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Alue '%s': Palvelu '%s' ei ole käytettävissä." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Poista" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Älä huomioi" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Alue '%s': ICMP-tyyppi '%s' ei ole saatavilla." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Sisäänrakennettu alue, nimen muuttaminen ei ole tuettu." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekunti" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuutti" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "tunti" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "vuorokausi" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "hätätila" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "hälytys" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kriittinen" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "virhe" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "varoitus" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "huomautus" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "tiedoksi" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "virheenjäljitys" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Välittäminen toiseen järjestelmään on hyödyllistä vain jos verkkoliitäntä on " "maskeerattu. Haluatko maskeerata tämän alueen?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Sisäänrakennettu palvelu, ei voi uudelleennimetä." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Syötä ipv4-osoite muodossa osoite[/maski]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Maski voi olla verkkomaski tai numero." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Syötä ipv6-osoite muodossa osoite[/maski]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Maski on numero." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Syötä ipv4- tai ipv6-osoite muodossa osoite[/maski]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Ipv4:n maski voi olla verkkomaski tai numero.\n" "Ipv6:n maski on numero." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Sisäänrakennettu ipset, uudelleennimeäminen ei ole tuettu." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Valitse tiedosto" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Tekstitiedostot" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Kaikki tiedostot" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Kaikki" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Sisäänrakennettu avustin, nimen muuttaminen ei ole tuettu." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Sisäänrakennettu icmp, nimen muuttaminen ei ole tuettu." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Tiedoston ”%s” lukeminen epäonnistui: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Valitse alue lähteelle %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Osoite" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automaattiset apurit" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Valitse automaattisen apurin arvo:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Syötä komento." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Syötä konteksti." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Valitse oletusalue alapuolella olevasta listasta." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Ketju:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raakamuoto" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "turvallisuus" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Taulu:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentit:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Porttien edelleenohjaus (forwarding)" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Valitse lähde- ja kohdeasetukset tarpeen mukaan." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Portti tai porttialue:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-osoite:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokolla:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Kohde" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Jos paikallinen edelleenohjaus otetaan käyttöön, on määritettävä portti. " "Tämä portti on oltava eri kuin lähdeportti." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Paikallinen edelleenohjaus" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Edelleenohjaa toiseen porttiin" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nimi:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versio:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Lyhyt:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Kuvaus:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Perhe:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Moduuli:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Apuri" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Valitse apuri:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-tyyppi" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Valitse ICMP-tyyppi" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Lisää merkintä" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Lisää tietueet tiedostosta" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Poista valittu merkintä" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Poista kaikki tietueet" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Poista tietueet tiedostosta" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Tiedosto" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Valinnat" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Lataa Firewalld uudelleen" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Lataa palomuurin uudelleen. Tämän hetkiset pysyvät asetukset tulevat uusiksi " "ajonaikaisiksi asetuksiksi, toisin sanoen, kaikki ajonaikaiset muutokset " "jotka teit ennen uudelleenlatausta häviävät elleivät ne olleet myös " "pysyvissä asetuksissa." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Vaihda mille alueelle verkkoyhteys kuuluu." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Muuta oletusaluetta" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Vaihda oletusalue yhteyksille ja verkkoliitännöille." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Vaihda lokin kieltotasoa" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Muuta LogDenied-arvoa." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Määritä automaattisten apurien työnjako" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Muokkaa Automatic Helper Assignment -asetusta." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Paniikkitilassa kaikki sisään tulevat ja ulos menevät paketit pudotetaan." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Paniikkitila" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lukitus lukitsee palomuurin asetukset siten, että vain sallittujen listalla " "olevat sovellukset voivat muuttaa palomuurin asetuksia." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lukitus" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Tee ajonaikaisista asetuksista pysyviä." #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Ajonaikaisesta pysyväksi" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Näytä" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSetit" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-tyypit" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Apurit" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Suoramääritys" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lukituksen sallittujen lista" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktiiviset sidokset" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Ohje" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Vaihda alue" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Vaihda sidoksen alue" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Kokoonpano:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld-alue määrittää luottosuhteen siihen sidottuihin verkkoyhteyksiin, " "liitäntöihin ja lähdeosoitteisiin. Alue yhdistää palvelut, protokollat, NAT-" "ominaisuudet (osoitteenmuunnos/masquerading), portti- tai pakettikohtaiset " "välityssäännöt, icmp-suodattimet ja muut monipuoliset säännöt. Alue voidaan " "määrittää liitäntöihin ja lähdeosoitteisiin." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Lisää alue" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Muokkaa aluetta" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Poista alue" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Lataa alueen oletukset" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Täällä voit määrittää mitkä palvelut ovat luotetulla alueella. Luotetut " "palvelut ovat kaikkien verkon koneiden ja verkkojen käytettävissä, jotka " "tavoittavat tämän koneen mistä tahansa yhteydestä, verkkoliitännästä tai " "lähteestä, jotka tähän alueeseen kuuluvat." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Palvelut" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Lisää portti" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Muokkaa porttia" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Poista portti" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portit" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Lisää protokolla jonka pitää olla kaikkien koneiden tai verkkojen " "käytettävissä." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Lisää protokolla" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Muokkaa protokollaa" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Poista protokolla" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokollat" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Lähdeportit" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Osoitteenmuunnos mahdollistaa paikallisen verkon Internetiin yhdistävän " "koneen tai reitittimen pystyttämisen. Paikallinen verkko näkyy yhtenä " "osoitteena Internetiin päin. Osoitteenmuunnos toimii vain IPv4:ssä." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Osoitteenmuunnos" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Lisää tietueita porttien edelleenohjaamiseksi joko portista toiseen " "paikallisessa järjestelmässä tai paikallisesta järjestelmästä toiseen " "järjestelmään. Edelleenohjaaminen toiseen järjestelmään on hyödyllistä vain " "jos liitännässä on käytössä osoitteenmuunnos. Porttien edelleenohjaaminen on " "mahdollista vain IPv4:ssä." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Lisää välitysportti" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Muokkaa välitysporttia" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Poista välitysportti" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message -protokollaa (ICMP) käytetään yleensä virheviestien " "lähettämiseksi verkotettujen tietokoneiden välillä, mutta sitä voidaan " "käyttää myös tietoviesteihin, kuten ping-pyyntöihin ja -vastauksiin." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Merkitse hylättävät ICMP-tyypit luettelosta. Kaikki muut ICMP-tyypit " "päästetään läpi palomuurista. Oletuksena ei ole rajoituksia." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-suodin" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Lisää monipuolinen sääntö" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Muokkaa monipuolista sääntöä" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Poista monipuolinen sääntö" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Monipuoliset säännöt" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Lisää liitäntä" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Muokkaa liitäntää" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Poista liitäntä" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Lisää lähde" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Muokkaa lähdettä" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Poista lähde" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Alueet" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "firewalld-palvelu on yhdistelmä portteja, protokollia, moduuleita ja " "kohdeosoitteita." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Lisää palvelu" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Muokkaa palvelua" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Poista palvelu" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Lataa palvelun oletusarvot" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Muokkaa merkintää" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Poista merkintä" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Lähdeportti" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduulit" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Jos määrität kohdeosoitteet, palvelutietue rajoitetaan kohdeosoitteseen ja " "tyyppiin. Jos molemmat tietueet jätetään tyhjäksi, rajoitteita ei ole." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Palveluita voi muuttaa vain pysyvän kokoonpanon asetusnäkymässä. Palvelujen " "ajonaikaista kokoonpanoa ei voi muuttaa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSettiä voidaan käyttää sallittujen listojen (white) ja estolistojen " "(black) luomiseen. Se voi sisältää esimerkiksi IP-osoitteita, " "porttinumeroita tai MAC-osoitteita. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Lisää IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Muokkaa IPSet:iä" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Poista IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Lataa IPSet-oletukset" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Lisää" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Tietueet" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Lisää ICMP-tyyppi" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Muokkaa ICMP-tyyppiä" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Poista ICMP-tyyppi" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Lisää sääntö" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Muokkaa sääntöä" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Poista sääntö" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Säännöt" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Lisää konteksti" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Muokkaa kontekstia" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Poista konteksti" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontekstit" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Lisää komentorivi" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Muokkaa komentoriviä" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Poista komentorivi" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Komentorivit" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Käyttäjänimet" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Lisää käyttäjänimi" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Muokkaa käyttäjänimeä" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Poista käyttäjänimi" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Käyttäjänimet" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Käyttäjä-ID:t" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Lisää käyttäjä-ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Muokkaa käyttäjä-ID:tä" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Poista käyttäjä-ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Käyttäjä-ID:t" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Järjestelmän nykyinen oletusalue." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Loki kielletty:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Paniikkitila:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automaattiset apurit:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lukitus:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Oletusalue:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Anna liitännän nimi:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Perus IPSet-asetukset" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tyyppi:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Aikakatkos:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Aikakatkaisun arvo sekunneissa" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Valitse ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Loki kielletty" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Valitse log denied -arvo:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Valitse -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Muu moduuli:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Portti ja protokolla" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Syötä portti ja protokolla" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioriteetti:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Syötä protokolla." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Muu protokolla:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Monipuolinen sääntö" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Kirjoita monipuolinen sääntö." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Lähde:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Kohde:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Loki:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ja ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "käänteinen" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Etuliite:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Taso:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Toiminto:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Valitse palvelu." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Käyttäjä ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Syötä käyttäjä ID." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Syötä käyttäjänimi" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Oletuskohde" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Kohde:" firewalld-0.8.2/po/et.po0000664007115300711530000013130213641112251016236 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # mihkel , 2012 # mihkel , 2012 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:21+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Estonian (http://www.transifex.com/projects/p/firewalld/" "language/et/)\n" "Language: et\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Tulemüüri aplett" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Tulemüür" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Tulemüüri seadistamine" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Kilp peale tsoon:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Kilp maha tsoon:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Kilp peale" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Võimalda teated" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Muuda tulemüüri sätteid..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokeeri kogu võrguliiklus" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Ühendus puudub." #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentimine nurjus." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Vigane argument %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Tulemüüri teenusega ühendus puudub" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Kogu võrguliiklus on blokeeritud." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Puudub aktiivne tsoon." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Ühendus FirewallD-ga loodi." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Ühendus FirewallD-ga kaotati." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirrewallD on uuesti laaditud." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Vaikimisi tsoon muudeti '%s'-ks" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Võrguliiklus ei ole enam blokeeritud." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktiveeritud" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deaktiveeritud" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ikoonide laadimine nurjus." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Teenus" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Porti" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Aadressile" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp tüüp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Allikas" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Hoiatus" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Viga" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Tsoon" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Eemalda tsoon" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Sisse ehitatud tsoon, ümbernimetamine pole toetatud." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Sisse ehitatud teenus, ümbernimetamine pole toetatud." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Sisse ehitatud icmp, ümbernimetamine pole toetatud." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Aadress" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Pordi edasisuunamine" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Portide vahemik:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP aadress:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Sihtkoht" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Kohalik edasisuunamine" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Suuna teise porti" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Rasvased kirjed on kohustuslikud, kõik teised aga valikulised." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nimi:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versioon:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Lühike:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Kirjeldus:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP tüüp" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Lisa kirje" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fail" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Valikud" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Laadi FirewallD uuesti" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Muuda vaikimisi tsooni" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Abi" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Lisa tsoon" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Muuda tsooni" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Eemalda tsoon" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Laadi vaikimisi tsoon" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Teenused" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Porti" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Muuda tsooni" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Eemalda tsoon" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Pordid" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskeerimine tsoon" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskeerimine" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Lisa teenus" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Muuda teenust" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Eemalda teenus" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Laadi teenuse vaikeväärtused" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Muuda kirjet" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Eemalda kirje" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moodulid" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Lisa ICMP tüüp" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Muuda ICMP tüüpe" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Eemalda ICMP tüüp" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Süsteemi aktiivne vaikimisi tsoon" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Vaikimisi tsoon:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port ja protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Palun sisesta port ja protokoll." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Teine protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Baasteenuste sätted" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Baas tsoonide sätted" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Vaikimisi sihtmärk" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Sihtmärk:" firewalld-0.8.2/po/ia.po0000664007115300711530000012625513641112251016232 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Nik Kalach , 2012-2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:58+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Interlingua (http://www.transifex.com/projects/p/firewalld/" "language/ia/)\n" "Language: ia\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Applet de parafoco" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Parafoco" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuration de parafoco" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blocar tote le traffico de rete" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-0.8.2/po/ml.po0000664007115300711530000022754613641112251016256 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Ani Peter , 2006-2007,2009,2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 10:00+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Malayalam (http://www.transifex.com/projects/p/firewalld/" "language/ml/)\n" "Language: ml\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ഫയര്‍വോള്‍ ആപ്ലെറ്റ്" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ഫയര്‍വോള്‍" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ഫയര്‍വോള്‍ ക്രമീകരണം" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "'%s' ഇന്റര്‍ഫെയിസിനു് മേഘല തെരഞ്ഞെടുക്കുക" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "സ്വതവേയുളഅള മേഖല" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' കണക്ഷനു് മേഖല തെരഞ്ഞെടുക്കുക" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "ഷീള്‍ഡ്സ് അപ്പ്/ഡൌണ്‍ മേഘലകള്‍ ക്രമീകരിയ്ക്കുക" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ഷീള്‍ഡ്സ് അപ്പ്, ഷീള്‍ഡ്സ് ഡൌണ്‍ എന്നിവയ്ക്കുപയോഗിച്ച മേഘലകള്‍ നിങ്ങള്‍ക്കു് ഇവിടെ തെരഞ്ഞെടുക്കാം." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "മിക്കപ്പോഴും സ്വതവേയുള്ള മേഘലകള്‍ ഉപയോഗിയ്ക്കുവര്‍ക്കു് ഈ വിശേഷത പ്രയോജനകരമാണു്. കണക്ഷനുകളുടെ " "മേഘലകള്‍ മാറ്റുന്ന ഉപയോക്താക്കള്‍ക്കു് അധികം ഉപയോഗമുണ്ടാവില്ല." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "ഷീള്‍ഡ്സ് അപ്പ് മേഘല:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "ഷീള്‍ഡ്സ് ഡൌണ്‍ മേഘല:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "ഷീള്‍ഡ്സ് അപ്പ്" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "അറിയിപ്പുകള്‍ പ്രവര്‍ത്തന സജ്ജമാക്കുക" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ഫയര്‍വോള്‍ സജ്ജീകരണങ്ങള്‍ ചിട്ടപ്പെടുത്തുക..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "കണക്ഷനുകള്‍ക്കുള്ള മേഘലകള്‍ മാറ്റുക..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "ഷീള്‍ഡ്സ് അപ്പ്/ഡൌണ്‍ മേഘലകള്‍ ക്രമീകരിയ്ക്കുക..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "എല്ലാ നെറ്റ്‌വര്‍ക്ക് ട്രാഫിക്കും തടയുക" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "കണക്ഷനുകള്‍" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ശ്രോതസ്സുകള്‍" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ആധികാരികത ഉറപ്പാക്കല്‍ പരാജയപ്പെട്ടു." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "തെറ്റായ ആര്‍ഗ്യുമെന്റ് %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "പേരു് നിലവിലുണ്ടു്" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ഫയര്‍വോള്‍ ഡെമണിലേക്കു് കണക്ഷന്‍ ലഭ്യമല്ല" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "എല്ലാ നെറ്റ്‌വര്‍ക്ക് ട്രാഫിക്കും തടഞ്ഞിരിയ്ക്കുന്നു" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "സ്വതവേയുള്ള മേഘല: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "'{interface}' ഇന്റര്‍ഫെയിസില്‍ '{connection}' കണക്ഷനു് സജീവമായ '{zone}' മേഘല" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{interface}' ഇന്റര്‍ഫെയിസില്‍ സജീവമായ '{zone}' മേഘല" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "{source} ശ്രോതസ്സില്‍‍ സജീവമായ '{zone}' മേഘല" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "സജീവമായ മേഘലകള്‍ ലഭ്യമല്ല." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD-യ്ക്കുള്ള കണക്ഷന്‍ സ്ഥാപിച്ചിരിയ്ക്കുന്നു." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD-ലേക്കുള്ള കണക്ഷന്‍ നഷ്ടമായി." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD വീണ്ടും ലഭ്യമാക്കിയിരിയ്ക്കുന്നു." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "സ്വതവേയുള്ള മേഘല '%s' ആയി മാറ്റിയിരിയ്ക്കുന്നു." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "നെറ്റ്‌വര്‍ക്ക് ട്രാഫിക്ക് ഇനി തടസ്സപ്പെടുത്തിയിട്ടില്ല." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "സജീവമാക്കിയിരിക്കുന്നു" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "നിര്‍ജ്ജീവമാക്കിയിരിയ്ക്കുന്നു" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{interface}' ഇന്റര്‍ഫെയിസില്‍ '{connection}' കണക്ഷനു് സജീവമായ " "'{zone}'{activated_deactivated} മേഘല" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "'{interface}' ഇന്റര്‍ഫെയിസില്‍ സജീവമായ '{zone}' {activated_deactivated} മേഘല" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "'%s' മേഘല '%s' ഇന്റര്‍ഫെയിസിനു് സജീവമാക്കിയിരിയ്ക്കുന്നു" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{source}' ശ്രോതസ്സിനുള്ള '{zone}' {activated_deactivated} മേഘല" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' മേഘല '%s' ശ്രോതസ്സിനു് സജീവമാക്കിയിരിയ്ക്കുന്നു" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "മാറ്റങ്ങള്‍ സൂക്ഷിച്ചു." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "നെറ്റ്‌വര്‍ക്ക് കണക്ഷന്‍ '%s' ഉപയോഗിയ്ക്കുന്നു" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "പ്രവര്‍ത്തന സജ്ജം" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "പ്രവര്‍ത്തന രഹിതം" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ചിഹ്നങ്ങള്‍ ലഭ്യമാക്കുന്നതില്‍ പരാജയപ്പെട്ടു." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ഉപയോക്തൃനാമം" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "പ്രവര്‍ത്തനസമയം" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "സ്ഥിരമായ" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "സേവനം" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "പോര്‍ട്ട്" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "സമ്പ്രദായം" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ഏത്തിച്ചേരണ്ട പോര്‍ട്ട്" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ഏത്തിച്ചേരണ്ട വിലാസം:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ഐസിഎംപി തരം" #: ../src/firewall-config.in:822 msgid "Family" msgstr "കുടുംബം" #: ../src/firewall-config.in:826 msgid "Action" msgstr "പ്രവര്‍ത്തനം" #: ../src/firewall-config.in:828 msgid "Element" msgstr "എലമെന്റ്" #: ../src/firewall-config.in:830 msgid "Src" msgstr "ശ്രോതസ്സ്" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "ലക്ഷ്യം" #: ../src/firewall-config.in:834 msgid "log" msgstr "ലോഗ്" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ഓഡിറ്റ് ചെയ്യുക" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ശ്രോതസ്സ്" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "മുന്നറിയിപ്പ്" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "പിഴവ്" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "സ്വീകരിയ്ക്കുക" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "നിരസിയ്ക്കുക" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ഉപേക്ഷിയ്ക്കുക" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "പരിധി" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "സേവനം " #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "പോര്‍ട്ട്" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "സമ്പ്രദായം " #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "മാസ്ക്യുറേഡിംങ്" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "നില" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ഉവ്വു്" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "മേഘല" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "'%s' മേഘല: '%s' സര്‍വീസ് തരം ലഭ്യമല്ല." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "നീക്കം ചെയ്യുക" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "അവഗണിയ്ക്കുക" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "'%s' മേഘല: '%s' ഐസിഎംപി തരം ലഭ്യമല്ല." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "ബിള്‍ട്ടിന്‍ zone, rename പിന്തുണയ്ക്കുന്നില്ല." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "നിമിഷം" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "മിനിറ്റ്" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "മണിക്കൂര്‍" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ദിവസം" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "പിശക്" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "മുന്നറിയിപ്പു്" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "വിവരം" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ഇന്റര്‍ഫെയിസ് മാസ്ക്യുറേഡ് ചെയ്താല്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റത്തിലേക്കു് ഫോര്‍വേഡ് ചെയ്യുന്നതു് " "പ്രയോജനകരമാകൂ.\n" "ഈ മേഖല മാസ്ക്യുറേഡ് ചെയ്യണമോ ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "ബിള്‍ട്ടിന്‍ service, rename പിന്തുണയ്ക്കുന്നില്ല." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "ബിള്‍ട്ടിന്‍ icmp, rename പിന്തുണയ്ക്കുന്നില്ല." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "'%s' ശ്രോതസ്സിനു് മേഘല തെരഞ്ഞെടുക്കുക" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "വിലാസം" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ദയവായി കമാന്‍ഡ് ലൈന്‍ നല്‍കുക." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ദയവായി സന്ദര്‍ഭം നല്‍കുക." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "താഴെ കാണിച്ചിട്ടുള്ള പട്ടികയില്‍ നിന്നും സ്വതവേയുള്ള മേഘല ദയവായി തെരഞ്ഞെടുക്കുക." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ഡയറക്ട് ചെയിന്‍" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv, പട്ടിക എന്നിവ തെരഞ്ഞെടുത്തു്, ചെയിന്റെ പേരു് നല്‍കുക." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ചെയിന്‍:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "സുരക്ഷ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "പട്ടിക:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "നേരിട്ടുള്ള പാസ്ത്രൂ നിയമം" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv ദയവായി തെരഞ്ഞെടുത്തു് ആര്‍ഗ്യുമെന്റുകള്‍ നല്‍കുക." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ആര്‍ഗ്യുമെന്റുകള്‍:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "പോര്‍ട്ട് ഫോര്‍‍വേര്‍‍ഡിംഗ്" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "നിങ്ങളുടെ ആവശ്യ‌മനുസരിച്ച് ഉറവിട, ലക്ഷ്യ പോര്‍ട്ടുകള്‍ തെരഞ്ഞെടുക്കുക." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "പോര്‍ട്ട് / പോര്‍ട്ട് പരിധി:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "ഐപി വിലാസം:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "സമ്പ്രദായം:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ലക്ഷ്യസ്ഥലം" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "നിങ്ങള്‍ ലോക്കല്‍ ഫോര്‍വേര്‍ഡിങ് സജ്ജമാക്കിയാല്‍, പോര്‍ട്ട് നല്‍കേണ്ടതാണ്. ഇത് ഉറവിട പോര്‍ട്ടില്‍ നിന്നും " "വ്യ‌‌ത്യ‌‌സ്തമാണ്." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ലോക്കല്‍ ഫോര്‍വേഡിങ്" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "മറ്റൊരു പോര്‍ട്ടിലേക്ക് അയയ്ക്കുക" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "കട്ടിയിലുള്ള എന്‍ട്രികള്‍ നിര്‍ബന്ധമാണു്, മറ്റൊന്നും നിര്‍ബന്ധമല്ല." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "പേരു്:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "പതിപ്പു്‌:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ലഘു:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "വിവരണം:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "കുടുംബം:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "അടിസ്ഥാന ഐസിഎംപി തരം സജ്ജീകരണങ്ങള്‍" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ദയവായി അടിസ്ഥാന ഐസിഎംപി തരം സജ്ജീകരണങ്ങള്‍ ക്രമീകരിയ്ക്കുക: " #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP തരത്തിലുള്ള" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ഒരു ഐസിഎംപി തരം ദയവായി തെരഞ്ഞെടുക്കുക" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "എന്‍ട്രി ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ഫയല്‍ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ഐഛികങ്ങള്‍ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld വീണ്ടും ലഭ്യമാക്കുക" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ഫയര്‍വോള്‍ നിയമങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുന്നു. നിലവില്‍ സ്ഥിരമായുള്ള ക്രമീകരണം പുതിയ പ്രവര്‍ത്തന " "ക്രമീകരണമാകുന്നു. അതായതു്, സ്ഥിരമായ ക്രമീകരണത്തിലില്ലെങ്കില്‍, പ്രവര്‍ത്തന സമയത്തു് വരുത്തിയ " "മാറ്റങ്ങള്‍ വീണ്ടും ലഭ്യമാക്കുമ്പോള്‍ നഷ്ടമാകുന്നു." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ഒരു നെറ്റ്‌വര്‍ക്ക് കണക്ഷനുള്ള മേഖല മാറ്റുക." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "സ്വതവേയുള്ള മേഘല മാറ്റുക" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "കണക്ഷനുകള്‍ക്കും ഇന്റര്‍ഫെയിസുകള്‍ക്കുമുള്ള സ്വതവേയുള്ള മേഖല മാറ്റുക." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "പാനിക്ക് മോഡിനര്‍ത്ഥം വരുന്നതും പോകുന്നതുമായ എല്ലാ പാക്കറ്റുകളും ഇല്ലാതാക്കുന്നു് എന്നാണു്." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "പാനിക്ക് മോഡ്" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ലോക്ക്‍ഡൌണ്‍ ഫയര്‍വോള്‍ ക്രമീകരണം പൂട്ടുന്നു. ഇങ്ങനെ വൈറ്റ്‌ലിസ്റ്റിലുള്ള പ്രയോഗങ്ങള്‍ക്കു് മാത്രമേ ഇതില്‍ " "മാറ്റം വരുത്തുവാന്‍ സാധ്യമാകൂ." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ലോക്ക് ഡൌണ്‍" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "പ്രവര്‍ത്തന ക്രമീകരണം സ്ഥിരമാക്കുക" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "പ്രവര്‍ത്തനസമയം സ്ഥിരമാക്കല്‍" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_കാഴ്ച" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ഐസിഎംപി തരങ്ങള്‍" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "നേരിട്ടുള്ള ക്രമീകരണം" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ലോക്ക്ഡൌണ്‍ വൈറ്റ് ലിസ്റ്റ്" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "സഹായം (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ക്രമീകരണം:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "നിലവില്‍ ദൃശ്യമായ ക്രമീകരണം. പ്രവര്‍ത്തന ക്രമീകരണമാണു് സജീവമായ ക്രമീകരണം. സര്‍വീസ് അല്ലെങ്കില്‍ " "സിസ്റ്റം വീണ്ടും ലഭ്യമാക്കുന്നതിനു് അല്ലെങ്കില്‍ വീണ്ടും ആരംഭിയ്ക്കുന്നതിനു് ശേഷം എന്നേക്കുമുള്ള " "ക്രമീകരണം സജീവമാകുന്നു." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "മേഘലയ്ക്കുള്ള നെറ്റ്‌വര്‍ക്ക് കണക്ഷനുകള്‍, ഇന്റര്‍ഫെയിസുകള്‍, ശ്രോതസ്സ് വിലാസങ്ങള്‍ എന്നിവയ്ക്കുള്ള വിശ്വസ്തത " "firewalld മേഘല നിഷ്കര്‍ഷിയ്ക്കുന്നു. സര്‍വീസുകള്‍, പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, മാസ്ക്യൂറേഡിങ്, പോര്‍ട്ട്/" "പാക്കറ്റ് ഫോര്‍വേഡിങ്, icmp ഫില്‍റ്ററുകള്‍, റിച്ച് റൂളുകള്‍ എന്നിവ മേഘലയില്‍ ലഭ്യമാകുന്നു. " "ഇന്റര്‍ഫെയിസുകളും ശ്രോതസ്സിനുള്ള വിലാസങ്ങളും അനുസരിച്ചാണു് മേഘല." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "മേഘല ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "മേഘല ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "മേഘല നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "സ്വതവേയുള്ള മേഘല ലഭ്യമാക്കുക" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ഏതെല്ലാം സര്‍‍വീസുകളാണ് വിശ്വസനീയം എന്ന് നിങ്ങള്‍ക്ക് ഇവിടെ വ്യ‌ക്തമാക്കാം. ഈ മേഘലയ്ക്കുള്ള " "ശ്രോതസ്സുകളും ഇന്റര്‍ഫെയിസുകളും കണക്ഷനുകളിലും നിന്നും സിസ്റ്റത്തിലേക്കുള്ള എല്ലാ ഹോസ്റ്റുകളും " "നെറ്റ്‌വര്‍ക്കുകളും വിശ്വസനീയമായ സേവനങ്ങള്‍ക്കു് ലഭ്യമാകുന്നു." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "സര്‍വീസുകള്‍" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "അധികമായ പോര്‍ട്ടുകള്‍ അല്ലെങ്കില്‍ പോര്‍ട്ട് പരിധികളും ചേര്‍ക്കുക, സിസ്റ്റത്തിലേക്കു് കണക്ട് ചെയ്യുവാന്‍ " "സാധ്യമായ നെറ്റ്‌വര്‍ക്കുകള്‍ അല്ലെങ്കില്‍ എല്ലാം ഹോസ്റ്റുകളിലേക്കുള്ള ഇവയ്ക്കു് പ്രവേശിയ്ക്കേണ്ടതുണ്ടു്." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ഏത്തിച്ചേരണ്ട പോര്‍ട്ട്" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "പോര്‍ട്ട് ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "പോര്‍ട്ട് നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "പോര്‍ട്ടുകള്‍" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാ പ്രവര്‍ത്തനത്തിനെ ഇന്റര്‍നെറ്റുമായി ബന്ധപ്പെടുത്തുന്നതിനായി ഒരു " "ആതിഥേയന്‍ അല്ലെങ്കില്‍ റൂട്ടര്‍ നിങ്ങള്‍ ക്രമീകരിക്കുന്നു എങ്കില്‍ മാസ്ക്യുറേഡിംഗ് നിങ്ങള്‍ക്ക് " "പ്രയോജനകരമാകുന്നു. നിങ്ങളുടെ പ്രാദേശിക ശൃംഖലാകര്മ്മം അദൃശ്യ‌മായിരിക്കും, മാത്രമല്ല, " "ഇന്റര്‍നെറ്റില്‍ ആതിഥേയനെ ഒരു വിലാസമായി കണക്കാക്കുന്നു. മാസ്ക്യുറേഡിംഗ് IPv4 മാത്രമാണ്." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "മാസ്ക്യുറേഡ് മേഘല" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "മാസ്ക്യുറേഡിങ് പ്രവര്‍ത്തന സജ്ജമാക്കുന്നെങ്കില്‍, നിങ്ങളുടെ IPv4 നെറ്റ്‌വര്‍ക്കു് ഐപി ഫോര്‍വേഡിങ് " "പ്രവര്‍ത്തന സജ്ജമാക്കുന്നു." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "മാസ്ക്യുറേഡിംഗ്" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ഒരു പ്രാദേശിക വ്യവ്സ്ഥയിലുള്ള പോര്‍ട്ടില്‍ നിന്നും മറ്റൊന്നിലേക്ക് അല്ലെങ്കില്‍ ഒരു പ്രാദേശിക " "വ്യ‌വസ്ഥയില്‍നിന്നും മറ്റൊന്നിലേക്ക് പോര്‍ട്ടുകള്‍ അയയ്ക്കുന്നതിനായി എന്ട്രികള്‍ നല്‍കുക. വിനിമയതലം " "മാസ്ക്യുറേഡ് ചെയ്തെങ്കില്‍ മാത്രമേ മറ്റൊരു സിസ്റ്റമിലേക്ക് അയയ്ക്കുന്നതില്‍ പ്രയോജനമുള്ളൂ. പോര്‍ട്ട് " "ഫോര്‍വേര്‍ഡിംഗ് IPv4 മാത്രമാണ്." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ഫോര്‍വേഡ് പോര്‍ട്ട് ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ഫോര്‍വേഡ് പോര്‍ട്ട് ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ഫോര്‍വേഡ് പോര്‍ട്ട് നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ശൃംഖലയിലെ കമ്പ്യൂട്ടറുകള്‍ക്ക് തമ്മില്‍ പിശക് അറിയിക്കുന്ന സന്ദേശങ്ങള്‍ അയയ്ക്കുന്നതിനാണ് പ്രധാനമായും " "ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മെസേജ് പ്രോട്ടോക്കോള്‍ (ICMP) ഉപയോഗിക്കുന്നത്. കൂടാതെ, വിവരങ്ങള്‍ " "ലഭ്യ‌മാക്കുവാന്‍ സഹായിക്കുന്ന പിങ് അപേക്ഷകള്‍ക്കും മറുപടികള്‍ക്കും ഇവ ഉപയോഗിക്കുന്നു." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "പട്ടികയില്‍ നിന്നും വേണ്ട എന്ന് തീരുമാനിക്കേണ്ട ICMP തരത്തിലുള്ളവ അടയാളപ്പെടുത്തുക. മറ്റെല്ലാ " "ICMP തരത്തിലുള്ളവയും ഫയര്‍വോള്‍ കടക്കുന്നതിന് അനുവാദമുള്ളവയാണ്. പരിമിതികളില്ലാത്തതാണ് സഹജം." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ഫില്‍‌റ്റര്‍" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "മേഘലയ്ക്കുള്ള റിച്ച് ഭാഷ നിയമങ്ങള്‍ നിങ്ങള്‍ക്കിവിടെ സജ്ജമാക്കാം." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "റിച്ച് റൂള്‍ ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "റിച്ച് റൂള്‍ ചിട്ടപ്പെട്ടുത്തുക" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "റിച്ച് റൂള്‍ നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "റിച്ച് റൂളുകള്‍" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "മേഘലയ്ക്കു് സംയോജക ഘടകങ്ങള്‍ ബൈന്‍ഡ് ചെയ്യുന്നതിനു് എന്‍ട്രികള്‍ ചേര്‍ക്കുക. സംയോജകഘടകം ഒരു കണക്ഷന്‍ " "ഉപയോഗിയ്ക്കുന്നെങ്കില്‍, കണക്ഷനില്‍ വ്യക്തമാക്കിയിരിയ്ക്കുന്ന മേഘലയായി ഈ മേഘല സജ്ജമാക്കുന്നു." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ഇന്റര്‍ഫെയിസ് ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ഇന്റര്‍ഫെയിസില്‍ മാറ്റം വരുത്തുക" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ഇന്റര്‍ഫെയിസ് നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ഒരു ശ്രോതസ്സ് ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ശ്രോതസ്സില്‍ മാറ്റം വരുത്തുക" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ശ്രോതസ്സ് നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "മേഘലകള്‍" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "പോര്‍ട്ടുകള്‍, സമ്പ്രദായങ്ങള്‍, ഘടകങ്ങള്‍, ലക്ഷ്യ വിലാസങ്ങള്‍ എന്നിവയെ ഒന്നിച്ചു് ഒരു firewalld " "സര്‍വീസായി കണക്കാക്കുന്നു." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "സര്‍വീസ് ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "സര്‍വീസ് ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "സര്‍വീസ് നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "സ്വതവേയുള്ള സര്‍വീസ് ലഭ്യമാക്കുക" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "എന്‍ട്രി ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "എന്‍ട്രി നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ഘടകങ്ങള്‍" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ലക്ഷ്യസ്ഥാന വിലാസങ്ങള്‍ നല്‍കുന്നെങ്കില്‍, ലക്ഷ്യസ്ഥാന വിലാസം , തരം എന്നതില്‍ സര്‍വീസ് എന്‍ട്രി " "ഒതുങ്ങുന്നു. രണ്ടു് എന്‍ട്രികളും കാലിയെങ്കില്‍ ഒരു പരിമിതികളുമില്ല." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ സര്‍വീസുകള്‍ക്കു് മാറ്റം വരുത്തുവാന്‍ സാധിയ്ക്കൂ. സര്‍വീസുകളുടെ " "പ്രവര്‍ത്തന ക്രമീകരണം പരിഹരിച്ചിരിയ്ക്കുന്നു." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld-യ്ക്കുള്ളൊരു ഇന്റര്‍നെറ്റ് കണ്ട്രോള്‍ മസ്സേജ് പ്രോട്ടോക്കോള്‍ (ഐസിഎംപി) തരത്തിനുള്ള " "വിവരങ്ങള്‍ ഒരു firewalld icmptype ലഭ്യമാക്കുന്നു." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ഐസിഎംപി തരം ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ഐസിഎംപി തരം ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ഐസിഎംപി തരം നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ഐസിഎംപി തരത്തിലുള്ളവ ലഭ്യമാക്കുക" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "IPv4, IPv6 എന്നിവയ്ക്കു് ഐസിഎംപി തരം ലഭ്യമാണോ എന്നു് വ്യക്തമാക്കുക." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "സ്ഥിരമായുള്ള ക്രമീകരണ കാഴ്ചയില്‍ മാത്രമേ ഐസിഎംപി തരങ്ങള്‍ക്കു് മാറ്റം വരുത്തുവാന്‍ സാധിയ്ക്കൂ. " "ഐസിഎംപി തരങ്ങളുടെ പ്രവര്‍ത്തന ക്രമീകരണം പരിഹരിച്ചിരിയ്ക്കുന്നു." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "നേരിട്ടുള്ള ക്രമീകരണം ഫയര്‍വോളിലേക്കു് കൂടുതല്‍ അനുമതി നല്‍കുന്നു. ഈ ഐച്ഛികങ്ങള്‍ക്കു്, ഉപയോക്താവു് " "അടിസ്ഥാന iptables ശൈലികള്‍, അതായതു്, പട്ടികകള്‍, ചെയിനുകള്‍, കമാന്‍ഡുകള്‍, പരാമീറ്ററുകള്‍, " "ടാര്‍ഗറ്റുകള്‍ എന്നിവ അറിയേണ്ട ആവശ്യമുണ്ടു്. മറ്റു് firewalld വിശേഷതകള്‍ ഉപയോഗിയ്ക്കുവാന്‍ സാധ്യമല്ല " "എന്നുറപ്പുള്ളപ്പോള്‍ മാത്രം നേരിട്ടുള്ള ക്രമീകരണം ഉപയോഗിയ്ക്കുവാന്‍ പാടുള്ളൂ." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ഓരോ ഐച്ഛികത്തിന്റേയും ipv ആര്‍ഗ്യുമെന്റ് ipv4 അല്ലെങ്കില്‍ ipv6 അല്ലെങ്കില്‍ eb ആയിരിയ്ക്കണം. " "ipv4 - iptables, ipv6 - ip6tables, eb - ഇഥര്‍നെറ്റ് ബ്രിഡ്ജുകള്‍ക്കു് (ebtables) " "എന്നിങ്ങനെയാകുന്നു." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "നിയമങ്ങള്‍ക്കൊപ്പം ഉപയോഗിയ്ക്കുന്നതിനുള്ള അധികമായ ചെയിനുകള്‍." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ചെയിന്‍ ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ചെയിനില്‍ മാറ്റം വരുത്തുക" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ചെയിന്‍ നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ചെയിനുകള്‍" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "മുന്‍ഗണനയ്ക്കൊപ്പം ഒരു പട്ടികയില്‍ ഒരു ചെയിനിനു് args ആര്‍ഗ്യുമെന്റുകള്‍ക്കൊപ്പം ഒരു നിയമം ചേര്‍ക്കുക." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "നിയമങ്ങളുടെ ക്രമത്തിനു് വേണ്ടി മുന്‍ഗണന ഉപയോഗിയ്ക്കുന്നു. മുന്‍ഗണന 0 - ചെയിനിന്റെ മുകളില്‍ നിയമം " "ചേര്‍ക്കുക, ഇതിനു് ശേഷം കൂടുതല്‍ മുന്‍ഗണനയോടെ നിയമങ്ങള്‍ ചേര്‍ക്കുന്നു. ഒരേ മുന്‍ഗണനയുള്ള നിയമങ്ങള്‍ ഒരേ " "തലത്തിലാകുന്നു. ഇവയുടെ ക്രമം സ്ഥിരമല്ല, മാറ്റുവാന്‍ സാധ്യമാകുന്നു. ഒന്നിനു് ശേഷം മറ്റൊന്നായി " "നിയമം ചേര്‍ക്കുന്നതിനു്, ആദ്യം മുന്‍ഗണന കുറഞ്ഞതു് ഉപയോഗിയ്ക്കുക ശേഷം മുന്‍ഗണന കൂടിയതു്, അങ്ങനെ..." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "നിയമം ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "നിയമത്തില്‍ മാറ്റം വരുത്തുക" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "നിയമം‍ നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "നിയമങ്ങള്‍" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "പാസ്ത്രൂ നിയമങ്ങള്‍ പ്രത്യേക ചെയിനിലല്ല, പക്ഷേ നേരിട്ടു് ഫയര്‍വോളിലേക്കു് അയയ്ക്കുന്നു. iptables, " "ip6tables, ebtables എന്നിവയെല്ലാം ഉപയോഗിയ്ക്കാം." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "പാസ്ത്രൂ നിയമങ്ങള്‍ ഫയര്‍വോളിനെ ബാധിയ്ക്കുന്നില്ലെന്നു് ദയവായി ഉറപ്പു് വരുത്തുക." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "പാസ്ത്രൂ ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "പാസ്ത്രൂ ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "പാസ്ത്രൂ നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "പാസ്ത്രൂ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "firewalld-യ്ക്കുള്ള ഉപയോക്താവിനും പ്രയോഗത്തിനുമുള്ള ലളിതമായ പോളിസികളാണു് ലോക്ക്ഡൌണ്‍ വിശേഷത. " "ഇതു് ഫയര്‍വോളില്‍ മാത്രമേയുള്ളൂ. ലോക്ക്ഡൌണ്‍ വൈറ്റ് ലിസ്റ്റില്‍ കമാന്‍ഡുകള്‍, സന്ദര്‍ഭങ്ങള്‍, ഉപയോക്താക്കള്‍, " "ഉപയോക്തൃ ഐഡികള്‍ എന്നിവ അടങ്ങുന്നു." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "സന്ദര്‍ഭം ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "സന്ദര്‍ഭം ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "സന്ദര്‍ഭം നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "സന്ദര്‍ഭങ്ങള്‍" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "വൈറ്റ് ലിസ്റ്റിലുള്ളൊരു കമാന്‍ഡ് എന്‍ട്രി '*'-ല്‍ അവസാനിയ്ക്കുന്നെങ്കില്‍, കമാന്‍‍ഡില്‍ ആരംഭിയ്ക്കുന്ന എല്ലാ " "കമാന്‍ഡ് ലൈനുകളും ചേരുന്നു. '*' ലഭ്യമല്ലെങ്കില്‍, ആര്‍ഗ്യുമെന്റുകള്‍ ഉള്‍പ്പടെയുള്ള ആബ്സല്യൂട്ട് കമാന്‍ഡും " "പൊരുത്തപ്പെടണം. " #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "കമാന്‍ഡ് ലൈന്‍ ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "കമാന്‍ഡ് ലൈന്‍ ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "കമാന്‍ഡ് ലൈന്‍ നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "കമാന്‍ഡ് ലൈനുകള്‍" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ഉപയോക്താവിന്റെ പേരുകള്‍." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ഉപയോക്തൃനാമം ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ഉപയോക്തൃനാമം ചിട്ടപ്പെടുത്തുക" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ഉപയോക്തൃനാമം നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ഉപയോക്താവിന്റെ പേരുകള്‍" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ഉപയോക്താവിന്റെ ഐഡികള്‍." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ഉപയോക്തൃ ഐഡി ചേര്‍ക്കുക" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ഉപയോക്തൃ ഐഡിയില്‍ മാറ്റം വരുത്തുക" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ഉപയോക്തൃ ഐഡി നീക്കം ചെയ്യുക" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ഉപയോക്താവിന്റെ ഐഡികള്‍" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "സിസ്റ്റത്തില്‍ നിലവില്‍ സ്വതവേയുള്ള മേഘല." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "പാനിക്ക് മോഡ്:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ലോക്ക്ഡൌണ്‍:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "സ്വതവേയുള്ള മേഘല:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "പോര്‍ട്ടും സമ്പ്രദായവും" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ഒരു പോര്‍ട്ടും സമ്പ്രദായവും ദയവായി നല്‍കുക." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "നേരിട്ടുള്ള നിയമം" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ipv, പട്ടിക, ചെയിന്‍ മുന്‍ഗണം എന്നിവ പരിശോധിച്ചു് ആര്‍ഗ്യുമെന്റുകള്‍ നല്‍കുക." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "മുന്‍ഗണന:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ദയവായി ഒരു സമ്പ്രദായം നല്‍കുക." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "മറ്റുള്ള സമ്പ്രദായം:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "റിച്ച് റൂള്‍" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ദയവായി ഒരു റിച്ച് റൂള്‍ നല്‍കുക." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "ഹോസ്റ്റ് അല്ലെങ്കില്‍ നെറ്റ്‌വര്‍ക്കിനു്, വൈറ്റ് അല്ലെങ്കില്‍ ബ്ലാക്ക് ലിസ്റ്റ് ചെയ്തതിനു് എലമെന്റ് " "നിര്‍ജീവമാക്കുക." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ശ്രോതസ്സ്:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ലക്ഷ്യസ്ഥാനം:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ലോഗ്:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ഓഡിറ്റ് ചെയ്യുക:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4-ഉം ipv6-ഉം" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "വിപിരീതമായ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "പ്രവര്‍ത്തനസജ്ജമാക്കുന്നതിനായി, ഈ പ്രവര്‍ത്തി 'reject' ചെയ്തു് കുടുംബം 'ipv4' അല്ലെങ്കില്‍ " "'ipv6' ആയിരിയ്ക്കണം (രണ്ടും പാടില്ല )." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "തരം:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "പരിധി:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "പ്രീഫിക്സ്:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "തലം:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "എലമെന്റ്:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "പ്രവര്‍ത്തി:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "അടിസ്ഥാന സര്‍വീസ് സജ്ജീകരണങ്ങള്‍" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "അടിസ്ഥാന സര്‍വീസ് സജ്ജീകരണങ്ങള്‍ ദയവായി ക്രമീകരിയ്ക്കുക:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ദയവായി ഒരു സര്‍വീസ് തെരഞ്ഞെടുക്കുക." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ഉപയോക്തൃ ഐഡി" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ദയവായി ഉപയോക്തൃ ഐഡി നല്‍കുക." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ദയവായി ഉപയോക്തൃനാമം നല്‍കുക." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "അടിസ്ഥാന മേഘല സജ്ജീകരണങ്ങള്‍" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ദയവായി അടിസ്ഥാന മേഘല സജ്ജീകരണങ്ങള്‍ ക്രമീകരിയ്ക്കുക:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "സ്വതവേയുള്ള ലക്ഷ്യസ്ഥാനം" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ലക്ഷ്യസ്ഥാനം:" firewalld-0.8.2/po/gl.po0000664007115300711530000013503013641112251016232 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Xosé , 2013 # Xosé , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:45+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Galician (http://www.transifex.com/projects/p/firewalld/" "language/gl/)\n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Applet de devasa" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Devasa" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuración da devasa" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Escolla a zona para a interface «%s»" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Esta funcionalidade é útil para quen empregue principalmente as zonas por " "omisión. Par quen ande a cambiar as zonas das conexións podería ter pouco " "uso." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Activar as notificacións" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Editar a configuración da devasa..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Cambiar as zonas das conexións..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloquear todo o tráfico da rede" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Conexións" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Fallou a autorización." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "O nome non é válido" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Xa existe ese nome" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Non hai ningunha conexión co daemon da devasa" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Todo o tráfico da rede está bloqueado." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "A zona «{zone}» está activa para a conexión «{connection}» na interface " "«{interface}»" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "A zona '{zone}' está activa para a interface '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Non hai ningunha zona activa." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Estabeleceuse unha conexión a FirewallD." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Perdeuse a conexión a FirewallD." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "Cargouse FirewallD de novo." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "A zona por omisión cambiou a «%s»." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "O tráfico da rede xa non está bloqueado." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "activado" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "desactivado" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "A zona «{zone}» está {activated_deactivated} para a conexión «{connection}» " "na interface «{interface}»" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "A zona «{zone}» está {activated_deactivated} na interface «{interface}»" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "A zona «%s» está acivada na interface «%s»" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Fallou a carga das iconas." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servizo" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porto" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Ao porto" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Ao enderezo" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo de ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Orixe" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Aviso" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona «%s»: O servizo «%s» non está dispoñíbel." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Retirar" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorar" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona «%s»: O tipo de ICMP «%s» non está dispoñíbel." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Enderezo" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Encamiñamento dos portos" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Escolla as opcións de orixe e destino segundo as súas necesidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porto / Intervalo de portos:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Enderezo de IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Para activar o encamiñamento local hai que indicar un porto. Este porto ten " "que ser diferente do porto de orixe." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Encamiñamento local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Encamiñar a outro porto" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "A entradas en negra son obrigatorias; todas as demais son opcionais." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versión:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Curto:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrición:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Configuración dos tipos de ICMP de base" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configure os tipos de ICMP de base:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo de ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Engadir unha entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Ficheiro" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opcións" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Cargar Firewalld de novo" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Cambiar a zona por omisión" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "A_xuda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuración visíbel actualmente. A configuración do tempo de execución é a " "configuración activa real. A configuración permanente estará activa despois " "de recargar ou reiniciar o servizo ou o sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Engadir unha zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar a zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Retirar a zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servizos" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Engadir un porto" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edita o porto" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Retirar o porto" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portos" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Engadir un porto de encamiñamento" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Editar un porto de encamiñamento" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Retirar un porto de encamiñamento" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "O Protocolo de Mensaxes de Control da Internet (ICMP) emprégase " "principalmente para enviar mensaxes de erro entre os computadores dunha " "rede, mais, alén disto, tamén para mensaxes informativos como solicitudes e " "respostas de ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marque os tipos de ICMP da lista que desexe que sexan rexeitados. O resto " "dos tipos de ICMP terán permitido pasar a devasa. Por omisión non hai " "limitación." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro de ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Engadir un servizo" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar o servizo" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Retirar o servizo" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar a entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Retirar a entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se se indican enderezos de destino, a entrada do servizo limítase ao " "enderezo e tipo de destino. Se ambas as dúas entradas estiveren baleiras non " "hai limitación." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Engadir un tipo de ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editar o tipo de ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Retirar o tipo de ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona por omisión actual do sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona por omisión" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porto e protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Introduza un porto e un protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Outro protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Configuración dos servizos de base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configure as opcións dos servizos de base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Configuración das zonas de base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Configure as opcións das zonas de base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destino por omisión" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destino:" firewalld-0.8.2/po/ja.po0000664007115300711530000020240413641112251016222 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Aiko Sasaki , 2014 # Copyright (C) Red Hat Inc. 2010, 2011 # Hajime Taira , 2010-2011,2013 # Kenzo Moriguchi , 2014 # noriko , 2014 # noriko , 2014 # Tomoyuki KATO , 2012-2013 # Hajime Taira , 2015. #zanata # Aiko Sasaki , 2016. #zanata # Hajime Taira , 2016. #zanata # Noriko Mizumoto , 2016. #zanata # Takuro Nagamoto , 2016. #zanata # Casey Jones , 2018. #zanata # Eric Garver , 2018. #zanata # Hajime Taira , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:25+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Japanese (http://www.transifex.com/projects/p/firewalld/" "language/ja/)\n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ファイアウォールアプレット" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ファイアウォール" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ファイアウォールの設定" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "ファイアウォール;ネットワーク;セキュリティー;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "インターフェース '%s' のゾーンを選択する" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "標準ゾーン" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "接続 '%s' のゾーンを選択する" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "ソース '%s' のゾーンを選択する" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "シールド・アップ/ダウン・ゾーンの設定" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "ここからシールド・アップおよびシールド・ダウンに対して使用するゾーンを選択で" "きます。" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "この機能はたいてい標準のゾーンを使用する人々にとって有用です。接続のゾーンを" "変更しているユーザーに対して、限定的に使用できます。" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "シールド・アップ・ゾーン:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "デフォルトにリセット" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "シールド・ダウン・ゾーン:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "%s について" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "作者" #: ../src/firewall-applet.in:401 msgid "License" msgstr "ライセンス" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "シールド・アップ" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "通知の有効化" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ファイアウォール設定の編集..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "接続のゾーンの変更..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "シールド・アップ/ダウン・ゾーンの設定..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "すべてのネットワーク・トラフィックのブロック" #: ../src/firewall-applet.in:500 msgid "About" msgstr "このアプリケーションについて" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "接続" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "インターフェース" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "送信元" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "認証に失敗しました。" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "無効な名前" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "名前がすでに存在します" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (ゾーン: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (デフォルトゾーン: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NetworkManager からの接続の取得に失敗しました" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "利用可能な NetworkManager インポートがありません" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ファイアーウォール・デーモンへの接続がありません。" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "すべてのネットワーク通信が遮断されます。" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "標準ゾーン: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 " "'{connection}' に対して有効化" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対し" "て有効化" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ゾーン '{zone}' がインターフェース '{interface}' に対して有効化" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "ゾーン '{zone}' を送信元 {source} に対して有効化" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "有効なゾーンがありません。" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD への接続が確立されました。" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD への接続が失われました。" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD が再読み込みされました。" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "標準のゾーンを '%s' に変更しました。" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "ネットワーク通信が遮断されなくなります。" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "有効化" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "無効化" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "デフォルトゾーン '{default_zone}' がインターフェース '{interface}' の接続 " "'{connection}' に対して {activated_deactivated} " #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ゾーン '{zone}' がインターフェース '{interface}' の接続 '{connection}' に対し" "て {activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "インターフェース '{interface}' に対してゾーン '{zone}' を " "{activated_deactivated} しました" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ゾーン '%s' をインターフェース '%s' に対して有効化しました" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" "ゾーン '{zone}' を送信元 '{source}' に対して {activated_deactivated} しました" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "ゾーン '%s' を送信元 '%s' に対して有効化しました" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr " firewalld への接続が確立されました。" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "firewalld への接続を試行しています。お待ちください..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "firewalldへの接続に失敗しました。サービスが正常に開始していることを確認して、" "再度接続を試行してください。" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "変更を適用しました。" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ネットワーク接続 '%s' により使用中" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "ネットワーク接続 '%s' で使用されるデフォルトゾーン" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "有効" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "無効" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "アイコンの読み込みに失敗しました。" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "コンテキスト" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "コマンドライン" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ユーザー名" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ユーザーID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "テーブル" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "チェイン" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "優先度" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "引数" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "実行時" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "永続" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "サービス" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ポート" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "プロトコル" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "送信先ポート" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "送信先アドレス" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "バインディング" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "エントリー" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP タイプ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ファミリー" #: ../src/firewall-config.in:826 msgid "Action" msgstr "アクション" #: ../src/firewall-config.in:828 msgid "Element" msgstr "要素" #: ../src/firewall-config.in:830 msgid "Src" msgstr "送信元" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "送信先" #: ../src/firewall-config.in:834 msgid "log" msgstr "ログ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "監査" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "インターフェース" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "コメント" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "送信元" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "警告" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "エラー" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "受信" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "拒否" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "廃棄" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "マーク" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "制限" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "サービス" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ポート" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "プロトコル" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "マスカレード" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "ICMP タイプ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "レベル" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "はい" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ゾーン" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "デフォルトゾーン: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "ゾーン: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ゾーン '%s': サービス '%s' が利用可能ではありません。" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ゾーンの削除" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "無視" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ゾーン '%s': ICMP タイプ '%s' が利用可能ではありません。" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "組み込みのゾーンです。名前の変更はできません。" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "秒" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "分" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "時間" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "日" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "緊急" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "アラート" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "クリティカル" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "エラー" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "警告" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "注意" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "情報" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "デバッグ" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "IPv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "IPv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "他のシステムへの転送は、インターフェースがマスカレードされている場合のみ有用" "です。\n" "このゾーンをマスカレードしたいですか ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "組み込みのサービスです。名前の変更はできません。" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "IPv4 アドレスを address[/mask] の形式で入力してください。" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "mask は、ネットワークマスクもしくは数字で指定できます。" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "IPv6 アドレスを address[/mask] の形式で入力してください。" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "mask は数字で指定します。" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "IPv4 もしくは IPv6 アドレスを address[/mask] の形式で入力してください。" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "mask は、IPv4 の場合ネットワークマスクが指定できます。IPv6 の場合には数字で指" "定してください。" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "組み込みの IPSet です。名前の変更はできません。" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "ファイルを選択してください" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "テキストファイル" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "全ファイル" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "すべて" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "ビルトインヘルパーです。名前の変更はサポートされていません。" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "組み込みの ICMP です。名前の変更はできません。" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "ファイル '%s' の読み込みに失敗しました: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "ソース %s のゾーンを選択する" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "アドレス" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "オートマチックヘルパー" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "オートマチックヘルパーの値を選択してください:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "コマンドラインを入力してください。" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "コンテキストを入力してください。" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "以下の一覧から標準のゾーンを選択してください。" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ダイレクトチェイン" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv とテーブルを選択し、チェイン名を入力してください。" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "チェイン:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "security" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "テーブル:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ダイレクト・パススルー・ルール" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv を選択し、引数を入力してください。" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "引数:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ポート転送" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "必要に応じた送信元と送信先のオプションを選択してください。" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ポート / ポート範囲:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP アドレス:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "プロトコル:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "送信先" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ローカル転送を有効にする場合、ポートを指定する必要があります。これはソース" "ポートと異なる必要があります。" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ローカル転送" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "他のポートへの転送" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "ベースヘルパーの設定" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "ベースヘルパーの値の設定を行ってください:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "太字の項目は必須です、その他はすべてオプションです。" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "名前:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "バージョン:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "概要:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "詳細:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ファミリー:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "モジュール:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "ヘルパー" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "ヘルパーを選択してください:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "基本 ICMP タイプ設定" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "基本 ICMP タイプ設定を設定してください:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP の種類" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ICMP タイプを選択してください。" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "エントリーの追加" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "ファイルからエントリーを追加" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "選択したエントリーの削除" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "すべてのエントリーの削除" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "ファイルからエントリーを削除" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ファイル(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "オプション(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld の再読み込み" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ファイアウォールルールを再読み込みします。現在の永続的な設定が新しい実行時の" "設定になります。つまり、永続的な設定に存在しない、再読み込みするまでに行われ" "た実行時の変更はすべて失われます。" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ネットワーク接続に適用されるゾーンを変更します。" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "標準のゾーンの変更" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "接続やインターフェースに適用される標準のゾーンを変更します。" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "拒否されたログの変更" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "LogDenied 値を変更します。" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "オートマチックヘルパーの割り当てを設定する" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "オートマチックヘルパーの割り当て値を設定する" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "パニックモードはすべての送受信パケットが破棄されます。" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "パニックモード" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ロックダウンにより、ロックダウン・ホワイトリストにあるアプリケーションのみが" "ファイアウォール設定を変更できるようにロックします。" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ロックダウン" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "実行時の設定を永続的にする" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "永続的にする実行時設定" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "表示(_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP タイプ" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "ヘルパー" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ダイレクト設定" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ロックダウン・ホワイトリスト" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "アクティブバインディング" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ヘルプ(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "ゾーンの変更" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "バインディングのゾーンを変更" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "接続のアクティブなランタイムバインディング、インターフェースおよびソースを" "ゾーンに対して非表示にします" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "接続のアクティブなランタイムバインディング、インターフェースおよびソースを" "ゾーンに対して表示します" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "設定:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "現在利用可能な設定。実行時の設定が実際に有効な設定です。永続的な設定は、サー" "ビスまたはシステムが再読み込みまたは再起動した後、有効になります。" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld ゾーンではゾーンに結び付けられているネットワーク接続、インター" "フェースおよび送信元アドレスの信頼レベルを定義します。サービス、ポート、プロ" "トコル、マスカレード、ポートとパケット転送、ICMP フィルター、高度なルールを組" "み合わせます。ゾーンはインターフェースや送信元アドレスに結び付けることができ" "ます。" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ゾーンの追加" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ゾーンの編集" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ゾーンの削除" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ゾーンの初期値の読み込み" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "このゾーンで信頼できるサービスを定義することができます。このゾーンに結び付け" "られている接続、インターフェース、送信元からこのマシンに到達できるホストや" "ネットワークならいずれでも信頼できるサービスへのアクセスが可能になります。" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "サービス" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "このマシンに接続できるホストやネットワークがアクセスできなければならないポー" "トまたはポート範囲を追加します。" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "送信先ポート" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ゾーンの編集" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ゾーンの削除" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ポート" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "すべてのホストやネットワークがアクセスできなければならないプロトコルを追加し" "ます。" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "プロトコルの追加" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "プロトコルの編集" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "プロトコルの削除" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "プロトコル" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "このマシンに接続できるすべてのホストやネットワークがアクセスできなければなら" "ないソースポートまたはポート範囲を追加します。" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "送信元ポート" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "マスカレード機能を使用するとローカルネットワークをインターネットに繋げるルー" "ターまたはホストをセットアップすることができます。ローカルネットワークはイン" "ターネット上からは見えなくなり、インターネット上ではホストが 1 つのアドレスと" "して表示されます。マスカレード機能は IPv4 限定です。" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "マスカレードゾーン" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "マスカレード機能を有効にすると、IPv4 ネットワークで IP フォワーディングが有効" "になります。" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "マスカレード機能" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ローカルシステム上の任意のポートから別のポートへポート転送、ローカルシステム" "から別のシステムへのポート転送を行うためのエントリーを追加します。別のシステ" "ムへのポート転送についてはインターフェースがマスカレードされている場合にのみ" "有効です。ポート転送は IPv4 限定です。" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "転送ポートの追加" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "転送ポートの編集" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "転送ポートの削除" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP (Internet Control Message Protocol) は、主にネットワーク上の コンピュー" "タ間でエラーメッセージを送信するのに使用されますが、更には ping の要求や応答" "などの情報メッセージにも使用されます。" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "一覧内の拒否されるべき ICMP タイプをマークします。 その他すべての ICMP タイプ" "はファイアーウォールの通過が許可されます。 デフォルトでは無制限になっていま" "す。" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "反転フィルターが有効にされている場合、マークされた ICMP エントリーは受け入れ" "られ、それ以外は拒否されます。ターゲットが DROP のゾーンでは、それらは破棄さ" "れます。" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "反転フィルター" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP フィルター" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ここからゾーンの高度な言語ルールを設定できます。" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "高度なルールの追加" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "高度なルールの編集" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "高度なルールの削除" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "高度なルール" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "インターフェースをゾーンに割り当てるための項目を追加します。インターフェース" "が接続により使用される場合、ゾーンが接続で指定されたゾーンが設定されます。" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "インターフェースの追加" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "インターフェースの編集" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "インターフェースの削除" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "ゾーンに送信元アドレスもしくはエリアをバインドするためにエントリーを追加しま" "す。送信元の MAC アドレスをバインドすることもできます。しかし、その場合に制約" "があります。ポートフォアーディングおよびマスカレーディングには、送信元 MAC ア" "ドレスのバインディングは機能しません。" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ソースの追加" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ソースの編集" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ソースの削除" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ゾーン" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "firewalld サービスとはポートやプロトコル、モジュール、送信先アドレスなどの組" "み合わせを指します。" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "サービスの追加" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "サービスの編集" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "サービスの削除" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "サービスの標準の読み込み" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "すべてのホストやネットワークからアクセスできることが必要な追加のポートか、" "ポートの範囲を追加します。" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "エントリーの編集" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "エントリーの削除" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "すべてのホストやネットワークがアクセスできなければならないソースポートまたは" "ポート範囲を追加します。" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "ソースポート" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfiler ヘルパーモジュールは、いくつかのサービスを必要としています" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "モジュール" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "送信先アドレスを指定すると、サービスの項目が送信先アドレスとタイプに制限され" "ます。どちらの項目も空の場合、制限がありません。" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "サービスは永続的な設定の表示画面だけで変更できます。サービスの実行時の設定が" "変更されます。" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet はホワイトリストもしくはブラックリストを作成でき、その中に、IPアドレス" "やポート番号、MAC アドレスの情報を格納できます。" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet の追加" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet の編集" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet の削除" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet の初期値の読み込み" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet エントリーの一覧では、タイムアウトオプションを使用していない IPSet のエ" "ントリー、firewalld によって追加されたエントリーのみを確認することができま" "す。ipset コマンドを直接実行して追加したエントリーは表示されません。" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "この IPSet はタイムアウトオプションを使っています。従って、ここにはエントリー" "が表示されません。エントリーは ipset コマンドを直接実行する必要があります。" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "追加" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "エントリー" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "IPSets は永続的な設定の表示画面だけで作成および削除ができます。" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld の ICMP タイプは firewalld 用の Internet Control Message Protocol " "(ICMP) タイプの情報を提供します。" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP の種類の追加" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP の種類の編集" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP の種類の削除" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP タイプの初期値の読み込み" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "この ICMP タイプが IPv4 と IPv6 に対して利用可能であるかどうかを指定します。" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP タイプは永続的な設定の表示画面だけで変更できます。ICMP タイプの実行時の" "設定は変更されます。" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "コネクショントラッキングヘルパーは、シグナルとデータ転送との異なるフローで利" "用されるプロトコルが動作するよう支援します。データ転送は、シグナル接続と無関" "係なポートを利用するため、ヘルパーがないとファイアウォールによってブロックさ" "れてしまいます。" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "ポートもしくはポートの範囲を定義し、それをヘルパーによってモニタリングされま" "す。" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ダイレクト設定により、ファイアウォールにより直接アクセスできます。これらのオ" "プションは、ユーザーが iptables の基本的な概念、つまりテーブル、チェイン、コ" "マンド、パラメーター、ターゲットに関する知識を有していることを前提にしていま" "す。ダイレクト設定は、他のファイアウォール機能を使用できない場合に、最終手段" "としてのみ使用すべきです。" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "各オプションの ipv 引数は ipv4, ipv6, eb のどれかである必要があります。ipv4 " "を指定すると、iptables が使用されます。ipv6 を指定すると、ip6tables が使用さ" "れます。eb を指定すると、イーサネットブリッジ (ebtables) が使用されます。" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ルールで用いる追加のチェイン。" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "チェインの追加" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "チェインの編集" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "チェインの削除" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "チェイン" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ルールを args 引数とともに、テーブルにあるチェインに優先度を付けて追加しま" "す。" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "優先度はルールの順序をつけるために使用されます。優先度 0 はルールをチェインの" "最初に追加します。より高い優先度を持つルールがさらに下に追加されます。同じ優" "先度を持つルールは同じレベルになります。これらのルールの順序は固定されず、変" "更されるかもしれません。ルールを確実に他のルールの後ろに追加したい場合、最初" "に低い優先度を使用し、次により高い優先度を使用します。" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ルールの追加" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ルールの編集" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ルールの削除" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ルール" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "パススルールールは直接ファイアウォールに渡されるルールです。特別なチェインに" "置かれません。iptables, ip6tables, ebtables のすべてのオプションが使用できま" "す。" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "パススルールールを追加する場合、ファイアウォールを壊さないよう注意してくださ" "い。" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "パススルーの追加" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "パススルーの編集" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "パススルーの削除" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "パススルー" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ロックダウン機能はユーザーとアプリケーションのポリシーの firewalld 向け軽量" "バージョンです。これにより、ファイアウォールへの変更が制限されます。ロックダ" "ウン・ホワイトリストは、コマンド、コンテキスト、ユーザーおよびユーザー ID を" "含められます。" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "コンテキストは実行中のアプリケーションやサービスのセキュリティーコンテキスト" "(SELinux コンテキスト)です。実行中のアプリケーションのコンテキストを確認する" "には、ps -e --contextコマンドを使用します。" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "コンテキストの追加" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "コンテキストの編集" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "コンテキストの削除" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "コンテキスト" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ホワイトリストのコマンドがアスタリスク '*' で終わっている場合、そのコマンドか" "ら始まるすべてのコマンドラインに一致します。もし '*' がなければ、引数を含め、" "コマンドが完全に一致する必要があります。" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "コマンドラインの追加" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "コマンドラインの編集" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "コマンドラインの削除" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "コマンドライン" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ユーザー名。" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ユーザー名の追加" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ユーザー名の編集" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ユーザー名の削除" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ユーザー名" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ユーザー ID。" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ユーザー ID の追加" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ユーザー ID の編集" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ユーザー ID の削除" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ユーザー ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "現在のシステムの標準ゾーン。" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "拒否されたログ:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "パニックモード:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "オートマチックヘルパー:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ロックダウン:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "標準ゾーン:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "インターフェース名を入力してください:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "基本 IPSet 設定" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "基本IPSet設定を設定してください:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "タイプ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "タイムアウト:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "ハッシュサイズ:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "最大要素:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "タイムアウトの秒数" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "ハッシュサイズの初期値、デフォルトは 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "要素の最大数、デフォルトは 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "IPSet を選択してください:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "IPSetエントリーを入力してください:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "拒否されたログ" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "拒否されたログの値を選択してください:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "マーク" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "オプションのマスクと共にマークを入力してください。" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "マークとマスクフィールドはどちらも 32 ビットの符号なし数値になります。" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "マーク:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "マスク:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "netfilter conntrack ヘルパーを選択してください:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- 選択 -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "その他のモジュール:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ポートとプロトコル" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ポートおよびプロトコルを入力してください。" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ダイレクトルール" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ipv、テーブル、チェイン優先度および引数を入力してください。" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "優先度:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "プロトコルを入力してください。" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "他のプロトコル:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "高度なルール" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "高度なルールを入力してください。" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "ホワイトリストまたはブラックリストにより、ホストまたはネットワークに対して要" "素を非アクティブ化します。" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "送信元:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "送信先:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ログ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "監査:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 と IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "反転" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "これを有効にするには、アクションを 'reject' にし、ファミリーを 'ipv4' または " "'ipv6' のいずれか (両方ではない) にする必要があります。" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "タイプ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "有効期限:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "プレフィックス:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "レベル:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "要素:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "アクション:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "基本サービス設定" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "基本サービス設定を設定してください:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "サービスを選択してください。" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "ソースを入力してください。" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ユーザー ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ユーザー ID を入力してください。" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ユーザー名を入力してください。" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "ラベル" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "基本ゾーン設定" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "基本ゾーン設定を設定してください:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "標準ターゲット" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ターゲット:" firewalld-0.8.2/po/Makefile.in.in0000644000000000000000000001575613051337761016604 0ustar00rootroot00000000000000# Makefile for program source directory in GNU NLS utilities package. # Copyright (C) 1995, 1996, 1997 by Ulrich Drepper # Copyright (C) 2004-2008 Rodney Dawes # # This file may be copied and used freely without restrictions. It may # be used in projects which are not available under a GNU Public License, # but which still want to provide support for the GNU gettext functionality. # # - Modified by Owen Taylor to use GETTEXT_PACKAGE # instead of PACKAGE and to look for po2tbl in ./ not in intl/ # # - Modified by jacob berkman to install # Makefile.in.in and po2tbl.sed.in for use with glib-gettextize # # - Modified by Rodney Dawes for use with intltool # # We have the following line for use by intltoolize: # INTLTOOL_MAKEFILE GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ PACKAGE = @PACKAGE@ VERSION = @VERSION@ SHELL = @SHELL@ srcdir = @srcdir@ top_srcdir = @top_srcdir@ top_builddir = @top_builddir@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ datadir = @datadir@ datarootdir = @datarootdir@ libdir = @libdir@ localedir = @localedir@ subdir = po install_sh = @install_sh@ # Automake >= 1.8 provides @mkdir_p@. # Until it can be supposed, use the safe fallback: mkdir_p = $(install_sh) -d INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ GMSGFMT = @GMSGFMT@ MSGFMT = @MSGFMT@ XGETTEXT = @XGETTEXT@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ MSGMERGE = INTLTOOL_EXTRACT="$(INTLTOOL_EXTRACT)" XGETTEXT="$(XGETTEXT)" srcdir=$(srcdir) $(INTLTOOL_UPDATE) --gettext-package $(GETTEXT_PACKAGE) --dist GENPOT = INTLTOOL_EXTRACT="$(INTLTOOL_EXTRACT)" XGETTEXT="$(XGETTEXT)" srcdir=$(srcdir) $(INTLTOOL_UPDATE) --gettext-package $(GETTEXT_PACKAGE) --pot ALL_LINGUAS = @ALL_LINGUAS@ PO_LINGUAS=$(shell if test -r $(srcdir)/LINGUAS; then grep -v "^\#" $(srcdir)/LINGUAS; else echo "$(ALL_LINGUAS)"; fi) USER_LINGUAS=$(shell if test -n "$(LINGUAS)"; then LLINGUAS="$(LINGUAS)"; ALINGUAS="$(ALL_LINGUAS)"; for lang in $$LLINGUAS; do if test -n "`grep \^$$lang$$ $(srcdir)/LINGUAS 2>/dev/null`" -o -n "`echo $$ALINGUAS|tr ' ' '\n'|grep \^$$lang$$`"; then printf "$$lang "; fi; done; fi) USE_LINGUAS=$(shell if test -n "$(USER_LINGUAS)" -o -n "$(LINGUAS)"; then LLINGUAS="$(USER_LINGUAS)"; else if test -n "$(PO_LINGUAS)"; then LLINGUAS="$(PO_LINGUAS)"; else LLINGUAS="$(ALL_LINGUAS)"; fi; fi; for lang in $$LLINGUAS; do printf "$$lang "; done) POFILES=$(shell LINGUAS="$(PO_LINGUAS)"; for lang in $$LINGUAS; do printf "$$lang.po "; done) DISTFILES = Makefile.in.in POTFILES.in $(POFILES) EXTRA_DISTFILES = ChangeLog POTFILES.skip Makevars LINGUAS POTFILES = \ # This comment gets stripped out CATALOGS=$(shell LINGUAS="$(USE_LINGUAS)"; for lang in $$LINGUAS; do printf "$$lang.gmo "; done) .SUFFIXES: .SUFFIXES: .po .pox .gmo .mo .msg .cat AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ INTLTOOL_V_MSGFMT = $(INTLTOOL__v_MSGFMT_$(V)) INTLTOOL__v_MSGFMT_= $(INTLTOOL__v_MSGFMT_$(AM_DEFAULT_VERBOSITY)) INTLTOOL__v_MSGFMT_0 = @echo " MSGFMT" $@; .po.pox: $(MAKE) $(GETTEXT_PACKAGE).pot $(MSGMERGE) $< $(GETTEXT_PACKAGE).pot -o $*.pox .po.mo: $(INTLTOOL_V_MSGFMT)$(MSGFMT) -o $@ $< .po.gmo: $(INTLTOOL_V_MSGFMT)file=`echo $* | sed 's,.*/,,'`.gmo \ && rm -f $$file && $(GMSGFMT) -o $$file $< .po.cat: sed -f ../intl/po2msg.sed < $< > $*.msg \ && rm -f $@ && gencat $@ $*.msg all: all-@USE_NLS@ all-yes: $(CATALOGS) all-no: $(GETTEXT_PACKAGE).pot: $(POTFILES) $(GENPOT) install: install-data install-data: install-data-@USE_NLS@ install-data-no: all install-data-yes: all linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ dir=$(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ $(mkdir_p) $$dir; \ if test -r $$lang.gmo; then \ $(INSTALL_DATA) $$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ echo "installing $$lang.gmo as $$dir/$(GETTEXT_PACKAGE).mo"; \ else \ $(INSTALL_DATA) $(srcdir)/$$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ echo "installing $(srcdir)/$$lang.gmo as" \ "$$dir/$(GETTEXT_PACKAGE).mo"; \ fi; \ if test -r $$lang.gmo.m; then \ $(INSTALL_DATA) $$lang.gmo.m $$dir/$(GETTEXT_PACKAGE).mo.m; \ echo "installing $$lang.gmo.m as $$dir/$(GETTEXT_PACKAGE).mo.m"; \ else \ if test -r $(srcdir)/$$lang.gmo.m ; then \ $(INSTALL_DATA) $(srcdir)/$$lang.gmo.m \ $$dir/$(GETTEXT_PACKAGE).mo.m; \ echo "installing $(srcdir)/$$lang.gmo.m as" \ "$$dir/$(GETTEXT_PACKAGE).mo.m"; \ else \ true; \ fi; \ fi; \ done # Empty stubs to satisfy archaic automake needs dvi info ctags tags CTAGS TAGS ID: # Define this as empty until I found a useful application. install-exec installcheck: uninstall: linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \ done check: all $(GETTEXT_PACKAGE).pot rm -f missing notexist srcdir=$(srcdir) $(INTLTOOL_UPDATE) -m if [ -r missing -o -r notexist ]; then \ exit 1; \ fi mostlyclean: rm -f *.pox $(GETTEXT_PACKAGE).pot *.old.po cat-id-tbl.tmp rm -f .intltool-merge-cache clean: mostlyclean distclean: clean rm -f Makefile Makefile.in POTFILES stamp-it rm -f *.mo *.msg *.cat *.cat.m *.gmo maintainer-clean: distclean @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." rm -f Makefile.in.in distdir = ../$(PACKAGE)-$(VERSION)/$(subdir) dist distdir: $(DISTFILES) dists="$(DISTFILES)"; \ extra_dists="$(EXTRA_DISTFILES)"; \ for file in $$extra_dists; do \ test -f $(srcdir)/$$file && dists="$$dists $(srcdir)/$$file"; \ done; \ for file in $$dists; do \ test -f $$file || file="$(srcdir)/$$file"; \ ln $$file $(distdir) 2> /dev/null \ || cp -p $$file $(distdir); \ done update-po: Makefile $(MAKE) $(GETTEXT_PACKAGE).pot tmpdir=`pwd`; \ linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ echo "$$lang:"; \ result="`$(MSGMERGE) -o $$tmpdir/$$lang.new.po $$lang`"; \ if $$result; then \ if cmp $(srcdir)/$$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ rm -f $$tmpdir/$$lang.new.po; \ else \ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ :; \ else \ echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ rm -f $$tmpdir/$$lang.new.po; \ exit 1; \ fi; \ fi; \ else \ echo "msgmerge for $$lang.gmo failed!"; \ rm -f $$tmpdir/$$lang.new.po; \ fi; \ done Makefile POTFILES: stamp-it @if test ! -f $@; then \ rm -f stamp-it; \ $(MAKE) stamp-it; \ fi stamp-it: Makefile.in.in $(top_builddir)/config.status POTFILES.in cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/Makefile.in CONFIG_HEADERS= CONFIG_LINKS= \ $(SHELL) ./config.status # Tell versions [3.59,3.63) of GNU make not to export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-0.8.2/po/sr@latin.po0000664007115300711530000013125613641112251017412 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Igor Miletic , 2008 # Miloš Komarčević , 2005 # Milos Mijatovic , 2008 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 10:03+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Serbian (Latin) (http://www.transifex.com/projects/p/" "firewalld/language/sr@latin/)\n" "Language: sr@latin\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Zaštitni zid" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Podešavanje zaštitnog zida" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Neispravan argument %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servis" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Na port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Na adresu" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Upozorenje" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Greška" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Prosleđivanje portova" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Izaberite opcije za izvor i odredište u zavisnosti od potreba." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / opseg portova:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresa:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ako uključite lokalno prosleđivanje, morate navesti port. Taj port se mora " "razlikovati od izvornog porta." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokalno prosleđivanje" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Prosledi na neki drugi port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP vrsta" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Dodaj stavku" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "Da_toteka" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "Opcij_e" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Pomoć" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Na port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskiranje dozvoljava da postavite domaćina ili ruter koji povezuje vašu " "lokalnu mrežu na internet. Lokalna mreža neće biti vidljiva i domaćini će se " "pojaviti kao jedna adresa na internetu. Maskiranje je samo za IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskiranje" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Dodajte stavke za prosleđene portove ili sa jednog porta na neki drugi na " "lokalnom sistemu, ili sa lokalnog sistema na drugi sistem. Prosleđivanje na " "drugi sistem je korisno samo ako je sprega maskirana. Prosleđivanje portova " "je samo za IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Protokol za kontrolisanje internet poruka (ICMP — Internet Control Message " "Protocol) se uglavnom koristi za slanje poruka o greškama između umreženih " "računara, ali i dodatno za informativne poruke poput ping zahteva i odgovora." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Označite ICMP vrste na spisku koje želite odbiti. Svim ostalim ICMP vrstama " "je dozvoljeno da prođu kroz zaštitni zid. Podrazumevana opcija je bez " "ograničenja." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filter za ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Uredi stavku" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Ukloni stavku" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port i protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-0.8.2/po/hi.po0000664007115300711530000020513513641112251016234 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Rajesh Ranjan , 2009 # Rajesh Ranjan , 2004-2010,2014 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:28+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Hindi (http://www.transifex.com/projects/p/firewalld/language/" "hi/)\n" "Language: hi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "फ़ायरवॉल एप्लेट" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "फायरवाल" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "फायरवाल विन्यास " #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "अंतरफलक '%s' के लिए क्षेत्र चुनें." #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "तयशुदा क्षेत्र" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' कनेक्शन के लिए क्षेत्र चुनें" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "शील्ड अप/डाउन क्षेत्र विन्यस्त करें" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "यहाँ आप शील्ड अप और शील्ड डाउन क्षेत्र चुन सकते हैं." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "यह फीचर उन लोगों के लिए उपयोगी है जो तयशुदा क्षेत्र अधिकतर उपयोग करते हैं. उपयोक्ताओं के " "लिए, वह कनेक्शन का बदलता क्षेत्र है, यह सीमित उपयोग का हो सकता है." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "क्षेत्र शील्ड अप करता है:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "क्षेत्र शील्ड डाउन करता है:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "रक्षा करें" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "अधिसूचना सक्रिय करें" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "फ़ायरवॉल सेटिंग संपादित करें..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "कनेक्शन के क्षेत्र बदलें..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "शील्ड अप/डाउन क्षेत्र विन्यस्त करें..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "सारे संजाल ट्रैफिक रोकें" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "कनेक्शन" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "अंतरफलक" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "स्रोत" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "प्राधिकरण विफल" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "अवैध नाम" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "नाम पहले से मौज़ूद है" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "फ़ायरवॉल डेमॉन में कोई कनेक्शन नहीं" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "सभी संजाल ट्रैफिक ब्लॉक किए गए." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "तयशुदा क्षेत्र: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "क्षेत्र '{zone}' सक्रिय है '{connection}' कनेक्शन के लिए '{interface}' अंतरफलक पर" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "क्षेत्र '{zone}' सक्रिय है '{interface}' अंतरफलक के लिए" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "क्षेत्र '{zone}' सक्रिय है {source} स्रोत के लिए" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "कोई सक्रिय क्षेत्र नहीं" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD में कनेक्शन स्थापित हो गया." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD लॉस्ट में कनेक्शन." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD को फिर लोड किया गया." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "तयशुदा क्षेत्र '%s' में बदला गया." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "संजाल ट्रैफिक अब ब्लॉक नहीं हैं." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "सक्रियकृत" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "निष्क्रियकृत" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "क्षेत्र '{zone}' {activated_deactivated} है '{connection}' कनेक्शन के लिए " "'{interface}' अंतरफलक पर" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "क्षेत्र '{zone}' {activated_deactivated} है '{interface}' अंतरफलक के लिए" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "क्षेत्र '%s' सक्रिय है अंतरफलक '%s' के लिए" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "क्षेत्र '{zone}' {activated_deactivated} है '{source}' स्रोत के लिए" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "क्षेत्र '%s' सक्रिय है स्रोत '%s' के लिए" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "बदलाव लागू." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "संजाल कनेक्शन '%s' द्वारा प्रयुक्त" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "सक्रियकृत" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "निष्क्रियकृत" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "चिह्न लोड करने में असमर्थ." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "उपयोक्ता नाम" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "रनटाइम" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "स्थायी" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "सेवा" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "पोर्ट" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "प्रोटोकॉल" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "पोर्ट में:" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "पता में:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp प्रकार" #: ../src/firewall-config.in:822 msgid "Family" msgstr "परिवार" #: ../src/firewall-config.in:826 msgid "Action" msgstr "क्रिया" #: ../src/firewall-config.in:828 msgid "Element" msgstr "तत्व" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "लॉग" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ऑडिट" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "स्रोत" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "चेतावनी" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "त्रुटि" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "स्वीकारें" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "अस्वीकारें" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "छोड़ें" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "सीमित करें" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "सेवा" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "पोर्ट" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "प्रोटोकॉल" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "मुखौटा" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "स्तर" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "हाँ" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "क्षेत्र" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "क्षेत्र '%s': सेवा '%s' उपलब्ध नहीं है." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "हटाएँ" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "अनदेखा करें" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "क्षेत्र '%s': ICMP प्रकार '%s' उपलब्ध नहीं है." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "बिल्ट इन क्षेत्र, नाम बदलना समर्थित नहीं." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "सेकेंड" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "मिनट" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "घंटा" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "दिन" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "आपातकाल" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "चेतावनी" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "गंभीर" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "त्रुटि" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "चेतावनी" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "सूचना" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "सूचना" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "डिबग" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "किसी दूसरे तंत्र में अग्रसारण तभी उपयोगी है जब अंतरफलक छद्म होता है.\n" "क्या आप इस क्षेत्र का वेष लेना चाहते हैं?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "बिल्ट इन सेवा, नाम बदलना समर्थित नहीं." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "बिल्ट इन icmp, नाम बदलना समर्थित नहीं." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "स्रोत '%s' के लिए क्षेत्र चुनें." #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "पता" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "कृपया कमांड लाइन दर्ज करें." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "कृपया संदर्भ दर्ज करें." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "कृपया नीचे दिए गए सूची से तयशुदा क्षेत्र चुनें." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "प्रत्यक्ष शृंखला" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "कृपया ipv चुनेें और शृंखला नाम सारणी दर्ज करें." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "शृंखला:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "कच्चा" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "सुरक्षा" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "सारणीः" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "प्रत्यक्ष पासथ्रू नियम" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "कृपया ipv चुनें और args दर्ज करें." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "पोर्ट अग्रसारण" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "अपनी जरूरत मुताबिक स्रोत व गंतव्य चुनें." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "पोर्ट / पोर्ट परिसर:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "आईपी पता:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "प्रोटोकॉल:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "गंतव्य" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "यदि आप स्थानीय अग्रसारण सक्रिय करते हैं, आपको एक पोर्ट को निर्दिष्ट करना है. इस पोर्ट " "को स्रोत पोर्ट से भिन्न होना है." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "स्थानीय अग्रसारण" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "दूसरे पोर्ट में अग्रसारित करें" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "बोल्ड प्रविष्टि अनिवार्य हैं, सभी अन्य वैकल्पिक हैं." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "नाम:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "संस्करण:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "छोटा:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "वर्णनः" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "परिवारः" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "बेस ICMP प्रकार सेटिंग" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "कृपया बेस ICMP प्रकार सेटिंग विन्यस्त करें:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP प्रकार" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "एक आईसीएमपी प्रकार चुनें" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "प्रविष्टि जोड़ें" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "फ़ाइल (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "विकल्प (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld फिर लोड करें" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "फायरवॉल नियम फिर लोड करता है. मौजूदा स्थायी विन्यास एक नया रनटाइम विन्यास बन " "जाएगा. यानी सभी रनटाइम केवल तभी लोड होता है जब वे स्थायी विन्यास में होते हैं." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "बदलें कि कौन से क्षेत्र में संजाल कनेक्शन का अवयव है." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "तयशुदा क्षेत्र बदलें" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "कनेक्शन या अंतरफलक के लिए तयशुदा क्षेत्र बदलें." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "पैनिक अवस्था का अर्थ है कि सभी इनकमिंग और आउटगोइंग पैकेट छोड़े जाते हैं." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "पैनिक अवस्था" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "लॉकडाउन फ़ायरवॉल विन्यास लॉक करता है ताकि लॉकडाउन ह्वाइटलिस्ट पर केवल अनुप्रयोग इसे " "बदल सकें." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "लॉकडाउन" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "रनटाइम विन्यास स्थाई बनाएँ" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "कार्यसमय से स्थाई" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "देखें (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP प्रकार" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "सीधा विन्यास" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "लॉकडाउन व्हाइटलिस्ट" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "मदद (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "विन्यास:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "मौजूदा दृश्य विन्यास. रनटाइम विन्यास एक वास्तविक विन्यास है. स्थायी विन्यास सेवा या तंत्र " "रिलोड या फिर आरंभ करने के बाद सक्रिय होगा." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld क्षेत्र संजाल कनेक्शन, अंतरफलक, और क्षेत्र से जुड़ा स्रोत पता के लिए भरोसे का स्तर " "परिभाषित करता है. यह क्षेत्र सेवा, पोर्ट, प्रोटोकॉल, प्रच्छन्न, पोर्ट/पैकेट अग्रसारण, icmp " "फिल्टर और रिच नियम को एकीकृत करता है. यह क्षेत्र अंतरफलक और स्रोत पता से बंधा रहता है." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "क्षेत्र जोड़ें" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "क्षेत्र संपादित करें" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "क्षेत्र हटाएँ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "तयशुदा क्षेत्र लोड करें" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "यहां आप परिभाषित कर सकते हैं कि कौन सी सेवाएँ इस क्षेत्र के लिए विश्वसनीय हैं. विश्वसनीय " "सेवाओं को सभी मेजबान या संजाल से अभिगम योग्य होता है जो मशीन तक इस क्षेत्र में कनेक्शन, " "अंतरफलक और स्रोत बाउंड से पहुँच सकता है." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "सेवाएँ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "अतिरिक्त पोर्ट व पोर्ट परिसर को जोड़ें, जो सभी मेजबान या संजाल के लिए अभिगम योग्य होना " "चाहिए दो मशीन से कनेक्ट कर सकता है." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "पोर्ट जोड़ें" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "पोर्ट संपादित करें" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "पोर्ट हटाएँ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "पोर्ट" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "मुखौटा आपको एक मेजबान या रॉटर सेटअप करने की स्वीकृति देता है जो इंटरनेट से अपने स्थानीय " "संजाल को कनेक्ट करता है. आपका स्थानीय संजाल दृश्य नहीं होगा और इंटरनेट के लिए एक मेजबान के " "रूप में प्रकट होगा. मुखौटा सिर्फ IPv4 है." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "प्रच्छन्न क्षेत्र" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "यदि आप प्रच्छन्न सक्रिय कर रहे हैं, IP को आपको IPv4 के लिए सक्रिय किया जाएगा." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "मुखौटा" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "एक पोर्ट से दूसरे से पोर्ट को अग्रसारित करने के लिए प्रविष्टि जोड़ें स्थानीय सिस्टम पर या " "स्थानीय सिस्टम से दूसरे सिस्टम में. दूसरे सिस्टम में अग्रसारण सिर्फ तभी उपयोगी है यदि अंतरफलक " "को मुखौटा दिया जाता है. पोर्ट अग्रसारण सिर्फ IPv4 है." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "फॉरवॉर्ड पोर्ट जोड़ें" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "फॉरवॉर्ड पोर्ट संपादित करें" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "फॉरवॉर्ड पोर्ट हटाएँ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "इंटरनेट कंट्रोल मेसेज प्रोटोकॉल (ICMP) को त्रुटि संदेश भेजने के लिए प्रयुक्त किया जाता है " "संजालित कंप्यूटर के बीच, लेकिन सूचनात्मक संदेश के लिए अतिरिक्त रूप से जैसे कि पिंग आग्रह और " "जवाब के लिए." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "सूची में ICMP प्रकार चिह्नित करें, जो अस्वीकृत किया जाना चाहिए. सभी दूसरे ICMP प्रकार को " "फायरवाल भेज देने की स्वीकृति है. तयशुदा में कोई सीमा नहीं है." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP फिल्टर" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "यहाँ आप क्षेत्र से जुड़ा रिच भाषा नियम सेट कर सकते हैं." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "रिच नियम जोड़ें" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "रिच नियम का संपादन करें" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "रिच नियम मिटाएँ" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "रिच नियम" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "क्षेत्र में अंतरफलक बाइंड करने के लिए प्रविष्टि बाइंड करें. यदि अंतरफलक किसी कनेक्शन के द्वारा " "प्रयोग किया जाता है, तो इस क्षेत्र को निर्दिष्ट क्षेत्र में कनेक्शन में सेट किया जाएगा." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "अंतरफलक जोड़ें" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "अंतरफलक का संपादन करें" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "अंतरफलक हटाएँ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "स्त्रोत जोड़ें" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "श्रोत संपादित करें" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "स्रोत हटाएँ" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "क्षेत्र" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld सेवा पोर्ट, प्रोटोकॉल, मॉड्यूल, और गंतव्य पता का संयोग है." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "सेवा जोड़ें" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "सेवा का संपादन करें" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "सेवा हटाएँ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "सेवा तयशुदा लोड करें" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "प्रविष्टि संपादित करें" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "प्रविष्टि हटाएँ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "मॉड्यूल" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "यदि आप गंतव्य पता को निर्दिष्ट करते हैं, तो सेवा प्रविष्ट गंतव्य पता और प्रकार में सीमित " "होगी. यदि दोनों प्रविष्टि रिक्त है, तो कोई सीमा नहीं है." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "सेवा को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. सेवा का रनटाइम विन्यास फिक्स्ड है." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype इंटरनेट कंट्रोल मैसेज प्रोटोकॉल (ICMP) प्रकार के लिए firewalld के " "लिए सूचना प्रदान करता है." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP प्रकार जोड़ें" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP प्रकार संपादित करें" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP प्रकार हटाएँ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP प्रकार तयशुदा लोड करें" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "निर्दिष्ट करें कि यह ICMP प्रकार IPv4 और/या IPv6 के लिए उपलब्ध है." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP प्रकार को स्थायी विन्यास दृश्य में केवल बदला जा सकता है. ICMP प्रकार का रनटाइम " "विन्यास फिक्स्ड है." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "सीधा विन्यास फायरवॉल में सीधा पहुँच देता है. ये विकल्प मौलिक iptables संबोध, यानी " "सारणी, शृंखला, कमांड, पैरामीटर और लक्ष्य को उपयोक्ता जाने इसकी जरूरत बताता है. सीधा " "विन्यास केवल अंतिम हल के रूप में प्रयोग किया जा सकता है जबकि दूसरे फ़ायरवॉल किए फीचर संभव " "नहीं हैं." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "हर विकल्प का ipv तर्क को ipv4 या ipv6 या eb होना चाहिए. ipv4 के साथ, यह " "iptables के लिए होगा, ip6tables के लिए ipv6 के साथ और इथरनेट ब्रिज के लिए eb " "(ebtables) के साथ." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "नियम के साथ उपयोग के लिए अतिरिक्त शृंखला." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "शृंखला जोड़ें" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "शृंखला संपादित करें" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "शृंखला हटाएँ" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "शृंखला" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "args वितर्क के साथ कोई नियम शृंखला में जोड़ें प्राथमिकता के साथ एक सारणी में." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "प्राथमिकता नियम को आदेश देने के लिए प्रयोग किया जा सकता है. प्राथमिकता 0 का अर्थ है " "शृंखला के शीर्ष पर नियम को जोड़ना, उच्चतर प्राथमिकता के साथ नियम फिर और जोड़े जाएँगे. " "समान प्राथमिकता के साथ नियम समान स्तर पर हैं और इन नियमों का क्रम स्थिर नहीं है और बदल " "सकता है. यदि आप पक्का करना चाहते हैं कि कोई नियम किसी के बाद जोड़े जाएँगे, पहले कम " "प्राथमिकता का जोड़ें कि एक नियम एक के बाद एक जोड़े जाएँगे, पहले से कम प्राथमिकता का " "उपयोग करें और निम्नलिखित के लिए उच्चतर जोड़े जाएँगे." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "नियम जोड़ें" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "नियम का संपादन करें" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "नियम मिटाएँ" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "नियम " #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "पासथ्रू नियम सीधे फायरवॉल के द्वारा भेजा जा सकता है और विशेष शृंखला में स्थापित नहीं है. " "सभी iptables, ip6tables और ebtables विकल्प का उपयोग किया जा सकता है." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "पासथ्रू नियम के साथ कृपया ध्यान रखें ताकि फ़ायरवॉल का नुकसान न हो." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "पासथ्रू जोड़ें" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "पासथ्रू संपादित करें" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "पासथ्रू हटाएँ" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "पासथ्रू" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "lockdown विशेषता उपयोक्ता और अनुप्रयोग नीति के हल्के संस्करण के लिए firewalld है. यह " "फ़ायरवॉल में परिवर्तन परिसीमित करता है. लॉकडाउन ह्वाइटलिस्च में कमांड, संदर्भ, उपयोक्ता " "और उपयोक्ता आईडी समाहित है." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "संदर्भ जोड़ें" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "संदर्भ संपादित करें" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "संदर्भ हटाएँ" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "संदर्भ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "यदि ह्वाइटलिस्ट पर किसी कमांड प्रविष्ट का अंत तारांकन '*' से होता है, तो सभी कमांड " "लाइन जो कमांड से आरंभ होता है मेल खाएगा. यदि '*' वहाँ नहीं है, तो निरपेक्ष कमांड " "अंतर्निवेशित तर्क को जरूर मेल खाना चाहिए." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "कमांड लाइन जोड़ें" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "कमांड लाइन संपादित करें" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "कमांड लाइन हटाएँ" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "कमांड लाइन" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "उपयोक्ता नाम." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "उपयोक्ता नाम जोड़ें" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "उपयोक्ता नाम का संपादन करें" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "उपयोक्ता नाम हटाएँ" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "उपयोक्ता नाम" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "उपयोक्ता आईडी" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "उपयोक्ता आईडी जोड़ें" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "उपयोक्ता आईडी संपादित करें" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "उपयोक्ता आईडी निकालें" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "उपयोक्ता आईडी" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "तंत्र का मौजूदा तयशुदा क्षेत्र" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "पैनिक अवस्था:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "लॉकडाउन:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "तयशुदा क्षेत्र:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "पोर्ट और प्रोटोकॉल" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "कृपया कोई पोर्ट और प्रोटोकॉल दर्ज करें." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "प्रत्यक्ष नियम" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "कृपया ipv और सारणी, शृंखला प्राथमिकता चुनें और args दर्ज करें." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "प्राथमिकता:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "एक वैध प्रोटोकॉल दर्ज कीजिए." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "अन्य प्रोटोकॉल:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "रिच नियम" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "कृपया कोई रिच नियम दर्ज कीजिए." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "मेजबान या संजाल श्वेत या ब्लैकलिस्टिंग के लिए तत्व को निष्क्रिय करें." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "स्रोत:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "गंतव्य:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "लॉग:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ऑडिट:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 और ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "उल्टा" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "इसे सक्रिय करने के लिए क्रिया को 'अस्वीकार' करने की जरूरत है और फैमिली को 'ipv4' या " "'ipv6' (दोनों नहीं) होना चाहिए." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "प्रकार के साथ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "सीमा के साथ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "प्रीफ़िक्स:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "स्तरः" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "तत्व:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "क्रिया:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "आधार सेवा सेटिंग्स" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "कृपया बेस सेवा सेटिंग्स विन्यस्त कीजिए:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "कृपया कोई सेवा चुनें." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "उपयोक्ता ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "कृपया उपयोक्ता आईडी दाखिल करें." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "कृपया उपयोक्ता नाम दाखिल करें." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "आधार क्षेत्र सेटिंग्स" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "कृपया बेस क्षेत्र सेटिंग्स विन्यस्त कीजिए:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "तयशुदा लक्ष्य" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "लक्ष्यः" firewalld-0.8.2/po/ko.po0000664007115300711530000017131713641112251016251 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # eukim , 2014 # eukim , 2014 # eukim , 2006-2009 # Hyunsok Oh , 2010 # Jinseok Seo , 2004 # Michelle Ji Yeen Kim , 2005-2006 # Michelle J Kim , 2003-2004 # Michelle Kim , 2002 # Eun-Ju Kim , 2016. #zanata # Terry Chuang , 2016. #zanata # Eric Garver , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:25+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Korean (http://www.transifex.com/projects/p/firewalld/" "language/ko/)\n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "방화벽 애플릿 " #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "방화벽" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "방화벽 설정" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "방화벽;네트워크;보안;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "인터페이스 '%s'의 영역을 선택 " #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "기본 영역 " #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "연결 '%s'의 영역을 선택 " #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "소스 '%s'의 영역을 선택 " #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "쉴드업/다운 영역 설정" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "여기에서 쉴드업 및 쉴드 다운에 사용할 영역을 선택할 수 있습니다." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "이 기능은 대부분 기본값 영역을 사용하는 사용자에게 유용합니다. 연결 영역을 변" "경한 사용자의 경우 제한적으로 사용할 수 있습니다." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "쉴드업 영역:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "기본값으로 재설정" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "쉴드 다운 영역: " #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "%s에 대한 정보" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "작자" #: ../src/firewall-applet.in:401 msgid "License" msgstr "라이센스" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "쉴드업 " #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "통지 활성화 " #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "방화벽 설정 편집..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "연결 영역 변경..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "쉴드업/다운 영역 설정..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "모든 네트워크 통신량 차단 " #: ../src/firewall-applet.in:500 msgid "About" msgstr "정보" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "접속" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "인터페이스 " #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "소스 " #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "인증 실패했습니다." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "잘못된 이름 " #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "이름이 이미 존재합니다 " #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (영역: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (기본 영역: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NetworkManager에서 연결 실패했습니다" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "가져올 수 있는 NetworkManager가 없습니다" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "방화벽 데몬으로의 연결이 없습니다 " #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "모든 네트워크 통신이 차단되었습니다." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "기본 영역: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 " "'{connection}'에 대해 활성화" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "영역 '{zone}'은 인터페이스 '{interface}' 상의 연결 '{connection}'에 대해 활성" "화" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "영역 '{zone}'은 인터페이스 '{interface}'에 대해 활성화 " #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "영역 '{zone}'은 소스 {source}에 대해 활성화 " #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "활성화된 영역이 없습니다." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD에 연결되었습니다." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD 연결이 끊어졌습니다." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD가 다시 로딩되었습니다." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "기본 영역을 '%s'로 변경했습니다." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "네트워크 통신이 더이상 차단되지 않습니다." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "활성화됨" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "비활성화됨 " #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "기본 영역 '{default_zone}'은 인터페이스 '{interface}' 상의 연결 " "'{connection}'에 대해 {activated_deactivated}" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "영역 '{zone}'이 인터페이스 '{interface}' 상의 연결에 대해 " "{activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "영역 '{zone}'이 인터페이스 '{interface}'에 대해 {activated_deactivated}" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "영역 '%s'이 인터페이스 '%s'에 대해 활성화되었습니다 " #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "영역 '{zone}'이 소스 '{source}'에 대해 {activated_deactivated}" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "영역 '%s'이 소스 '%s'에 대해 활성화되었습니다 " #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "firewalld에 연결되었습니다." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "firewalld에 연결 시도 중입니다. 대기 중..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "방화벽에 연결할 수 없습니다. 서비스를 제대로 시작했는지 확인하고 다시 시도해 " "주십시오." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "변경 사항이 적용되었습니다." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "네트워크 연결 '%s'에 의해 사용됨 " #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "네트워크 연결 '%s'에 의해 사용되는 기본 영역" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "활성화됨 " #: ../src/firewall-config.in:100 msgid "disabled" msgstr "비활성화됨 " #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "아이콘 로딩에 실패했습니다." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "문맥" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "명령행" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "사용자 이름 " #: ../src/firewall-config.in:244 msgid "User id" msgstr "사용자 ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "테이블" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "체인" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "우선순위" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "인수" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "런타임 " #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "영구적 " #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "서비스" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "포트" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "프로토콜" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "목적 포트 " #: ../src/firewall-config.in:566 msgid "To Address" msgstr "목적 주소 " #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "바인딩" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "항목" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp 유형 " #: ../src/firewall-config.in:822 msgid "Family" msgstr "제품군 " #: ../src/firewall-config.in:826 msgid "Action" msgstr "동작 " #: ../src/firewall-config.in:828 msgid "Element" msgstr "요소 " #: ../src/firewall-config.in:830 msgid "Src" msgstr "소스 " #: ../src/firewall-config.in:832 msgid "Dest" msgstr "대상 " #: ../src/firewall-config.in:834 msgid "log" msgstr "로그 " #: ../src/firewall-config.in:836 msgid "Audit" msgstr "감사 " #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "인터페이스" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "코멘트" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "소스 " #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "경고 " #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "오류 " #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "허용" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "거부" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "드롭 " #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "표시" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "제한 " #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "서비스 " #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "포트 " #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "프로토콜" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "마스커레이딩 " #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-차단 " #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp 유형" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "포워드-포트 " #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "레벨 " #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "예 " #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "영역 " #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "기본 영역: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "영역: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "영역 '%s': 서비스 '%s'를 사용할 수 없습니다." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "제거 " #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "무시 " #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "영역 '%s': ICMP 유형 '%s'을 사용할 수 없습니다." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "내장된 영역, 이름을 바꿀 수 없습니다." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "초 " #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "분 " #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "시 " #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "일 " #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "긴급 " #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "주의 " #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "위험 " #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "오류 " #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "경고 " #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "알림 " #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "정보 " #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "디버그 " #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "인터페이스가 마스커레이딩되는 경우에만 다른 시스템에 전송하는 것이 유용합니" "다.\n" "이 영역을 마스커레이딩하시겠습니까? " #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "내장된 서비스, 이름을 바꿀 수 없습니다." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "ipv4 주소를 address[/mask] 형식으로 입력하십시오." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "mask는 네트워크 마스크 또는 숫자로 지정할 수 있습니다." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "ipv6 주소를 address[/mask] 형식으로 입력하십시오." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "mask는 숫자로 지정합니다." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "ipv4 또는 ipv6 주소를 address[/mask] 형식으로 입력하십시오." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "mask는 네트워크 마스크 또는 ipv4 숫자로 지정할 수 있습니다.\n" "mask는 ipv6 숫자입니다." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "내장된 ipset입니다. 이름을 변경할 수 없습니다." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "파일을 선택하십시오" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "텍스트 파일" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "모든 파일 " #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "모두" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "기본 제공 헬퍼, 이름 바꾸기가 지원되지 않습니다." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "내장된 icmp, 이름을 바꿀 수 없습니다." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "'%s' 파일 읽기 실패: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "소스 '%s'의 영역을 선택 " #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "주소" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "자동 헬퍼" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "자동 헬퍼 값을 선택해 주십시오." #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "명령행을 입력하십시오." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "컨텍스트를 입력하십시오." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "아래 목록에서 기본 영역을 선택하십시오. " #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "직접 체인 " #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv 및 테이블을 선택하고 체인 이름을 입력하십시오. " #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "체인: " #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "security" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "테이블: " #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "직접 통과 규칙 " #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv를 선택하고 인수를 입력하십시오. " #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "인수: " #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "포트 포워딩" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "필요에 따라 소스 및 수신지 옵션을 선택하시기 바랍니다. " #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "포트 / 포트 범위:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP 주소: " #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "프로토콜:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "대상" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "로컬 포워딩을 사용하실 경우, 포트를 지정하셔야 합니다. 이러한 포트는 소스 포" "트와 달라야 합니다. " #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "로컬 포트 포워딩 " #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "다른 포트로 포워드 " #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "기본 헬퍼 설정" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "기본 헬퍼를 설정을 구성해 주십시오." #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "굵게 표시된 항목은 필수 항목이며 모든 다른 항목은 옵션입니다." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "이름: " #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "버전:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "개요:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "설명: " #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "제품군: " #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "모듈:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "헬퍼" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "헬퍼를 선택해 주십시오." #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "기본 ICMP 유형 설정 " #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "기본 ICMP 유형 설정을 구성하십시오:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP 유형 " #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ICMP 유형을 선택하십시오 " #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "항목 추가 " #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "파일에서 항목 추가" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "선택한 항목 삭제" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "모든 항목 삭제" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "파일에서 항목 삭제" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "파일(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "옵션(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld 다시 불러오기 " #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "방화벽 규칙을 다시 로딩합니다. 현재 영구 설정은 새로운 런타임 설정이 됩니다. " "즉, 방화벽 규칙이 영구적 설정에 존재하지 않을 경우 다시 로딩할 때 까지 변경" "된 모든 런타임 내용이 손실됩니다." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "네트워크 연결이 속해 있는 영역을 변경합니다." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "기본 영역 변경 " #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "연결 또는 인터페이스의 기본 영역을 변경합니다." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "로그 거부 변경" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "로그 거부 값을 변경합니다." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "자동 헬퍼 할당을 구성해 주십시오." #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "자동 헬퍼 할당 설정을 구성해 주십시오." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "패닉 모드는 모든 송수신 패킷이 삭제됨을 의미합니다." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "패닉 모드 " #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "잠금 기능은 방화벽 설정을 잠금하여 잠금 화이트리스트에 있는 애플리케이션만 변" "경할 수 있게 합니다. " #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "잠금 " #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "런타임 설정을 영구적으로 유지 " #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "영구적으로 런타임 설정 " #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "보기(_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP 유형 " #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "헬퍼" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "직접 설정 " #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "잠금 화이트리스트 " #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "바인딩 활성화" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "도움말(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "영역 변경" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "바인딩 영역 변경" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "영역으로의 소스, 인터페이스, 연결에 대한 활성 런타임 바인딩 숨기기" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "영역으로의 소스, 인터페이스, 연결에 대한 활성 런타임 바인딩 표시" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "설정: " #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "현재 사용 가능한 설정. 런타임 설정은 실제 활성화된 설정입니다. 영구 설정은 서" "비스나 시스템을 다시 로딩하거나 다시 시작한 후 사용할 수 있습니다." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld 영역은 영역과 결합된 네트워크 연결, 인터페이스 및 소스 주소의 신뢰" "된 수준을 정의합니다. 영역은 서비스, 포트 프로토콜, 마스커레이딩, 포트/패킷 " "포워딩, icmp 필터 및 고급 규칙의 조합입니다. 영역은 인터페이스와 소스 주소로 " "연결될 수 있습니다." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "영역 추가 " #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "영역 편집 " #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "영역 제거 " #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "영역 기본값 읽기 " #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "영역에서 신뢰할 수 있는 서비스를 지정할 수 있습니다. 신뢰할 수 있는 서비스는 " "이 영역에 결합된 연결, 인터페이스, 소스에서 시스템에 도달할 수 있는 모든 호스" "트 및 네트워크에서 액세스 가능하게 됩니다." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "서비스 " #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 " "추가 포트 또는 포트 범위를 추가합니다. " #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "포트 추가 " #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "포트 편집 " #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "포트 삭제 " #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "포트 " #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "모든 호스트 또는 네트워크에 액세스 가능한 프로토콜을 추가합니다." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "프로토콜 추가" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "프로토콜 편집" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "프로토콜 삭제" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "프로토콜" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "이 컴퓨터에 연결 가능한 모든 호스트 또는 네트워크에 액세스할 수 있어야 하는 " "추가 소스 포트 또는 포트 범위를 추가합니다. " #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "소스 포트" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "마스커레이딩 (Masquerading) 기능은 로컬 네트워크를 인터넷에 연결하는 호스트" "나 라우터를 설정할 수 있게 합니다. 로컬 네트워크는 볼 수 없으며 호스트는 인터" "넷에서 하나의 주소로 나타납니다. 마스커레이딩 (Masquerading) 기능은 IPv4에서" "만 해당됩니다. " #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "마스커레이딩 영역 " #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "마스커레이딩을 활성화할 경우 IP 포워딩은 IPv4 네트워크에 대해 활성화됩니다." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "마스커레이딩 (Masquerading) " #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "로컬 시스템 상에서 하나의 포트에서 다른 포트로 또는 로컬 시스템에서 다른 시스" "템으로 포트를 포워딩하기 위해 항목을 추가합니다. 다른 시스템으로 포워딩하는 " "것은 인터페이스가 마스커레이딩되었을 경우에만 유용합니다. 포트 포워딩은 IPv4" "에서만 해당됩니다. " #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "포워드 포트 추가 " #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "포워드 포트 편집 " #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "포워드 포트 삭제 " #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP (Internet Control Message Protocol)는 네트워크로 연결된 컴퓨터 간의 오" "류 메세지를 보내는 데 주로 사용되지만, 추가로 핑 요청 및 응답과 같은 알림 메" "세지를 보내는 데 사용될 수 있습니다. " #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "목록에서 거부해야 할 ICMP 유형을 표시합니다. 그 외의 모든 ICMP 유형은 방화벽 " "통과를 허용합니다. 기본값은 제한 없음입니다. " #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "필터 반전이 활성화되어 있을 경우 표시된 ICMP 항목이 허용되며 그 외의 항목은 " "거부됩니다. 대상 DROP이 있는 영역에서 이러한 항목은 선택 해제됩니다." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "필터 반전" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP 필터 " #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "여기에서 영역의 고급 언어 규칙을 설정할 수 있습니다." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "고급 규칙 추가 " #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "고급 규칙 편집 " #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "고급 규칙 삭제 " #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "고급 규칙 " #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "영역에 인터페이스를 바인딩할 항목을 추가합니다. 인터페이스가 연결에 의해 사용" "될 경우 영역은 연결에 지정된 영역으로 설정됩니다." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "인터페이스 추가 " #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "인터페이스 편집 " #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "인터페이스 제거 " #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "영역에 소스 주소 또는 범위를 바인딩할 항목을 추가합니다. MAC 소스 주소를 바인" "딩할 수 있지만 제한이 따릅니다. 포트 포워딩 및 마스커레이딩은 MAC 소스 바인딩" "에 작동하지 않습니다." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "소스 추가 " #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "소스 편집 " #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "소스 제거 " #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "영역 " #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld 서비스는 포트, 프로토콜, 모듈 및 대상 주소의 조합입니다." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "서비스 추가 " #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "서비스 편집 " #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "서비스 삭제 " #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "서비스 기본값 읽기 " #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "모든 호스트 또는 네트워크에 액세스 가능한 포트 및 포트 범위를 추가합니다." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "항목 편집 " #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "항목 삭제 " #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "모든 호스트 또는 네트워크에 액세스 가능한 소스 포트 및 포트 범위를 추가합니" "다." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "소스 포트" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "일부 서비스 실행에 Netfilter 헬퍼 모듈이 필요합니다." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "모듈 " #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "대상 주소를 지정할 경우, 서비스 항목은 대상 주소 및 유형으로 제한됩니다. 두 " "항목 모두가 비어 있을 경우 제한이 없게 됩니다." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "서비스는 영구 설정 보기에서만 변경할 수 있습니다. 서비스의 런타임 설정은 고정" "되어 있습니다. " #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet를 사용하여 화이트리스트 또는 블랙리스트를 만들 수 있으며 IP 주소, 포트 " "번호, MAC 주소 등을 저장할 수 있습니다." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr " IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr " IPSet 추가" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr " IPSet 편집" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr " IPSet 삭제" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr " IPSet 기본값 불러오기" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" " IPSet 항목입니다. 시간 제한 옵션을 사용하지 않는 IPSet 항목과 firewalld에 " "의해 추가된 항목만을 확인할 수 있습니다. 직접 ipset 명령을 실행하여 추가된 항" "목을 표시되지 않습니다." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "IPSet는 시간 제한 옵션을 사용하기 때문에 여기에는 항목이 표시되지 않습니" "다. ipset 명령을 직접 실행하여 항목을 관리합니다." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "추가" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "항목" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "영구 설정 보기에서만 IPSet을 생성 또는 삭제할 수 있습니다." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmp 유형은 firewalld 용 ICMP (Internet Control Message Protocol) " "유형의 정보를 제공합니다. " #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP 유형 추가 " #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP 유형 편집 " #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP 유형 제거 " #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP 유형의 기본값 가져오기 " #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "ICMP 유형이 IPv4 및 IPv6에서 사용 가능한 지에 대한 여부를 지정합니다. " #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP 유형은 영구 설정 보기에서만 변경할 수 있습니다. ICMP 유형의 런타임 설정" "은 고정되어 있습니다. " #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "연결 추적 헬퍼가 신호 발송과 데이터 전송에 서로 다른 흐름을 사용하는 프로토콜" "이 작동하도록 돕습니다. 데이터 전송은 신호 발송 연결과 무관한 포트를 사용하므" "로 헬퍼 없이는 방화벽에 의해 차단됩니다." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "헬퍼가 모니터링하는 포트 또는 포트 범위를 정의해 주십시오." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "직접 설정하면 방화벽에 직접 액세스할 수 있습니다. 이 옵션은 사용자가 iptables" "의 기본 개념, 즉 테이블, 체인, 명령, 매개 변수, 대상에 대한 지식을 가지고 있" "음을 전제로 하고 있습니다. 직접 설정은 다른 방화벽 기능을 사용할 수 없는 경우" "에 마지막 방법으로 사용해야 합니다." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "각 옵션의 ipv 인수는 ipv4, ipv6, eb 중 하나여야 합니다. ipv4를 지정하면 " "iptables가 사용됩니다. ipv6를 지정하면 ip6tables가 사용됩니다. eb를 사용하면 " "이더넷 브리지 (ebtables)가 사용됩니다." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "규칙과 함께 사용되는 추가 체인입니다." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "체인 추가 " #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "체인 편집 " #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "체인 제거 " #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "체인 " #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "규칙을 args 인수와 함께 테이블에 있는 체인에 우선 순위를 붙여 추가합니다." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "우선 순위는 규칙의 순서를 지정하는데 사용됩니다. 우선 순위 0은 규칙을 체인의 " "처음에 추가합니다. 더 높은 우선 순위를 가진 규칙이 더 아래에 추가됩니다. 동일" "한 우선 순위를 갖는 규칙은 동일한 수준이 되며 이러한 규칙의 순서는 고정되지 " "않고 변경될 수 있습니다. 규칙을 다른 규칙 뒤에 추가하려면 먼저 낮은 우선 순위" "를 사용하고 그 다음으로 더 높은 우선 순위를 사용합니다." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "규칙 추가 " #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "규칙 편집 " #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "규칙 삭제 " #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "규칙 " #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "통과 규칙은 직접 방화벽에 전달되는 규칙으로 특별한 체인에 두지 않습니다. " "iptables, ip6tables, ebtables의 모든 옵션을 사용할 수 있습니다." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "통과 규칙이 방화벽에 손상을 입히지 않도록 주의하십시오. " #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "통과 규칙 추가 " #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "통과 규칙 편집 " #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "통과 규칙 제거 " #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "통과 규칙 " #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "잠금 기능은 firewalld의 사용자 및 애플리케이션 정책에 대한 경량 버전입니다. " "이는 방화벽 변경을 제한합니다. 잠금 화이트리스트에는 명령, 컨텍스트, 사용자 " "및 사용자 ID가 포함되어 있습니다. " #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "컨텍스트는 실행 중인 애플리케이션이나 서비스의 보안 (SELinux) 컨텍스트입니" "다. 실행 중인 애플리케이션의 컨텍스트를 얻으려면 ps -e --context를 " "사용합니다." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "문맥 추가 " #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "문맥 편집 " #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "문맥 제거 " #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "컨텍스트 " #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "화이트리스트의 명령이 별표 '*'로 끝나는 경우 해당 명령으로 시작하는 모든 명령" "행과 일치하게 됩니다. '*'가 없을 경우 인수를 포함하여 명령이 정확하게 일치해" "야 합니다. " #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "명령행 추가 " #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "명령행 편집 " #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "명령행 제거 " #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "명령행 " #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "사용자 이름 " #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "사용자 이름 추가 " #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "사용자 이름 편집 " #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "사용자 이름 제거 " #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "사용자 이름 " #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "사용자 ID" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "사용자 ID 추가 " #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "사용자 ID 편집 " #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "사용자 ID 제거 " #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "사용자 ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "시스템의 현재 기본 영역입니다." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "로그 거부:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "패닉 모드: " #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "자동 헬퍼:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "잠금: " #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "기본 영역: " #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "인터페이스 이름을 입력해 주십시오:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "기본 IPSet 설정" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "기본 IPSet을 설정하십시오:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "유형:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "제한 시간:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "해시 크기:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "최대 요소:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "제한 시간 값 (초 단위)" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "초기 해시 크기, 기본값 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "최대 요소 값, 기본값 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr " IPSet을 선택하십시오:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "ipset 항목을 입력해 주십시오:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "로그 거부" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "로그 거부 값을 선택하십시오:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "마크" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "mask 옵션으로 마크를 입력하십시오." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "마크 및 mask 필드는 32 비트의 부호없는 숫자입니다." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "마크:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Mask:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Netfilter conntrack 헬퍼를 선택해 주십시오." #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- 선택 -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "기타 모듈:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "포트 및 프로토콜 " #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "포트 및 프로토콜을 입력하십시오. " #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "직접 규칙 " #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ipv 및 테이블, 체인 우선 순위를 선택하고 인수를 입력하십시오." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "우선 순위:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "프로토콜을 입력하십시오." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "다른 프로토콜: " #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "고급 규칙 " #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "고급 규칙을 입력하십시오. " #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "호스트 또는 네트워크의 경우 화이트 또는 블랙 리스트에 따라 요소가 비활성화됩" "니다." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "소스: " #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "수신지: " #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "로그: " #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "감사: " #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 및 ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "변환됨 " #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "이를 활성화하려면 작업을 '거부'하고 'ipv4' 또는 'ipv6' 중 하나 (둘 중 하나)" "의 제품군을 선택합니다. " #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "유형: " #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "제한: " #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "접두부: " #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "레벨: " #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "요소: " #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "동작: " #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "기본 서비스 설정 " #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "기본 서비스 설정을 구성하십시오: " #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "서비스를 선택하십시오. " #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "소스를 입력해 주십시오." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "사용자 ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "사용자 ID를 입력하십시오. " #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "사용자 이름을 입력하십시오. " #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "레이블 " #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "기본 영역 설정 " #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "기본 영역 설정을 구성하십시오: " #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "기본 대상 " #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "대상: " firewalld-0.8.2/po/ta.po0000664007115300711530000022017013641112251016234 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Felix , 2006-2007 # I felix , 2007 # I Felix , 2010-2011 # I. Felix , 2008-2009 # Jayaradha N , 2004 # Jayaradha N , 2004-2005 # Priyadharsini , 2008,2010 # shkumar , 2013-2014 # shkumar , 2013-2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 10:04+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Tamil (http://www.transifex.com/projects/p/firewalld/language/" "ta/)\n" "Language: ta\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ஃபயர்வால் அப்பலெட்" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ஃபயர்வால்" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ஃபயர்வால் கட்டமைப்பு" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "இடைமுகம் '%s' க்கு மண்டலத்தைத் தேர்ந்தெடுக்கவும்" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "முன்னிருப்பு மண்டலம்" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "இணைப்பு %s க்கு மண்டலத்தைத் தேர்ந்தெடுக்கவும்" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "ஷீல்டுகள் மேலே/கீழே மண்டலங்களை அமைவாக்கம் " #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "இங்கு நீங்கள் ஷீல்டுகள் மேலே மற்றும் ஷீல்டுகள் கீழே என்பவற்றுக்குப் பயன்படும் மண்டலங்களைத் " "தேர்ந்தெடுக்கலாம்." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "இந்த அம்சம் பெரும்பாலும் முன்னிருப்பு மண்டலங்களைப் பயன்படுத்தும் நபர்களுக்குப் பயனுள்ளது. " "இணைப்புகளின் மண்டலங்களை மாற்றும் பயனர்களுக்கு இது வரம்புக்குட்பட்ட பயனுள்ளதாக இருக்கும்." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "ஷீல்டுகள் மேலே மண்டலம்:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "ஷீல்டுகள் கீழே மண்டலம்:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "ஷீல்டுகள் மேலே" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "அறிவிப்புகளை செயல்படுத்து" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ஃபயர்வால் அமைவுகளைத் திருத்து..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "இணைப்புகளின் மண்டலங்களை மாற்று..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "ஷீல்டுகள் மேலே/கீழே மண்டலங்களை அமைவாக்கம் செய்..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "அனைத்து பிணைய போக்குவரத்தையும் தடு" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "இணைப்புகள்" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "மூலங்கள்" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "அங்கீகாரம் தோல்வியுற்றது." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "தவறான அளவுரு %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "பெயர் ஏற்கனவே உள்ளது" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ஃபயர்வால் டீமனுடன் இணைப்பு எதுவும் இல்லை" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "அனைத்து பிணைய போக்குவரத்தும் தடுக்கப்பட்டுள்ளது." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "முன்னிருப்பு மண்டலம்: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "இடைமுகம் '{interface}' இல் உள்ள இணைப்பு '{connection}' க்கு மண்டலம் '{zone}' செயலில் " #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "இடைமுகம் '{interface}' க்கு மண்டலம் '{zone}' செயலில் உள்ளது" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "மூலம் {source} க்கு மண்டலம் '{zone}' செயலில் உள்ளது" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "செயலில் உள்ள மண்டலங்கள் எதுவும் இல்லை." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD க்கான இணைப்பு நிறுவப்பட்டது." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD க்கான இணைப்பு இழக்கபப்ட்டது." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD மீளேற்றப்பட்டது." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "முன்னிருப்பு மண்டலம் '%s' என மா." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "பிணைய போக்குவரத்து இப்போது தடுக்கப்பட்டில்லை." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "செயல்படுத்தப்பட்டது" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "முடக்கப்பட்டது" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "இடைமுகம் '{interface}' இல் உள்ள இணைப்பு '{connection}' க்கான மண்டலம் " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "இடைமுகம் '{interface}' க்கான மண்டலம் '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "இடைமுகம் '%s' க்கான மண்டலம் '%s' செயல்படுத்தப்பட்டது" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "மூலம் '{source}' க்கு மண்டலம் '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "மூலம் '%s' க்கு மண்டலம் '%s' செயல்படுத்தப்பட்டுள்ளது" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "மாற்றங்கள் செயல்படுத்தப்பட்டன." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "பிணைய இணைப்பு '%s' ஆல் பயன்படுத்தப்படுவது" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "செயல்படுத்தப்பட்டது" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "முடக்கப்பட்டது" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "சின்னங்களை ஏற்றத்தில் தோல்வியுற்றது." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "பயனர் பெயர்" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "நிகழ்நேரம்" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "நிரந்தரமான" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "சேவை" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "துறை" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "நெறிமுறை" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "துறைக்கு" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "முகவரிக்கு" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp வகை" #: ../src/firewall-config.in:822 msgid "Family" msgstr "குடும்பம்" #: ../src/firewall-config.in:826 msgid "Action" msgstr "செயல்" #: ../src/firewall-config.in:828 msgid "Element" msgstr "கூ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "இலக்கு" #: ../src/firewall-config.in:834 msgid "log" msgstr "பதிவு" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "தணிக்கை" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "மூலம்" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "எச்சரிக்கை" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "பிழை" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ஏ" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "நிரா" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "விடுக" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "வரம்பு" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "சேவை" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "துறை" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "நெறிமுறை" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "போ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "முன்னனுப்பல் துறை" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "நிலை" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ஆம்" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "மண்டலம்" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "மண்டலம் '%s': சேவை '%s' கிடைக்கவில்லை." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "நீக்கு" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "புறக்கணி" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "மண்டலம் '%s': ICMP வகை '%s' கிடைக்கவில்லை." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "உள்ளமைந்த மண்டலம். மறுபெயரிட ஆதரவில்லை." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "வினா" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "நிமிடம்" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "மணி" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "நாள்" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "அவசரம்" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "எச்சரிக்கை" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "மிக " #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "பிழை" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "எச்சரிக்கை" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "அறிக்கை" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "தகவல்" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "வழு நீக்கு" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "இடைமுகம் போலித்தோற்றமாக்கப்பட்டிருந்தால் மட்டுமே மற்றொரு கணினிக்கு முன்னனுப்புதல் என்பது " "பயனுள்ளதாக இருக்கும்.\n" "இந்த மண்டலத்தை போலித்தோற்றமாக்க வேண்டுமா ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "உள்ளமைந்த சேவை. மறுபெயரிட ஆதரவில்லை." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "உள்ளமைந்த icmp, மறுபெயரிட ஆதரவில்லை." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "மூலம் %s க்கு மண்டலத்தைத் தேர்ந்தெடுக்கவும்" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "முகவரி" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "கட்டளை வரியை உள்ளிடவும்." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "சூழலை உள்ளிடவும்." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "கீழே உள்ள பட்டியலில் இருந்து முன்னிருப்பு மண்டலத்தைத் தேர்ந்தெடுக்கவும்." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "நேரடி சங்கிலி" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv மற்றும் அட்டவனையைத் தேர்ந்தெடுத்து சங்கிலி பெயரை உள்ளிடவும்." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "சங்கிலி:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "அசல்" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "பாதுகாப்பு" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "அட்டவணை:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "நேரடி பாஸ்த்ரூ விதி" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv ஐத் தேர்ந்தெடுத்து மதிப்புருக்களை உள்ளிடவும்." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "மதிப்புருக்கள்:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "துறை முன்னனுப்புதல்" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "உங்கள் தேவைக்கேற்ப மூல மற்றும் இலக்கு விருப்பங்களை தேர்ந்தெடுக்கவும்." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "துறை / துறை வரம்பு:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP முகவரி:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "நெறிமுறை:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "இலக்கு" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "நீங்கள் உள்ளமை முன்னனுப்புதலை செயல்படுத்தினால், நீங்கள் ஒரு துறையை குறிப்பிட வேண்டும். இந்த " "துறை மூல துறைக்கு வேறாக இருக்கும்." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "உள்ளமை முன்னனுப்புதல்" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "வேறு துறைக்கு திருப்பப்படுகிறது" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "தடிமனாக உள்ள உள்ளீடுகள் கட்டாயம் தேவை, மற்ற அனைத்தும் கட்டாயமல்ல." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "பெயர்:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "பதிப்பு:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "சிறிய:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "விளக்கம்:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "குடும்பம்:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "அடிப்படை ICMP வகை அமைவுகள்" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "அடிப்படை ICMP வகை அமைவுகளை அமைவாக்கம் செய்யவும்:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP வகை" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ஒரு ICMP வகையைத் தேர்ந்தெடுக்கவும்" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "உள்ளீட்டைச் சேர்" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "கோப்பு (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "விருப்பங்கள் (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld ஐ மீளேற்று" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ஃபயர்வால் விதிகளை மீளேற்றும். நடப்பு நிரந்தர அமைவாக்கம் புதிய நிகழ் நேர அமைவாக்கமாக " "மாறும். அதாவது, மீளேற்றம் வரை செய்த நிகழ் நேரத்திற்கு மட்டுமான மாற்றங்கள் அனைத்தும், அவை " "நிரந்தர அமைவாக்கத்திலும் இல்லாமல் இருந்தால், மீளேற்றும் போது இழக்கப்படும்." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ஒரு பிணைய இணைப்பு சார்ந்துள்ள மண்டலத்தை மாற்றவும்." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "முன்னிருப்பு மண்டலத்தை மாற்று" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "இணைப்புகள் அல்லது இடைமுகங்களுக்கான முன்னிருப்பு மண்டலத்தை மாற்றவும்." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "பேனிக் பயன்முறை என்பது, உள்வரும் மற்றும் வெளிச்செல்லும் சிப்பங்கள் அனைத்தும் கைவிடப்பட்டன " "என்பதைக் குறிக்கிறது." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "பேனிக் பயன்முறை" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "லாக்டவுன் என்பது ஃபயர்வால் அமைவாக்கத்தைப் பூட்டும், இதனால் லாக்டவுன் வெண்பட்டியலில் உள்ள " "பயன்பாடுகள் மட்டுமே இதை மாற்ற முடியும்." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "லாக்டவுன்" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "இயக்கநேர அமைவாக்கத்தை நிரந்தரமானதா" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "இயக்க நேரத்திலிருந்து நிரந்தர அமைவுக்கு" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "பார்வை (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP வகை" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "நேரடி அமைவாக்கம்" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "லாக்டவுன் வெண்பட்டியல்" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "உதவி (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "அமைவாக்கம்:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "தற்போது புலனாகும் அமைவாக்கம். நிகழ்நேர அமைவாக்கமானது உண்மையில் செயலில் உள்ள " "அமைவாக்கமாகும். சேவை அல்லது கணினி மீளேற்றியதும் அல்லது மறுதொடக்கப்பட்டதும் நிரந்த " "அமைவாக்கம் செயலாகும்." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ஒரு firewalld மண்டலமானது அந்த மண்டலத்துக்குரிய பிணைய இணைப்புகள், இடைமுகங்கள் மற்றும் " "மூல முகவரிகளின் நம்பகத்தன்மையின் நிலையை வரையறுக்கிறது. மண்டலமானது சேவைகள், முனையங்கள், " "நெறிமுறைகள், masquerading, முனையம்/பேக்கெட் பகிர்தல், icmp வடிகட்டிகள் மற்றும் உயர் " "விதிகள் ஆகியவற்றை உள்ளடக்கியது. மண்டலமானது இடைமுகங்கள் மற்றும் மூல முகவரிகளுக்கு " "கட்டுப்பட்டவையாக இருக்கலாம்." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "மண்டலத்தைச் சேர்" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "மண்டலத்தைத் திருத்து" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "மண்டலத்தை நீ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "மண்டலத்தின் முன்னிருப்பு மதிப்புகளை ஏ" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "இங்கு மண்டலத்தில் எந்த சேவைகளை நம்பலாம் என நீங்கள் குறிப்பிடலாம். நம்பப்பட்ட சேவைகள் இந்த " "மண்டலத்துக்குரிய இணைப்புகள், இடைமுகங்கள் மற்றும் மூலங்களிலிருந்து கணினியை அணுகக்கூடிய " "அனைத்து புரவலன்கள் மற்றும் பிணையங்களிலிருந்து அணுகப்பட முடியும்." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "சேவைகள்" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "கணினியுடன் இணைக்க முடிகின்ற அனைத்து வழங்கிகள் அல்லது பிணையங்களுக்கும் அணுகக்கூடியதாக " "இருக்க வேண்டிய கூடுதல் முனையங்கள் அல்லது முனைய வரம்புகளைச் சேர்க்கவும்." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "துறைக்கு" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "துறையை திருத்தவும்" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "துறையை நீக்கு" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "துறைகள்" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading உங்களை ஒரு புரவலன் அல்லது ரௌட்டரை அமைக்கிறது, இது இணையத்தில் உங்கள் " "உள்ளமை பிணையத்தில் இணைக்கிறது. உங்கள் உள்ளமை பிணையம் தெரியாது மற்றும் புரவலன்கள் ஒரு " "ஒற்றை முகவரியில் இணையத்தில் தோன்றும் Masquerading IPv4 மட்டுமே." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "போலி மண்டலம்" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "நீங்கள் masquerading ஐ செயல்படுத்தினால், உங்கள் IPv4 பிணையங்களுக்கு IP முன்னனுப்புதலும் " "செயல்படுத்தப்படும்." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "உள்ளீடுகளை சேர்க்க ஒரு துறையிலிருந்து மற்றொன்றிற்கு உள்ளமை கணினி அல்லது வேறு " "கணினியிலிருந்த சேர்க்கவும். வேறு கணினியை முன்னனுப்புவது முகப்பு சரியாக இருந்தால் " "மட்டுமே பயனாக இருக்கும். துறை முன்னனுப்புதல் IPv4 இல் மட்டும்." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "முன்னனுப்பல் துறையைச் சேர்" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "முன்னனுப்பல் துறையைத் திருத்து" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "முன்னனுப்பல் துறையை நீக்கு" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) என்பது முக்கியமாக பயன்படுத்தப்படும் " "பிணையப்பட்ட கணினிகளுக்கிடையே அனுப்பப்படும் பிழை செய்திகள் ஆனால் கூடுதலாக தகவல் " "செய்திகளே வருகிறது." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "பட்டியலில் ICMP வகைகளை குறிக்கவும், அது நிராகரிக்கப்பட வேண்டும். மற்ற அனைத்து ICMP " "வகைகளும் ஃபயர்வாலின் வழியாக செல்லும். முன்னிருப்புக்கு வரம்பு இல்லை." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP வடிப்பி" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "மண்டலத்திற்கான உயர் மொழி விதிகளை இங்கு நீங்கள் அமைக்க முடியும்." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "உயர் விதியைச் சேர்" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "உயர் விதியைத் திருத்தவும்" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "உயர் விதியை நீக்கவும்" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "உயர் விதிகள்" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "மண்டலத்திற்கு இடைமுகங்களைப் பிணைக்க உள்ளீடுகளைச் சேர்க்கவும். இடைமுகம் ஒரு இணைப்பால் " "பயன்படுத்தப்படும் எனில், மண்டலமானது இணைப்பில் குறிப்பிடப்பட்ட மண்டலமாக அமைக்கப்படும்." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "இடைமுகத்தைச் சேர்" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "இடைமுகத்தைத் திருத்து" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "இடைமுகத்தை நீக்கு" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "மூலத்தைச் சேர்" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "மூலத்தைத் திருத்து" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "மூலத்தை நீக்கு" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "மண்டலங்கள்" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "ஒரு firewalld சேவையானது முனையங்கள், நெறிமுறைகள், தொகுதிக்கூறுகள் மற்றும் இலக்கு " "முகவரிகள் ஆகியவற்றின் சேர்க்கையாகும்." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "சேவையைச் சேர்" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "சேவையைத் திருத்து" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "சேவையை நீக்கு" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "சேவை முன்னிருப்பு மதிப்புகளை ஏற்று" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "உள்ளீட்டைத் திருத்து" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "உள்ளீட்டை நீக்கு" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "தொகுதிக்கூ" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "நீங்கள் இலக்கு முகவரிகளைக் குறிப்பிட்டால், சேவையின் நுழைவானது அந்த இலக்கு முகவரி மற்றும் " "வகைக்கு மட்டும் என வரம்புடையதாக இருக்கும். இரண்டு உள்ளீடுகளும் காலியாக இருந்தால் வரம்பு " "ஏதும் இல்லை." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "சேவைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்ற முடியும். சேவைகளின் நிகழ்நேர " "அமைவாக்கம் நிலையானது. " #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype ஆனது firewalld இன் இணைய கட்டுப்பாட்டு செய்தி நெறிமுறைக்கான " "(ICMP) தகவலை வழங்குகிறது." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP வகையை சேர்க்கவும்" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP வகையைத் திருத்து" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "தொலைநிலை ICMP வகை" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP வகை முன்னிருப்பு மதிப்புகளை ஏ" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "இந்த ICMP வகை IPv4 மற்றும்/அல்லது IPv6 க்குக் கிடைக்குமா என்பதைக் குறிப்பிடவும்." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP வகைகளை நிரந்தர அமைவாக்கக் காட்சியில் மட்டுமே மாற்றச் முடியும். ICMP வகைகளின் " "நிகழ்நேர அமைவாக்கம் நிலையானது." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "நேரடி அமைவாக்கமானது ஃபயர்வாலுக்கான கூடுதல் நேரடி அணுகலைக் கொடுக்கிறது. இந்த " "விருப்பங்களைப் பயன்படுத்த, பயனருக்கு அடிப்படை iptables கருத்துகள் தெரிந்திருக்க வேண்டும் " "அதாவது, அட்டவணைகள், சங்கிலிகள், கட்டளைகள், அளவுருக்கள் மற்றும் இலக்குகள் போன்றவை " "தெரிந்திருக்க வேண்டும். மற்ற ஃபயர்வால் அம்சங்களை பயன்படுத்த முடியாது போகும் போது கடைசி " "விருப்பமாகவே நேரடி அமைவாக்கமானது பயன்படுத்தப்பட வேண்டும்." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ஒவ்வொரு விருப்பத்தின் ipv மதிப்புருவும் ipv4 அல்லது ipv6 அல்லது eb ஆக இருக்க வேண்டும். " "ipv4 உடன் அது iptables க்காக இருக்கும், ipv6 உடன் ip6tables க்காக இருக்கும், eb உடன் " "ஈத்தர்நெட் பாலங்களுக்காக (ebtables) இருக்கும்." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "விதிகளுடன் பயன்படுத்துவதற்கான கூடுதல் சங்கிலிகள்." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "சங்கிலியைச் சேர்" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "சங்கிலியைத் திருத்து" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "சங்கிலியை நீக்கு" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "சங்கிலிகள்" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ஒரு அட்டவணையில் உள்ள ஒரு சங்கிலிக்கு மதிப்புருக்களுடன் முன்னுரிமையையுடன் ஒரு விதியைச் " "சேர்க்கவும்." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "முன்னுரிமையானது விதிகளை வரிசைப்படுத்தப் பயன்படுகிறது. முன்னுரிமை 0 என்றால், விதியை " "சங்கிலியின் மேல்மட்டத்தில் சேர்க்கவும் என்று பொருள், முன்னுரிமை அதிகம் எனில் விதியானது " "சங்கிலியின் கீழ் பகுதிக்குச் செல்லும். ஒரே முன்னுரிமை கொண்ட விதிகள், ஒரே நிலையில் " "இருக்கும், இந்த விதிகளின் வரிசை நிலையானதாக இருக்காது, மாறக்கூடும். ஒரு விதியானது " "மற்றொன்றுகுப் பிறகு சேர்க்கப்படுவதை நீங்கள் உறுதிப்படுத்த விரும்பினால், முதல் விதிக்கு " "குறைந்த முன்னுரிமையையும் அடுத்ததற்கு அதிக முன்னுரிமையையும் பயன்படுத்தவும்." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "விதியைச் சேர்" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "விதியைத் திருத்து" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "விதியை நீக்கு" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "விதிகள்" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "பாஸ்த்ரூ விதிகள், நேரடியாக ஃபயர்வாலுக்கு அனுப்பப்படுகின்றன, இவை சிறப்பு சங்கிலிகளில் " "வைக்கப்படுவதில்லை. iptables, ip6tables மற்றும் ebtables விருப்பங்கள் அனைத்தும் " "பயன்படுத்தப்படலாம்." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ஃபயர்வாலை சேதப்படுத்தாதபடிக்கு பாஸ்த்ரூ விதிகளில் கவனமாக செயல்படவும்." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "பாஸ்த்ரூவைச் சேர்" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "பாஸ்த்ரூவைத் திருத்து" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "பாஸ்த்ரூவை நீக்கு" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "பாஸ்த்ரூ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "லாக்டவுன் வசதியானது firewalld க்கான பயனர் மற்றும் பயன்பாட்டுக் கொள்கைகளின் லேசான " "பதிப்பாகும். இது ஃபயர்வாலுக்கான மாற்றங்களை வரம்புக்குட்படுத்துகிறது. லாக்டவுன் " "வெண்பட்டியலில் கட்டளைகள், சூழல்கள், பயனர்கள் மற்றும் பயனர் idகள் ஆகியவை இருக்கலாம்." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "சூழலைச் சேர்" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "சூழலைத் திருத்து" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "சூழலை நீக்கு" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "சூழல்கள்" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "வெண்பட்டியலில் உள்ள ஒரு கட்டளை உள்ளீடு நட்சத்திரக்குறியுடன் '*' முடிந்தால், கட்டளையுடன் " "தொடங்கும் அனைத்து கட்டளை வரிகளும் பொருந்தும். '*' இல்லாவிட்டால், மதிப்புருக்கள் உட்பட " "கட்டளை மட்டும் துல்லியமாகப் பொருந்த வேண்டும்." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "கட்டளை-வரியைச் சேர்" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "கட்டளை-வரியைத் திருத்து" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "கட்டளை-வரியை நீக்கு" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "கட்டளை வரிகள்" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "பயனர் பெயர்கள்." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "பயனர் பெயரைச் சேர்" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "பயனர் பெயரைத் திருத்து" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "பயனர் பெயரை நீக்கு" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "பயனர் பெயர்கள்" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "பயனர் idகள்" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "பயனர் id ஐச் சேர்" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "பயனர் id ஐத் திருத்து" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "பயனர் id ஐ நீக்கு" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "பயனர் Idகள்" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "கணினியின் தற்போதைய முன்னிருப்பு மண்டலம்." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "பானிக் பயன்முறை:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "லாக்டவுன்:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "முன்னிருப்பு மண்டலம்:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "துறை மற்றும் நெறிமுறை" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ஒரு துறை மற்றும் நெறிமுறையை உள்ளிடவும்." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "நேரடி விதி" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "ipv மற்றும் அட்டவணை, சங்கிலி முன்னுரிமையைத் தேர்ந்தெடுத்து மதிப்புருக்களை உள்ளிடவும்." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "முன்னுரிமை:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ஒரு நெறிமுறையை உள்ளிடவும்." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "பிற நெறிமுறை:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "உயர் விதி" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ஒரு உயர் விதியை உள்ளிடவும்." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "புரவலன் அல்லது பிணைய வெண் அல்லது கருப்புப் பட்டியலிடுதலுக்கு கூறை முடக்கவும்." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "மூலம்:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "இலக்கு:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "பதிவு:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "தணிக்கை:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 மற்றும் ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "தலைகீழ்" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "இதைச் செயல்படுத்த செயல் 'நிராகரி' என்றும் குடும்பம் 'ipv4' அல்லது 'ipv6' " "என்று(இரண்டுமல்ல) இருக்க வேண்டும்." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "இந்த வகையுடன்:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "இந்த வரம்புடன்:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "முன்னொட்டு:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "நிலை:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "கூறு:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "செயல்:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "அடிப்படை சேவை அமைவுகள்" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "அடிப்படை சேவை அமைவுகளை அமைவாக்கம் செய்யவும்:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ஒரு சேவையைத் தேர்ந்தெடுக்கவும்." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "பயனர் ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ஒரு பயனர் id ஐ உள்ளிடவும்." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "பயனர் பெயரை உள்ளிடவும்." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "அடிப்படை மண்டல அமைவுகள்" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "அடிப்படை மண்டல அமைவுகளை அமைவாக்கம் செய்யவும்:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "முன்னிருப்பு இலக்கு" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "இலக்கு:" firewalld-0.8.2/po/sr.po0000664007115300711530000017127313641112251016265 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Igor Miletic , 2008 # Miloš Komarčević , 2005 # Milos Mijatovic , 2008 # Momcilo Medic , 2015. #zanata # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2016-01-04 12:42+0000\n" "Last-Translator: Momcilo Medic \n" "Language-Team: Serbian (http://www.transifex.com/projects/p/firewalld/" "language/sr/)\n" "Language: sr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Аплет заштитног зида" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Заштитни зид" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Подешавање заштитног зида" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "заштитни зид;мрежа;сигурност;iptables;мрежни филтер;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Одаберите зону за интерфејс '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Подразумевана зона" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Одаберите зону за везу '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Одаберите зону за извор '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Подеси зоне за подигнуте/спуштене штитове" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Овде можете подесити зоне које се користе за подигнуте и спуштене штитове." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ова могућност је корисна људима који највише користе подразумевану зону. За " "кориснике, који мењају зоне веза, она може бити делимично корисна." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Зона подигнутих штитова:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Зона спуштених штитова:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "О %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Подигни штитове" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Омогући обавештења" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Измени подешавања заштитног зида..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Промени зоне веза..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Подеси зоне за подигнуте/спуштене штитове..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Заустави сав мрежни саобраћај" #: ../src/firewall-applet.in:500 msgid "About" msgstr "О програму" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Везе" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<спрега>" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Извори" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Неуспешно овлашћење." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Неисправан аргумент %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Име већ постоји" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Зона: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Нема везе до сервиса заштитног зида" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Сав мрежни саобраћај је блокиран." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Подразумевана зона: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона '{zone}' је активна за везу '{connection}' на интерфејсу '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Зона '{zone}' је активна за интерфејс '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Зона '{zone}' је активна за извор {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Нема активних зона." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Упостављена веза са FirewallD-ом." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Изгубљена веза са FirewallD-ом." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD је поново учитан." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Подразумевана зона промењена на '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Мрежни саобраћај више није блокиран." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "активирана" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "деактивирана" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона '{zone}' је {activated_deactivated} за везу '{connection}' на " "интерфејсу '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зона '{zone}' је {activated_deactivated} за интерфејс '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Зона '%s' је активирана за интерфејс '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зона '{zone}' је {activated_deactivated} за извор '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зона '%s' је активирана за извор '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Промене су примењене." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "У употреби на мрежној вези '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "омогућено" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "онемогућено" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Неуспешно учитавање иконица." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Корисничко име" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "У току извршавања" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Трајно" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Сервис" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "На порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "На адресу" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp врста" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Породица" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Акција" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Елемент" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Извор" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Одредиште" #: ../src/firewall-config.in:834 msgid "log" msgstr "запис" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Провера" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Извор" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Упозорење" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Грешка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "прихвати" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "одби" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "испусти" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ограничи" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "сервис" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "порт" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "протокол" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "маскарада" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "прослеђивање-порта" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ниво" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "да" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона '%s': Сервис '%s' није доступан." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Уклони" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Занемари" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона '%s': ICMP врста '%s' није доступна." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Уграђена зона, промена имена није подржана." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "секунд" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "минут" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "сат" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "дан" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "хитно" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "упозорење" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "критично" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "грешка" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "упозорење" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "обавештење" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "информација" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "отклањање грешака" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Преусмеравање на други систем је корисно само ако је интерфејс маскиран.\n" "Да ли желите маскирати ову зону?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Уграђени сервис, промена имена није подржана." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Уграђени icmp, промена имена није подржана." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Одаберите зону за извор %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Адреса" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Молим унесите командну линију." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Молим унесите контекст." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Молим одаберите подразумевану зону са доњег списка." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Директан ланац" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Молим изаберите ipv и табелу и унесите име ланца." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Ланац:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "сигурност" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Табела:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Директно правило пропуштања" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Молим изаберите ipv и унесите параметре." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Параметри:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Прослеђивање портова" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Изаберите опције за извор и одредиште у зависности од потреба." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт / опсег портова:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP адреса:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Одредиште" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ако укључите локално прослеђивање, морате навести порт. Тај порт се мора " "разликовати од изворног порта." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локално прослеђивање" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Проследи на неки други порт" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Подебљана поља су обавезна, све остало је опционо." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Име:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Верзија:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Кратко:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Опис:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Породица:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Основна ICMP подешавања" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Молим подесите основна ICMP подешавања:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP врста" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Молим изаберите ICMP врсту" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Додај ставку" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "Да_тотека" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "Опциј_е" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Поново учитај Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Поново учитај правила заштитног зида. Тренутна трајна подешавања ће постати " "нова подешавања за време извршавања. нпр. све постављене измене само за " "време извршавања ће бити изгубљене при поновном учитавању ако нису такође " "биле у трајним подешавањима." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Промени којој зони припада мрежна веза." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Промени подразумевану зону" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Промени подразумевану зону за везе или интерфејсе." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Мод панике значи да ће сав долазни и одлазни пакети бити испуштени." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Мод панике" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Закључавање закључава подешавање заштитног зида тако да само програми на " "белој листи закључавања смеју да је мењају." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Закључавање" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Претвори подешавања током извршавања у трајна" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Радна у трајна" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Преглед" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP врсте" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Директна подешавања" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Бела листа закључавања" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Помоћ" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Подешавање:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Тренутно видљива подешавања. Подешавања у току извршавања су актуелна " "активна подешавања. Трајна подешавања ће бити активна након поновног " "учитавања или покретања сервиса или система." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld зона дефинише ниво поверења у мрежним везама, интерфејсима и " "изворним адресама везаним за зоне. Зона обједињује сервисе, портове, " "протоколе, маскараде, порт/пакет прослеђивање, icmp филтере и обогаћена " "правила. Зона може бити повезана са интерфејсима и изворним адресама." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Додај зону" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Измени зону" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Уклони зону" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Учитај подразумеване вредности за зону" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Овде можете одредити којим сервисима се верује у зони. Ти сервиси су " "доступни са свих хостова и мрежа који могу досегнути до машине кроз везе, " "интерфејсе и изворе повезане са овом зоном." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Сервиси" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Додај додатни порт или опсег портова, који треба да буду доступни свим " "хостовима или мрежама који могу да се повежу на машину." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "На порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Измени порт" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Уклони порт" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Портови" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Маскирање дозвољава да поставите домаћина или рутер који повезује вашу " "локалну мрежу на интернет. Локална мрежа неће бити видљива и домаћини ће се " "појавити као једна адреса на интернету. Маскирање је само за IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Маскирај зону" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ако омогућите маскараду, IP прослеђивање ће бити омогућено за ваше IPv4 " "мреже." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Маскирање" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Додајте ставке за прослеђене портове или са једног порта на неки други на " "локалном систему, или са локалног система на други систем. Прослеђивање на " "други систем је корисно само ако је спрега маскирана. Прослеђивање портова " "је само за IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Додај порт за прослеђивање" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Измени порт за прослеђивање" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Уклони порт за прослеђивање" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протокол за контролисање интернет порука (ICMP — Internet Control Message " "Protocol) се углавном користи за слање порука о грешкама између умрежених " "рачунара, али и додатно за информативне поруке попут пинг захтева и одговора." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Означите ICMP врсте на списку које желите одбити. Свим осталим ICMP врстама " "је дозвољено да прођу кроз заштитни зид. Подразумевана опција је без " "ограничења." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Филтер за ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Овде можете подешавати правила у обогаћеном језику за зону." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Додај обогаћено правило" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Измени обогаћено правило" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Уклони обогаћено правило" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Обогаћена правила" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Додајте уносе да се повежу интерфејси са зоном. Ако ће веза користити " "интерфејс, зона ће бити постављена на зону подешену у вези." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Додај интерфејс" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Измени интерфејс" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Уклони интерфејс" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Додај извор" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Измени извор" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Уклони извор" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зоне" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Firewalld сервис је обједињење портова, протокола, модула и одредишних " "адреса." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Додај сервис" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Измени сервис" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Уклони сервис" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Учитај подразумеване вредности сервиса" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Уреди ставку" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Уклони ставку" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модули" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ако назначите одредишне адресе, унос сервиса ће бити ограничен само на " "одредишну адресу и врсту. Ако су оба уноса празна, нема ограничења." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Сервиси се могу мењати само у прегледу трајних подешавања. Подешавање " "сервиса у време извршавања је статично." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Firewalld icmptype пружа информације о врсти протокола интернет контролних " "порука (ICMP - Internet Control Message Protocol) за firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Додај ICMP врсту" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Измени ICMP врсту" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Уклони ICMP врсту" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Учитај подразумеване вредности ICMP врста" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Одредите да ли ће ICMP врста бити доступна за IPv4 и/или IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP врсте се могу мењати само у прегледу трајних подешавања. Подешавање " "ICMP врста у време извршавања је статично." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Диреткна подешавања дају директнији приступ заштитном зиду. Ове опције " "захтевају да корисник познаје основне iptables концепте, нпр. табеле, ланце, " "команде, параметре и циљеве. Директно подешавање би требало користити само " "као последњу опцију када није могуће користити остале firewalld могућности." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" " ipv параметар сваке опције мора бити IPv4 или IPv6 или eb. Са IPv4 биће за " "iptables, са IPv6 за ip6tables и са eb за мрежне мостове (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Додатни ланци у употреби са правилима." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Додај ланац" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Измени ланац" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Уклони ланац" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ланци" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Додај правило ланцу са аргументима args у табели са приоритетом." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Приоритет служи за редослед правила. Приоритет 0 значи да се правило додаје " "на врх ланца, са већим приоритетом правило ће бити додато ниже. Правила са " "истим приоритетом су на истом нивоу и редослед тих правила није стално и " "може бити промењено. Ако желите да се осигурате да ће правило бити додато " "након другог, користите низак приоритет за прво и висок за следеће." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Додај правило" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Измени правило" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Уклони правило" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Правила" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Пропусна правила су директно пружена кроз заштитни зид и нису смештена у " "посебне ланце. Све iptables, ip6tables и ebtables опције могу бити " "употребљене." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Молимо да будете пажљиви са пропусним правилима да не оштетите заштитни зид." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Додај пропусно правило" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Измени пропусно правило" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Уклони пропусно правило" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Пропусна правила" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Могућност закључавања је лагана верзија полиса корисника и програма за " "firewalld. Оно ограничава промене на заштитном зиду. Бела листа за " "закључавање може садржати команде, контексте, кориснике и корисничке ID-ове." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Додај контекст" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Измени контекст" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Уклони контекст" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Контексти" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ако унос команде у белу листу завршава са астериском '*', онда ће се све " "командне линије које почињу са командом подударати. Ако '*' није ту " "апсолутна команда са аргументима мора да се подудара." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Додај командну линију" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Измени командну линију" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Уклони командну линију" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Командне линије" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Корисничка имена." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Додај корисничко име" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Измени корисничко име" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Уклони корисничко име" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Корисничка имена" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Кориснички ID-ови." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Додај кориснички ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Измени кориснички ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Уклони кориснички ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Кориснички ID-ови" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Тренутна подразумевана зона за систем." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Мод панике:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Закључавање:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Подразумевана зона:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт и протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Молим унесите порт и протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Директно правило" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Молим одаберите ipv и табелу, приоритет ланца и унесите аргументе." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Приоритет:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Молим унесите протокол." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Други протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Обогаћено правило" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Молим унесите обогаћено правило." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "За белу или црну листу домаћина или мреже деактивирајте елемент." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Извор:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Одредиште:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Запис:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Провера:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 и ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "обрнуто" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Да омогућите ово Акција мора бити 'одбиј' и Породица или 'ipv4' или " "'ipv6' (не оба)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "са Врстом:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Са ограничењем:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Префикс:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Ниво:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Елемент:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Акција:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Основна подешавања сервиса" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Молим поставите основна подешавања сервиса:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Молим одаберите сервис." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Кориснички ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Молим унесите кориснички ID." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Молим унесите корисничко име." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Основна подешавања зоне" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Молим поставите основна подешавања зоне:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Подразумевани циљ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Циљ:" firewalld-0.8.2/po/tr.po0000664007115300711530000016750313641112251016267 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Automatically generated, 2004 # Hasan Alp İNAN, 2011 # Irmak Bıçakçıgil , 2014 # Onuralp SEZER , 2012 # Serdar Sağlam , 2019. #zanata # Oğuz Ersen , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-01-13 14:38-0500\n" "PO-Revision-Date: 2020-03-25 15:38+0000\n" "Last-Translator: Oğuz Ersen \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n>1);\n" "X-Generator: Weblate 3.11.3\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Güvenlik Duvarı Uygulaması" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Güvenlik Duvarı" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Güvenlik Duvarı Yapılandırması" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "güvenlik-duvarı;ağ;güvenlik;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "'%s' arayüzü için bölge seç" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Varsayılan Bölge" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' bağlantısı için bölge seç" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "{connection_name} bağlantısı için {zone} bölgesi ayarlanamadı" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "'%s' kaynağı için bölge seç" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Kalkanlar Aktif/Aktif Değil Bölgeleri Yapılandır" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Burada Kalkanlar Aktif ve Kalkanlar Aktif Değil için kullanılan bölgeleri " "seçebilirsiniz." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Bu özellik çoğunlukla varsayılan bölgeleri kullanan kişiler için " "kullanışlıdır. Bağlantı bölgelerini değiştiren kullanıcılar için kullanımı " "sınırlı olabilir." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Kalkanlar Aktif Bölge:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Varsayılanlara Sıfırla" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Kalkanlar Aktif Değil Bölge:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "%s hakkında" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Yazarlar" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Lisans" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Kalkanlar Aktif" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Bildirimler açık" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Güvenlik Duvarı ayarlarını değiştir..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Bağlantı Bölgelerini Değiştir..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Kalkanlar Aktif/Aktif Değil Bölgeleri Yapılandır..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bütün ağ trafiğini bloke et" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Hakkında" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Bağlantılar" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Kaynaklar" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Yetkilendirme başarısız oldu." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Argumento inválido %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Bu isim zaten kullanılıyor" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Bölge: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Varsayılan Bölge: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NetworkManager'dan bağlantılar alınamadı" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Hiçbir NetworkManager içe aktarımı mevcut değil" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Güvenlik duvarı arka plan programı ile bağlantı yok" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Bütün ağ trafiği bloke edildi." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Varsayılan Bölge: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Varsayılan Bölge '{default_zone}', '{interface}' arayüzünde '{connection}' " "bağlantısı için aktif" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "'{zone}' bölgesi, '{interface}' arayüzünde '{connection}' bağlantısı için " "aktif" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{zone}' bölgesi '{interface}' arayüzü için aktif" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "'{zone}' bölgesi, {source} kaynağı için aktif" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Aktif Bölge Yok." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD ile bağlantı sağlandı." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD ile bağlantı kaybedildi." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD yeniden yüklendi." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Varsayılan bölge '%s' olarak değiştirildi." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Artık Ağ trafği bloke edilmiyor." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktifleştirildi" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "devreden çıkarıldı" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Varsayılan bölge '{default_zone}', '{interface}' arayüzünde '{connection}' " "bağlantısı için {activated_deactivated}" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{zone}' bölgesi, '{interface}' arayüzünde '{connection}' bağlantısı için " "{activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{zone}' bölgesi, '{interface}' arayüzü için {activated_deactivated}" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "'%s' bölgesi, '%s' arayüzü için aktifleştirildi" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{zone}' bölgesi, '{source}' kaynağı için {activated_deactivated}" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' bölgesi, '%s' kaynağı için aktifleştirildi" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Firewalld ile bağlantı kuruldu." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "firewalld'ye bağlanmaya çalışılıyor, bekleyin..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "firewalld'ye bağlanılamadı. Lütfen servisin doğru şekilde başlatıldığından " "emin olun ve tekrar deneyin." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Değişiklikler uygulandı." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "'%s' bağlantısı tarafından kullanılıyor" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "'%s' ağ bağlantısı tarafından kullanılan varsayılan bölge" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "etkin" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "devre dışı" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ikonların yüklenmesi başarısız." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "İçerik" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Komut satırı" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Kullanıcı adı" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Kullanıcı kimliği" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tablo" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Zincir" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Öncelik" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argümanlar" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Çalışma zamanı" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Kalıcı" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servis" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Hedef Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Hedef Adres" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bağlamalar" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Giriş" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp tipi" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Aile" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Eylem" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Eleman" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Kaynak" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Hedef" #: ../src/firewall-config.in:834 msgid "log" msgstr "günlük" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Denetim" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Arayüz" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Açıklama" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Kaynak" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Uyarı" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "kabul et" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reddet" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "yok say" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "işaretle" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "sınırla" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servis" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskeleme" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-engelleme" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-türü" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "port-yönlendirme" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "kaynak-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "seviye" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "evet" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Bölge" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Varsayılan Bölge: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Bölge: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Bölge '%s': '%s' hizmeti kullanılamıyor." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Kaldır" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Yoksay" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Bölge '%s': '%s' ICMP türü kullanılamıyor." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Yerleşik bölge, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "saniye" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "dakika" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "saat" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "gün" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "acil durum" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritik" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "hata" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "uyarı" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ikaz" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "bilgi" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "hata ayıkla" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Başka bir sisteme yönlendirme, sadece arayüz maskelenmiş ise faydalıdır.\n" "Bu bölgeyi maskelemek ister misiniz?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Dahili servis, Yeniden isimlendirme desteklenmiyor." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Lütfen adres[/maske] biçiminde bir ipv4 adresi girin." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Maske, bir ağ maskesi veya bir sayı olabilir." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Lütfen adres[/maske] biçiminde bir ipv6 adresi girin." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Maske bir sayıdır." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Lütfen adres[/maske] biçiminde bir ipv4 veya ipv6 adresi girin." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maske, ipv4 için bir ağ maskesi veya bir sayı olabilir.\n" "Maske, ipv6 için bir sayıdır." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Yerleşik ipset, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Lütfen bir dosya seç" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Metin Dosyası" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Tüm Dosyalar" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tümü" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Yerleşik yardımcı, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Dahili icmp, Yeniden isimlendirme desteklenmiyor." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "'%s' dosyası okunamadı: %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "%s kaynağı için bölge seç" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adres" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Otomatik Yardımcılar" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Lütfen otomatik yardımcıların değerini seçin:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Lütfen komut satırını girin." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Lütfen içeriği girin." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Lütfen aşağıdaki listeden varsayılan bölgeyi seçin." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Doğrudan Zincir" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Lütfen ipv ve tabloyu seçin ve zincir adını girin." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Zincir:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ham" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "güvenlik" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tablo:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Doğrudan Geçiş Kuralı" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Lütfen ipv'yi seçin ve argümanları girin." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argümanlar:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port Yönlendirme" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Por favor, seleccione as opções de origem e destino de acordo com as suas " "necessidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Port Aralığı:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Endereço IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Hedef" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se activar reencaminhamento local, tem de especificar um porto. Este porto " "tem de ser diferente do porto de origem." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Yerel Yönlendirme" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reencaminhar para outro porto" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Temel Yardımcı Ayarları" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Lütfen temel yardımcı ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Kalın girişlerin hepsi zorunludur. Diğer tüm girişler isteğe bağlıdır." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "İsim:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Sürüm:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kısa:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Açıklama:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Aile:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modül:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Yardımcılar" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Lütfen bir yardımcı seçin:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Temel ICMP Tip Ayarları" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Lütfen temel ICMP türü ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP Tipi" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Lütfen bir ICMP türü seçin" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Adicionar Entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Dosyadan Girdi Ekle" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Seçilen Girdiyi Kaldır" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Tüm Girdileri Kaldır" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Girdileri Dosyadan Kaldır" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Dosya" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Seçenekler" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld 'yi yeniden yükle" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Güvenlik duvarı kurallarını yeniden yükler. Mevcut kalıcı yapılandırma yeni " "çalışma zamanı yapılandırması haline gelecektir. Diğer bir deyişle, yeniden " "yükleme zamanına kadar yapılan, sadece çalışma zamanına ait tüm " "değişiklikler, aynı zamanda kalıcı yapılandırmada da bulunmadıkları takdirde " "kaybolacaktır." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Bir ağ bağlantısının ait olduğu bölgeyi değiştirin." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Varsayılan Bölgeyi Değiştir" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Bağlantılar veya arayüzler için varsayılan bölgeyi değiştirin." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Reddedilen Log Kaydını Değiştir" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "LogDenied değerini değiştirin." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Otomatik Yardımcı Atamasını Yapılandır" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Otomatik Yardımcı Atama ayarını yapılandırın." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Panik modu, gelen ve giden tüm paketlerin yok sayıldığı anlamına gelir." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panik Kipi" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Kilitleme, sadece kilitleme beyaz listesindeki uygulamaların " "değiştirebilmesi için güvenlik duvarı yapılandırmasını kilitler." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Kilitleme" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Çalışma zamanı yapılandırmasını kalıcı duruma getir" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Çalışma Zamanından Kalıcı Duruma" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Görünüm" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet'ler" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP Türleri" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Yardımcılar" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Doğrudan Yapılandırma" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Kilitleme Beyaz Listesi" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktif Bağlamalar" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Yardım" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Bölge Değiştir" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Bağlamanın bölgesini değiştir" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Bağlantıların, arayüzlerin ve kaynakların bölgelere aktif çalışma zamanı " "bağlamalarını gizle" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Bağlantıların, arayüzlerin ve kaynakların bölgelere aktif çalışma zamanı " "bağlamalarını göster" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Yapılandırma:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Eğer belirli bir adres belirlediyseniz, ICMP tipi girişi bu hedefle sınırlı " "olacaktır." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Bir firewalld bölgesi, bölgeye bağlı ağ bağlantıları, arayüzler ve kaynak " "adresleri için güven seviyesini tanımlar. Bölge; servisleri, portları, " "protokolleri, maskelemeyi, port/paket yönlendirmeyi, icmp filtrelerini ve " "zengin kuralları bir araya getirir. Bölge, arayüzlere ve kaynak adreslere " "bağlanabilir." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Bölge Ekle" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Bölge Düzenle" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Bölge Kaldır" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Bölge Varsayılanlarını Yükle" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Burada, bölgede hangi servislere güvenileceğini tanımlayabilirsiniz. " "Güvenilir hizmetlere, bu bölgeye bağlanmış bağlantılar, arayüzler ve " "kaynaklardan makineye erişebilen tüm ana bilgisayarlardan ve ağlardan " "erişilebilir." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servisler" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Makineye bağlanabilen tüm ana bilgisayarlar veya ağlar için erişilebilir " "olması gereken ilave portlar veya port aralıkları ekleyin." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Port Düzenle" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Port Kaldır" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portlar" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Tüm ana bilgisayarlar veya ağlar için erişilebilir olması gereken " "protokoller ekleyin." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Protokol Ekle" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Protokol Düzenle" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Protokol Kaldır" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoller" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Makineye bağlanabilen tüm ana bilgisayarlar veya ağlar için erişilebilir " "olması gereken ilave kaynak portları veya port aralıkları ekleyin." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Kaynak Portları" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskeleme, yerel ağınızı internete bağlayan bir ana bilgisayar veya " "yönlendirici kurmanıza olanak sağlar. Yerel ağınız görünür olmayacaktır ve " "ana bilgisayarlar internette tek bir adres olarak görünecektir. Maskeleme " "yalnızca IPv4 içindir mevcuttur." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Bölgeyi maskele" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Maskelemeyi etkinleştirirseniz, IP yönlendirmesi IPv4 ağınız için " "etkinleştirilecektir." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskeleme" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Portları yerel sistemdeki bir porttan diğerine veya yerel sistemden başka " "bir sisteme yönlendirmek için girdiler ekleyin. Başka bir sisteme " "yönlendirme yalnızca arayüz maskelenmişse yararlıdır. Port yönlendirme " "yalnızca IPv4 için mevcuttur." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Yönlendirme Portu Ekle" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Yönlendirme Portu Düzenle" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Yönlendirme Portu Kaldır" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "İnternet Kontrol Mesaj Protokolü \"The Internet Control Message Protocol" "\" (ICMP) genellikle bilgisayarlar arasındaki hata mesajları için " "kullanılır, fakat ek olarak bilgi mesajları ping istek ve cevapları içinde " "kullanılır." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Reddedilmesi gereken ICMP tiplerini listeden işaretleyin. Diğer bütün ICMP " "tipleri güvenlik duvarından geçebilecektir. Varsayılan olanda herhangi bir " "sınırlama yoktur." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Filtreyi Ters Çevirme etkinse, işaretli ICMP girdileri kabul edilir ve " "diğerleri reddedilir. Hedefin DROP olduğu bir bölgede yok sayılırlar." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Filtreyi Ters Çevir" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Burada bölge için zengin dil kuralları ayarlayabilirsiniz." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Geliştirilmiş Kural Ekle" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Geliştirilmiş Kural Düzenle" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Geliştirilmiş Kural Kaldır" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Geliştirilmiş Kurallar" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Arayüzleri bölgeye bağlamak için girdiler ekleyin. Arayüz bir bağlantı " "tarafından kullanılacaksa, bölge bağlantıda belirtilen bölgeye " "ayarlanacaktır." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Arayüz Ekle" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Arayüz Düzenle" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Arayüz Kaldır" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Kaynak adresleri veya alanları bölgeye bağlamak için girdiler ekleyin. Bir " "MAC kaynak adresine de bağlayabilirsiniz, ancak sınırlamalar vardır. Port " "yönlendirme ve maskeleme, MAC kaynak bağlamaları için çalışmaz." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Kaynak Ekle" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Kaynak Düzenle" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Kaynak Kaldır" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Bölgeler" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Bir firewalld servisi portlar, protokoller, modüller ve hedef adreslerin bir " "kombinasyonudur." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Servis ekle" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Servisi Düzenle" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Servisi sil" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Varsayılan servisi yükle" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Tüm ana bilgisayarlar veya ağlar için erişilebilir olması gereken ilave " "portlar veya port aralıkları ekleyin." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar Entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Girişi sil" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Tüm ana bilgisayarlar veya ağlar için erişilebilir olması gereken ilave " "kaynak portları veya port aralıkları ekleyin." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Kaynak Portu" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Bazı servisler için netfilter yardımcı modülleri gereklidir." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modüller" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Eğer belirli bir hedef adres belirledi iseniz, servis girişi hedef adres ve " "tipi ile sınırlı olacaktır. Eğer ikisi de boş ise , herhangi bir sınırlama " "yoktur." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Servisler sadece kalıcı yapılandırma görünümünde değiştirilebilir. " "Servislerin çalışma zamanı yapılandırması sabittir." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Bir IPSet, beyaz veya kara listeler oluşturmak için kullanılabilir ve " "örneğin IP adreslerini, port numaralarını veya MAC adreslerini " "depolayabilir. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet Ekle" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet Düzenle" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet Kaldır" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet Varsayılanlarını Yükle" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet girdileri. Sadece zaman aşımı seçeneğini kullanmayan ipset'lerin " "girdilerini, ayrıca sadece firewalld tarafından eklenen girdileri " "görebilirsiniz. Doğrudan ipset komutuyla eklenen girdiler burada " "listelenmeyecektir." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Bu IPSet zaman aşımı seçeneğini kullanmaktadır, bu nedenle burada hiçbir " "girdi görünmez. Girdilere ipset komutu ile doğrudan bakılmalıdır." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Ekle" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Girdiler" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSet'ler sadece kalıcı yapılandırma görünümünde oluşturulabilir veya " "silinebilir." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Bir firewalld icmptype, firewalld için bir Internet Kontrol Mesajı Protokolü " "(Internet Control Message Protocol - ICMP) türü için bilgi sağlar." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP Tipi Ekle" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP Tipini Değiştir" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP Tipini Sil" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Varsayılan ICMP Tipini yükle" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "Bu ICMP Türünün IPv4 ve/veya IPv6 için kullanılabilir olup olmadığını " "belirtin." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP Türleri sadece kalıcı yapılandırma görünümünde değiştirilebilir. ICMP " "Türlerinin çalışma zamanı yapılandırması sabittir." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Bir bağlantı izleme yardımcısı, işaretleşme ve veri aktarımları için farklı " "akışlar kullanan protokollerin çalışmasına yardımcı olmaktadır. Veri " "aktarımları, işaretleşme bağlantısıyla ilgisi olmayan portlar kullanmakta ve " "bu nedenle yardımcı olmadan güvenlik duvarı tarafından engellenmektedir." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Yardımcı tarafından izlenen portları veya port aralıklarını tanımlayın." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Doğrudan yapılandırma, güvenlik duvarına daha doğrudan bir erişim sağlar. Bu " "seçenekler kullanıcının temel iptables kavramlarını, yani tabloları, " "zincirleri, komutları, parametreleri ve hedefleri bilmesini gerektirir. " "Doğrudan yapılandırma, diğer firewalld özelliklerini kullanmanın mümkün " "olmadığı durumlarda sadece son çare olarak kullanılmalıdır." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Her seçeneğin ipv argümanı ipv4 veya ipv6 veya eb olmalıdır. ipv4 ile " "iptables için, ipv6 ile ip6tables için ve eb ile ethernet köprüleri " "(ebtables) için olacaktır." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Kurallarla kullanım için ilave zincirler." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Zincir Ekle" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Zincir Düzenle" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Zincir Kaldır" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Zincirler" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Öncelikli bir tablodaki bir zincire args argümanları ile bir kural ekleyin." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Öncelik, kuralları sıralamak için kullanılır. Öncelik 0, zincirin üstüne " "kural eklemek anlamına gelir, daha yüksek bir önceliğe sahip kural daha " "aşağıya eklenir. Aynı önceliğe sahip kurallar aynı seviyededir ve bu " "kuralların sırası sabit değildir ve değişebilir. Bir kuralın bir diğeri " "ardına ekleneceğinden emin olmak istiyorsanız, birincisi için düşük öncelik " "ve diğeri için daha yüksek öncelik kullanın." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Kural Ekle" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Kural Düzenle" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Kural Kaldır" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Kurallar" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Geçiş kuralları doğrudan güvenlik duvarına iletilir ve özel zincirlere " "yerleştirilmez. Tüm iptables, ip6tables ve ebtables seçenekleri " "kullanılabilir." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Güvenlik duvarına zarar vermemek için lütfen geçiş kurallarına dikkat edin." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Geçiş Ekle" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Geçiş Düzenle" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Geçiş Kaldır" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Geçiş" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Kilitleme özelliği, firewalld için kullanıcı ve uygulama politikalarının " "hafif bir biçimidir. Güvenlik duvarındaki değişiklikleri sınırlar. Kilitleme " "beyaz listesi komutlar, bağlamlar, kullanıcılar ve kullanıcı kimlikleri " "içerebilir." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Bağlam, çalışan bir uygulamanın veya servisin güvenlik (SELinux) bağlamıdır. " "Çalışan bir uygulamanın bağlamını almak için ps -e --context " "komutunu kullanın." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "İçerik Ekle" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "İçerik Düzenle" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "İçerik Kaldır" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "İçerikler" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Beyaz listedeki bir komut girdisi yıldız işareti '*' ile bitiyorsa, o " "komutla başlayan tüm komut satırları eşleşecektir. '*' yok ise, argümanlar " "dahil komut tamamen eşleşmelidir." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Komut Satırı Ekle" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Komut Satırı Düzenle" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Komut Satırı Kaldır" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Komut satırları" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Kullanıcı adları." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Kullanıcı Adı Ekle" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Kullanıcı Adı Düzenle" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Kullanıcı Adı Kaldır" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Kullanıcı isimleri" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Kullanıcı kimlikleri." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Kullanıcı Kimliği Ekle" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Kullanıcı Kimliği Düzenle" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Kullanıcı Kimliği Kaldır" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Kullanıcı Kimlikleri" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Sistemin geçerli varsayılan bölgesi." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Reddedilen Log Kaydı:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panik Kipi:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Otomatik Yardımcılar:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Kilitleme:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Varsayılan Bölge:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Lütfen bir arayüz adı girin:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Temel IPSet Ayarları" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Lütfen temel ipset ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tür:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Zaman aşımı:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash boyutu:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maks. eleman:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Saniye cinsinden zaman aşımı değeri" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Başlangıç hash boyutu, varsayılan 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maksimum eleman sayısı, varsayılan 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Lütfen bir ipset seçin:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Lütfen bir ipset girdisi girin:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Reddedilen Log Kaydı" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Lütfen reddedilen log kaydı değerini seçin:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "İşaret" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Lütfen isteğe bağlı bir maske ile bir işaret girin." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "İşaret ve maske alanlarının her ikisi de 32 bit genişliğinde işaretsiz " "sayılardır." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "İşaret:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maske:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Lütfen bir netfilter conntrack yardımcısı seçin:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Seç -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Diğer Modüller:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porto e Protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Lütfen bir port ve protokol girin." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Doğrudan Kural" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Lütfen ipv ve tablo, zincir önceliği seçin ve argümanları girin." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Öncelik:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Lütfen bir protokol girin." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Diğer Protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Geliştirilmiş Kural" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Lütfen bir zengin kural girin." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Ana bilgisayar veya ağ için, beyaz veya kara listeye almak elemanı devreden " "çıkarır." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Kaynak:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Hedef:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Günlük:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Denetim:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ve ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ters" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Bunu etkinleştirmek için, Eylem 'reject' ve Aile 'ipv4' veya 'ipv6' " "olmalıdır (her ikisi birden değil)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "Tür:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Limit:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Ön ek:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Seviye:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Eleman:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Eylem:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Temel Servis Ayarları" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Lütfen temel servis ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Lütfen bir servis seçin." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Lütfen bir kaynak girin." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Kullanıcı kimliği" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Lütfen kullanıcı kimliğini girin." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Lütfen kullanıcı adını gir." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiket" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Temel Bölge Ayarları" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Lütfen temel bölge ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Varsayılan Hedef" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Hedef:" firewalld-0.8.2/po/pt_BR.po0000664007115300711530000017135313641112251016646 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # ataliba , 2013 # ataliba , 2013 # Carlos Adean , 2013 # Cleiton Lima , 2013 # Cleiton Lima , 2013 # Daniel Brooke Peig , 2004 # Daniel Lara , 2013 # Daniel Lara , 2013 # David Barzilay , 2003-2004 # David Reis Jr , 2004-2005 # diegobz1 , 2006 # diegobz1 , 2006 # Fabio Viero , 2005 # Glaucia Freitas , 2010 # Glaucia Freitas , 2010,2014 # Igor Pires Soares , 2006-2009 # Marcelo Barbosa , 2013 # Marina Vieira , 2012 # Ramilton Costa Gomes Junior , 2013 # Rodrigo Padula de Oliveira , 2005-2006 # Taylon Silmer , 2010 # Valnir Ferreira Jr. , 2006-2007 # Daniel Lara , 2016. #zanata # Frederico Henrique Gonçalves Lima , 2017. #zanata # Mateus de Melo Santos , 2017. #zanata # Eric Garver , 2018. #zanata # Renan Marcos Ferreira , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:27+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/" "firewalld/language/pt_BR/)\n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n > 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Miniaplicativo do Firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuração do Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecionar zona para interface '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona Padrão" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecione zona para conexão '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Falha ao definir o fuso {zone} para conexão{connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Selecionar zona para fonte '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configurar Zonas para Levantar/Abaixar Escudos" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Aqui você pode selecionar as zonas utilizadas para Levantar os Escudos e " "Abaixar os Escudos." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Esse recurso é útil para pessoal que utilizam a zona padrão a maior parte do " "tempo. Para usuários que mudam a zona de conexão, ele pode ter uso limitado." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Levantar Escudos da Zona:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Restaurar para o padrão " #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Abaixar Escudos da Zona:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Sobre %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autores" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licença" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Levantar Escudos" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Habilitar Notificações" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Editar Configurações de Firewall..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Alterar as Zonas das Conexões..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configurar Zonas para Levantar/Baixar Escudos..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloquear todo o tráfego de rede" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Sobre " #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Conexões" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Fontes" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Falha de autorização." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nome inválido" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Nome já existe" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona Padrão: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Falha ao obter conexões de NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr " NetworkManager sem importações disponíveis" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Sem conexão com o daemon do Firewall." #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Todo o tráfego de rede está bloqueado" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Zona Padrão: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona padrão '{default_zone}' ativo para conexão '{connection}' na interface " "'{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' ativada para conexão '{connection}' na interface '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' ativada para interface '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' ativa para a fonte {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Não há Zonas Ativas" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Conexão com FirewallD estabelecida." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Conexão com FirewallD perdida." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "O FirewallD foi recarregado" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona padrão alterada para '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "O tráfego de rede não está mais sendo bloqueado" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "ativado" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "desativado" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zona padrão '{default_zone}' {activated_deactivated} para a conexão " "'{connection}' na interface '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} para conexão '{connection}' na " "interface '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} ativada para interface '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' ativada para interface '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} para fonte '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' ativada para a fonte '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Conexão estabelecida com o firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Tentando conectar ao firewalld, aguardando..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Falha na conexão com o firewalld. Verifique se o serviço foi iniciado " "corretamente e tente de novo." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Alterações aplicadas." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Usado por conexão de rede '%s' " #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona padrão utilizada pela conexão de rede '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ativado " #: ../src/firewall-config.in:100 msgid "disabled" msgstr "desabilitado" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Falha ao carregar ícones" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Linha de comando" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nome de usuário" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID do usuário" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabela" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Cadeia" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioridade" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argum." #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Tempo de Execução" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanente" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Serviço" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porta" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Para a porta" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Para o endereço" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vinculações" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrada" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Família" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Ação" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Auditoria" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comentário" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Origem" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Aviso" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "aceitar " #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rejeitar " #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "descer" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marcação " #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limite" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "serviço" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "porta" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocolo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "Mascaramento" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "porta-origem" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nível" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sim" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Zona Padrão: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': Serviço '%s' não está disponível." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remover" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorar" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': tipo de ICMP '%s' não está disponível." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Zona embutida, renomeação não é suportada." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segundos " #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hora" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dia" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergência " #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta " #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical " #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "erro" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "aviso" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notificação " #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informação " #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "depurar" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "O encaminhamento para outro sistema só é útil se a interface estiver " "mascarada. ⏎\n" "Você deseja marcarar esta zona?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Serviço embutido, renomeação não é suportada." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" "Por favor, insira um endereço ipv4 com o formulário de endereço [/mask]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "A máscara pode ser uma máscara de rede ou um número. " #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" "Por favor, insira um endereço ipv6 com o formulário de endereço [/mask]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "A máscara é um número. " #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Por favor, insira um endereço ipv4 ou ipv6 com o formulário de endereços [/" "mask]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "A máscara pode ser uma máscara de rede ou um número para ipv4.\n" "A máscara é um número para ipv6. " #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Ipset embutido, renomeação não é suportada. " #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Por favor selecione um arquivo" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Arquivo Texto " #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Todos os arquivos" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tudo" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Ajuda embutida, renomeação não é suportada" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "icmp embutido, renomeação não é suportada." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Falha ao ler o arquivo '%s': %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Selecione zona de fonte '%s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Endereço" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Assistentes Automáticos" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Por favor, selecione o valor dos assistentes automáticos:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Por favor insira a linha de comando." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Por favor insira o contexto." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Por favor seleccione zona padrão na lista abaixo." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Corrente Direta" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Por favor selecione ipv e tabela e digite o nome da corrente." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Corrente:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "segurança" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabela:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regra Direta de Repasse" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Por favor selecione ipv e entre com os argumentos." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentos:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Encaminhamento de portas" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Por favor, selecione as opções de origem e destino de acordo com as suas " "necessidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porta / Intervalo de portas:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Endereço IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se você habilitar o encaminhamento local, terá que especificar uma porta. " "Essa porta tem que ser diferente da porta de origem." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Encaminhamento local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Encaminhar para outra porta" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Configurações do Assistente Base" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Por favor, faça as configurações do assistente base:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Entradas em negrito são obrigatórias, todas as outras são opcionais." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versão:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Abreviação:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrição:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Família" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Módulo:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Assistente" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Por favor, selecione um assistente:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Configuração dos tipos de ICMP base" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Por favor configure os tipos de ICMP base:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo de ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Por favor, selecione um tipo de ICMP " #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Adicionar entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Adicionar Entradas do Arquivo" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Remover Entrada Selecionada" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Remover Todas as Entradas" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Remover Entradas do Arquivo" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Arquivo" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opções" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recarregar Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recarrega as regras do firewall. A configuração permanente atual se tornará " "uma configuração de tempo de execução nova, ou seja, as alterações aplicadas " "somente à configuração de tempo de execução feitas até a recarga são " "perdidas, caso não estejam na configuração permanente também." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Altera a zona que uma conexão de rede pertence." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Mudar Zona Padrão" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Altera a zona padrão para conexão ou interface." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Modificação do log negada" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Modificação do valor do log negada" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurar Atribuição Automática de Ajuda" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configurar a definição de Atribuição Automática de Ajuda" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "O Modo Pânico significa que todos os pacotes de entrada e saída são " "ignorados." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modo de Pânico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "A configuração de bloqueio permite que a configuração do firewall seja " "alterada apenas pelos aplicativos na lista de permissões de bloqueio." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Bloqueio" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Torna permanente a configuracao de tempo de execução" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Tempo de Execução Para Permanente" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Visão" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipos de ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Assistentes" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuração Direta" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Bloquear Lista de Permissões" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Vinculações Ativas" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Ajuda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Mudar Zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Mudar zona de vinculação" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ocultar vinculações ativas de conexões em tempo de execução, interfaces e " "origens para zonas" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Exibir vinculações ativas de conexões em tempo de execução, interfaces e " "origens para zonas" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuração:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuração atualmente visível. A configuração de tempo de execução é a " "atual configuração ativa. A configuração permanente será ativada após o " "serviço ou o sistema ser recarregado ou reiniciado. " #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "A zona firewalld define o nível de confiança para as conexões de rede, " "interfaces e endereços de origem associados à zona. A zona combina serviços, " "portas, protocolos, mascaramento, encaminhamento de pacote/porta, filtros " "ICMP e regras valiosas. A zona pode estar associada a interfaces e endereços " "de origem." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Adicionar Zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar Zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remover Zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carregar padrões da zona" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aqui você pode definir quais serviços são confiáveis dentro da zona. Os " "serviços confiáveis são acessíveis a partir de quaisquer equipamentos e " "redes que podem chegar até a máquina a partir de conexões, interfaces e " "origens associadas a esta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Serviços" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Incluir portas adicionais ou intervalos de portas que precisam estar " "acessíveis a todos os hosts ou redes que podem conectar-se à máquina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Adicionar Porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Editar Zona" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remover Zona" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portas" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Adicionar protocolos que precisam estar acessíveis para todos os hosts ou " "redes. " #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Adicionar Protocolo" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Editar Protocolo" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Remover Protocolo" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocolos" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Incluir portas de origem adicionais ou intervalos de portas que precisam " "estar acessíveis a todos os hosts ou redes que podem conectar-se à máquina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Portas de Origem" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "O uso de mascaramento permite que você configure um host ou roteador que " "conecta a sua rede local à internet. A sua rede local não estará visível e " "os hosts aparecerão como um único endereço na internet. O uso de " "mascaramento é somente para IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona de mascaramento" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Se você habilitar o uso de mascaramento, o encaminhamento IP também será " "habilitado para as suas redes IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Mascaramento" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Adicione entradas para o encaminhamento de portas tanto de uma porta para " "outra no sistema local, quanto do sistema local para outro sistema. O " "encaminhamento para outro sistema só é útil se a interface estiver " "mascarada. O encaminhamento de portas é somente para IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Adicionar Redirecionamento de Porta" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Editar Redirecionamento de Porta" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remover Redirecionamento de Porta" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "O Protocolo ICMP (Internet Control Message Protocol) é usado para enviar " "mensagens de erro entre computadores em rede, assim como para enviar " "mensagens informacionais, como solicitações e respostas de ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marque na lista os tipos de ICMP que devem ser rejeitados. Todos os outros " "tipos serão permitidos passar pelo firewall. O padrão é não haver limitações." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Se o Filtro Inverter está habilitado, entradas marcadas ICPM são aceitas e " "as outras são rejeitadas. Em uma zona com o alvo DROP, elas serão rejeitadas." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Inverter Filtro" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Aqui você pode obter regras de linguagem valiosa para a zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Adicionar Regra Valiosa" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Editar Regra Valiosa" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Remover Regra Valiosa" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regra Valiosa" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Adicione entradas para associar interfaces à zona. Se a interface for usada " "por uma conexão, a zona será definida como especificado na conexão." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Adicionar interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Editar interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Remover interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Adicione entradas para associar endereços de origem ou áreas à zona. Você " "pode também fazer a associação a um endereço de origem MAC, mas com " "limitações. O encaminhamento de portas e a aplicação de mascaramento não " "funcionarão para as associações de origem MAC. " #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Adicionar Origem" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Editar Origem" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Remover Origem" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonas" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Um serviço firewalld é uma combinação de portas, protocolos, módulos e " "endereços de destino. " #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Adicionar Serviço" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar Serviço" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remover Serviço" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carregar Padrões do Serviço" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Incluir portas adicionais ou intervalos de portas que precisam estar " "acessíveis a todos os hosts ou redes." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remover entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Incluir portas de origem adicionais ou intervalos de portas que precisam " "estar acessíveis a todos os hosts ou redes." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Porta de Origem" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Módulos assistentes do Netfilter são necessários para alguns serviços." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se você especificar endereços de destino, a entrada do serviço será limitada " "ao tipo e ao endereço de destino. Se ambas as entradas estiverem vazias, não " "existe limitação." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Os serviços só podem ser alterados na visualização da configuração " "permanente. A configuração de tempo de execução dos serviços é fixa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Um IPSet pode ser usado para criar listas brancas ou negras e pode " "armazenar, por exemplo, endereços de IP, números de portas ou endereços MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Adicionar IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Editar IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Remover IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Carregar IPSets padrões" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Entradas de IPSets. Você só será capaz de ver as entradas de ipsets que não " "estão utilizando a opção de tempo limite, além das entradas que foram " "adicionadas pelo firewalld. Entradas que foram diretamente adicionadas com o " "comando ipset não estarão listadas aqui. " #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Este IPSet utiliza a opção de limite de tempo, portanto nenhuma entrada é " "visível aqui. As entradas devem ser atendidas diretamente pelo comando " "ipset. " #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Adicionar" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entradas" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSets podem somente ser criados ou removidos na visualização de " "configurações permanentes. " #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Um firewalld tipo icmp fornece as informações para um tipo de Internet " "Control Message Protocol (ICMP) para o firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Adicionar tipo ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editar tipo ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remover Tipo ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carregando os tipos de ICMP padrão. " #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especificar se este tipo ICMP está disponível para IPv4 e/ou IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Tipos de ICMP só pode ser alterado na visão de configuração permanente. A " "configuração do tempo de execução de tipos de ICMP é fixo." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Um assistente de rastreio de conexão está auxiliando a fazer com que os " "protocolos que estão usando diferentes fluxos para sinalização e " "transferência de dados funcionem. As transferências de dados estão usando " "portas que não estão relacionadas à conexão de sinalização e, portanto, são " "bloqueadas pelo firewall sem o assistente." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Definir portas ou intervalo de portas; que são monitoradas pelo assistente." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "A configuração direta oferece um acesso mais direto ao firewall. Essas " "opções requerem que o usuário saiba os conceitos básicos do iptables, ou " "seja, tabelas, correntes, comandos, parâmetros e alvos. Configuração direta " "deve ser usado apenas como último recurso, quando não é possível usar outros " "recursos firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "O argumento IPV de cada opção tem de ser IPv4 ou IPv6 ou eb. Com IPv4 será " "para iptables, com ipv6 para ip6tables e com eb para bridges ethernet " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Cadeias adicionais para uso com regras" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Adicione Corrente" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edite Corrente" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Remova Corrente" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Correntes" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Adicionar uma regra com o argumento args para uma cadeia em uma tabela com " "uma prioridade." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "A prioridade é usado para ordenar as regras. Prioridade 0 significa " "adicionar regra no topo da cadeia, com prioridade maior a regra será " "adicionada mais abaixo. Regras com a mesma prioridade estão no mesmo nível e " "a ordem destas regras não é fixo e pode mudar. Se você quiser ter certeza de " "que a regra será adicionada após outro, use uma prioridade baixa para o " "primeiro e maior para o seguinte." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Adicionar Regra" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Editar Regra" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Remover Regra" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regras" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "As regras de repasse são diretamente repassados ​​para o firewall e não são " "colocados em correntes especiais. Todos iptables, ip6tables e opções " "ebtables podem ser usados." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Por favor tenha cuidado com as regras de repasse para não danificar o " "firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Adicionar Repasse" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Editar Repasse" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Remover Repasse" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Repasse" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "O recurso de bloqueio é uma versão light de políticas de usuário e " "aplicativo para firewalld. Limita alterações no firewall. O Bloqueio de " "whitelist pode conter comandos, contextos, usuários e IDs de usuário." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "O contexto é o contexto (SELinux) de segurança da execução de um aplicativo " "ou serviço. Para obter o contexto da execução de um aplicativo use ps -e " "--context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Adicionar Contexto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Editar Contexto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Remover Contexto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextos" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Se uma entrada de comando na whitelist termina com um asterisco '*', então " "todas as linhas de comando começando com o comando irá corresponder. Se o " "'*' não há argumentos, inclusive o comando absoluto devem corresponder." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Adicionar Linha de Comando" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Editar Linha de Comando" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Remover Linha de Comando" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Linhas de comando" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nomes de usuários." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Adicionar Nome de Usuário" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Editar Nome de Usuário" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Remover Nome de Usuário" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nome de usuários" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Ids dos usuários." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Adicionar ID Usuário" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Editar ID Usuário" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Remover ID Usuário" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Ids dos usuários" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona padrão atual do sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log negado:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modo de Pânico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Assistentes Automáticos:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Bloqueio:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona Padrão:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Inserir nome da interface:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Configurações base de IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Por favor, configure ipset base:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipo:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Tempo limite: " #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Tamanho de Hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valor de limite de tempo em segundos " #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Tamanho inicial de hash, padrão 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Número máximo de elementos, padrão 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Por favor, selecione um ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Inserir entrada ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log negado" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Por favor, escolha o valor de log negado: " #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marcação " #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Por favor, insira uma marcação com uma máscara opcional. " #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "A marcação e os campos de máscara são ambos números de 32 bits de largura " "sem sinais. " #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marcação:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Máscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Por favor, selecione um assistente netfilter conntrack:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecione -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Outro Módulo:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porta e protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Por favor entre com uma porta e protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regra Direta" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Por favor selecione ipv e tabela, prioridade da cadeia e insira os " "argumentos." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioridade:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Por favor insira um protocolo." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Outro Protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regra Valiosa" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Por favor insira uma regra valiosa." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "Para o host ou rede de whitelisting ou blacklisting desativar o elemento" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origem:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destino:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Auditoria:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 e IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverso" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Para habilitar isto, o Action precisa estar definido como 'reject' e Family " "como 'ipv4' ou 'ipv6' (não como ambos)" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "com Tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Com limite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefixo:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nível:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Ação" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Configurações do serviço base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Por favor configure o serviço base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Por favor selecione um serviço." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Insira uma origem." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID Usuário" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Por favor insira o id do usuário." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Por favor insira o nome do usuário." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "rótulo" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Configurações da Zona Base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Por favor configure a zona base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Alvo Padrão" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Alvo:" firewalld-0.8.2/po/es.po0000664007115300711530000017030613641112250016243 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # beckerde , 2013 # Claudio Rodrigo Pereyra Diaz , 2012-2013 # Daniel Cabrera , 2010 # beckerde , 2007-2008 # beckerde , 2013 # Eduardo Villagrán , 2006 # Francisco M.S. , 2004 # Francisco Muñoz Santoyo , 2004 # Gerardo Rosales , 2014 # Gladys Guerrero , 2010,2014 # Gladys Guerrero , 2010 # Daniel Cabrera , 2010 # Hernan Mendez , 2005 # Manuel Ospina , 2006 # Rodolfo M. Raya , 2004 # Yelitza Louze , 2003 # Alex Puchades , 2015. #zanata # Máximo Castañeda Riloba , 2015. #zanata # Brian Curtich , 2016. #zanata # Máximo Castañeda Riloba , 2016. #zanata # William Moreno Reyes , 2016. #zanata # Máximo Castañeda Riloba , 2017. #zanata # Eric Garver , 2018. #zanata # Máximo Castañeda Riloba , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:22+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Spanish (http://www.transifex.com/projects/p/firewalld/" "language/es/)\n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Applet del cortafuegos" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Cortafuegos" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuración del cortafuegos" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "cortafuegos;red;seguridad;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Seleccione la zona para la interfaz '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona Predeterminada" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Seleccione la zona para la conexión '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "No se pudo establecer la zona {zone} para la conexión {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Seleccione la zona para el origen '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configurar zonas protegidas/desprotegidas" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Aquí puede seleccionar las zonas protegidas/desprotegidas." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Esta característica es útil para las personas que usan principalmente las " "zonas predeterminadas. Para los usuarios que cambian las zonas de las " "conexiones, puede tener un uso limitado." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zona protegida:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Restablecer a Predeterminado" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zona desprotegida:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Acerca de %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autores" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licencia" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Levantar escudos" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Habilitar notificaciones" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Editar la configuración del cortafuegos..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Cambiar zonas de las conexiones..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configurar zonas protegidas/desprotegidas..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloquear todo el tráfico de red" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Acerca de" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Conexiones" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Orígenes" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Falló la autorización." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nombre inválido" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "El nombre ya existe" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona predeterminada: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "No se pudieron obtener las conexiones de NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "No se pudo importar el módulo NetworkManager" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "No hay conexión al demonio del cortafuegos" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Todo el tráfico de red bloqueado." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Zona predeterminada: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona predeterminada '{default_zone}' activa para la conexión '{connection}' " "en la interfaz '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' activa para conexión '{connection}' en interfaz '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' activa para interfaz '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' activa para la fuente {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "No hay zonas activas." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Conexión a FirewallD establecida." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Conexión a FirewallD perdida." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD se ha recargado." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona por defecto cambiada a '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Tráfico de red desbloqueado." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "activada" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "desactivada" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zona predeterminada '{default_zone}' {activated_deactivated} para la " "conexión '{connection}' en la interfaz '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} para conexión '{connection}' en " "interfaz '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona '{zone}' {activated_deactivated} para interfaz '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' activada para interfaz '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} para la fuente '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' activada para el origen '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Conexión con firewalld establecida." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Intentando conectar con firewalld, en espera..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Error al conectar con firewalld. Asegúrese de que el servicio se ha iniciado " "correctamente y vuelva a intentarlo." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Cambios aplicados." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Usada por la conexión de red '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona predeterminada en uso por la conexión de red '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "activado" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "desactivado" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Falló la carga de iconos." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Línea de comandos" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nombre de usuario" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID de usuario" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabla" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Cadena" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioridad" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentos" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Tiempo de ejecución" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanente" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servicio" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Puerto" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Al puerto" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "A la dirección" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vinculaciones" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrada" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familia" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Acción" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Origen" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Destino" #: ../src/firewall-config.in:834 msgid "log" msgstr "registrar" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Auditar" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfaz" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comentario" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Fuente" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Advertencia" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "aceptar" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rechazar" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "descartar" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marcar" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limitar" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servicio" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "puerto" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocolo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "enmascarar" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "bloqueo de ICMP" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "tipo de ICMP" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "reenvío de puerto" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "puerto de origen" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivel" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sí" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Zona predeterminada: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': El servicio '%s' no está disponible." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Eliminar" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorar" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': El tipo ICMP '%s' no está disponible." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Zona incorporada, no se puede renombrar." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segundo" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hora" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "día" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergencia" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crítico" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "advertencia" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "aviso" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "depurar" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "El reenvío a otro sistema sólo es útil si la interfaz es enmascarada.\n" "¿Quiere enmascarar esta zona?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Servicio incorporado, no se puede renombrar." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" "Por favor introduzca una dirección ipv4 con el formato dirección[/máscara]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "La máscara puede ser una máscara de red o un número." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" "Por favor ingresar una dirección ipv6 con el formato dirección[/máscara]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "La máscara es un número." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Por favor introduzca una dirección ipv4 o ipv6 con la forma dirección[/" "máscara]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "La máscara puede ser una máscara de red o un número para ipv4.\n" "La máscara es un número para ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "IPset incorporado, no se puede renombrar" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Elija un archivo" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Archivos de texto" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Todos los archivos" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Todas" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Agente incorporado, no se puede renombrar." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Tipo ICMP incorporado, no se puede renombrar." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "No se pudo leer el archivo '%s': %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Seleccione la zona para el origen %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Dirección" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Agentes automáticos" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Elija el valor para los agentes automáticos" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Introduzca la línea de comandos." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Introduzca el contexto." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Seleccione la zona por defecto de la lista siguiente." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Cadena directa" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Seleccione la versión IP y la tabla e ingrese el nombre de la cadena." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Cadena:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "seguridad" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabla:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regla de paso directo" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Seleccione versión IP e ingrese los argumentos." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentos:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Reenvío de puertos" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Seleccione las opciones de origen y destino según sus necesidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Puerto / Rango de puertos:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Dirección IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Si habilita el reenvío local, debe especificar un puerto. Este puerto debe " "ser diferente del puerto de origen." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Reenvío local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reenviar a otro puerto" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Ajustes básicos de los agentes" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configure los ajustes básicos de agentes:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Las entradas en negrita son obligatorias, el resto son opcionales." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nombre:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versión:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Nombre corto:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descripción:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familia:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Módulo:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Agente" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Elija un agente:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Configuración de tipos ICMP base" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configure los tipos ICMP base:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Seleccione un tipo ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Agregar entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Añadir entradas desde archivo" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Eliminar la entrada seleccionada" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Eliminar todas las entradas" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Eliminar entradas desde archivo" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Archivo" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opciones" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recargar FirewallD" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recargar las reglas del cortafuegos. La configuración permanente actual se " "convertirá en la nueva configuración de tiempo de ejecución. Es decir, todos " "los cambios realizados en la configuración de tiempo de ejecución se " "perderán al recargar si no fueron realizados también en la configuración " "permanente." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Cambiar a qué zona pertenece la conexión de red." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Cambiar zona por defecto" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Cambiar la zona por defecto para conexiones o interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Cambiar el registro de rechazos" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" "Cambiar el valor de LogDenied, con el que se decide qué rechazos registrar." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurar la asignación automática de agentes" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configuración de la asignación automática de agentes." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "El modo pánico significa que todas los paquete entrantes y salientes serán " "descartados." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modo pánico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown bloquea la configuración del cortafuegos para que sólo las " "aplicaciones en la lista blanca lockdown sean capaces de cambiarla." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Bloquear" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Hacer la configuración de tiempo de ejecución permanente" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Tiempo de ejecución a permanente" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Ver" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipos ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Agentes" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuración directa" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lista blanca de bloqueo" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Vinculaciones activas" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Ay_uda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Cambiar zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Cambiar zona de la vinculación" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ocultar las vinculaciones activas de tiempo de ejecución de conexiones, " "interfaces y orígenes a zonas" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Mostrar las vinculaciones activas de tiempo de ejecución de conexiones, " "interfaces y orígenes a zonas" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuración:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuración visible actual. La configuración de tiempo de ejecución es la " "configuración activa ahora mismo. La configuración persistente será activada " "después de que se recargue o reinicie el servicio o el sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Una zona de firewalld define un nivel de confianza para conexiones de red, " "interfaces y direcciones fuente asociadas a la zona. La zona combina " "servicios, puertos, protocolos, enmascarados, re-envíos puerto/paquete, " "filtros icmp y reglas ricas. La zona puede ser asociada a interfaces y " "direcciones fuente." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Agregar zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Eliminar zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Cargar zonas por defecto" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aquí puede definir qué servicios son confiables en la zona. Los servicios " "confiables son accesibles desde todos los equipos y redes que pueden " "alcanzar a la máquina desde las conexiones, interfaces y fuentes unidas a " "esta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servicios" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Agregue puertos o rangos de puertos adicionales que necesiten ser accesibles " "por todos los equipos o redes que puedan conectarse al sistema." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Añadir puerto" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Editar puerto" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Eliminar puerto" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Puertos" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Añadir protocolos que deben ser accesibles para todos los servidores o redes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Agregar Protocolo" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Editar Protocolo" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Eliminar Protocolo" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocolos" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Añadir puertos o rangos de puertos a los que se deba poder acceder desde " "todos los equipos o redes que puedan conectarse al sistema." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Puertos de origen" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "El enmascaramiento le permite configurar un equipo o router que conectará su " "red local a Internet. Su red local no será visible y aparecerá como un solo " "equipo conectado a Internet. El enmascaramiento sólo puede hacerse en IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona enmascarada" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Si habilita el enmascaramiento, se activará el reenvío de IP para sus redes " "IPv4" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Enmascaramiento" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Añadir entradas para el reenvío desde un puerto a otro en el sistema local o " "desde el sistema local hacia otro sistema. El reenvío de puertos hacia otro " "sistema solo es útil cuando la interfaz está enmascarada. El reenvío de " "puertos sólo funciona para IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Agregar puerto de reenvío" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Editar puerto de reenvío" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Quitar puerto de reenvío" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "El Protocolo de Mensajes de Control de Internet (ICMP) se usa principalmente " "para mandar mensajes de error entre computadoras en la red, así como " "información adicional como solicitudes de ping y sus respuestas." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marcar los tipos ICMP de la lista que deberán ser rechazados. Los demás " "tipos ICMP podrán pasar a través del cortafuego. Por defecto, no hay " "limitación." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Con 'Invertir filtro' activo, los elementos ICMP marcados se aceptan y los " "otros se rechazan. En las zonas con destino DROP, se descartan." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertir filtro" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Aquí puede establecer reglas ricas para la zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Agregar regla rica" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Editar regla rica" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Eliminar regla rica" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Reglas ricas" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Añadir entradas para enlazar interfaces a la zona. Si la interfaz fuera " "usada por una conexión, la zona será la especificada por la conexión." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Añadir interfaz" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Editar interfaz" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Eliminar interfaz" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Añada entradas para enlazar direcciones de origen o áreas a la zona. También " "puede enlazar una dirección origen MAC, pero con limitaciones: no funcionará " "el reenvío ni el enmascaramiento de puertos." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Añadir origen" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Editar origen" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Eliminar origen" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonas" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un servicio firewalld es una combinación de puertos, protocolos, módulos y " "direcciones destino." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Agregar servicio" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar servicio" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Eliminar servicio" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Cargar servicios por defecto" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Añadir puertos adicionales o rangos de puertos, que necesiten ser accesibles " "desde todos los equipos o redes." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Eliminar entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Añadir puertos o rangos de puertos de origen, que necesiten ser accesibles " "desde todos los equipos o redes." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Puerto de origen" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Algunos servicios necesitan módulos de agentes de netfilter" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Si especifica una dirección de destino, la entrada del servicio estará " "limitada al tipo y la dirección de destino. Si las dos entradas están " "vacías, no hay limitaciones." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Los servicios sólo se pueden cambiar en la vista de configuración " "permanente. La configuración de tiempo de ejecución de los servicios es fija." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Se puede usar un IPSet para crear listas blancas o negras, y puede contener " "direcciones IP o MAC, o números puertos. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Agregar IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Editar IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Eliminar IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Cargar IPSet predeterminados" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Entradas del IPSet. Sólo verá las que no estén usando la opción de tiempo de " "espera (timeout) y que hayan sido añadidas por firewalld. Si se han añadido " "directamente con el comando ipset no saldrán en esta lista." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Este IPSet usa la opción de tiempo de espera, por lo que no hay entradas " "visible. El mantenimiento de las mismas debe hacerse directamente con el " "comando ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Añadir" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entradas" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Los IPSets sólo se pueden crear y eliminar desde la vista de configuración " "permanente." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Un icmptype de firewalld provee la información para el tipo de Protocolo de " "Control de Mensajes de Internet (ICMP en inglés) para firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Agregar un tipo ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editar un tipo ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Eliminar un tipo ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Cargar tipo ICMP por defecto" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especifique si este tipo ICMP está disponible para IPv4 y/o IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Los tipos ICMP sólo se pueden cambiar en la vista de configuración " "permanente. La configuración de tiempo de ejecución de los tipos ICMP es " "fija." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Hay un agente de seguimiento de conexiones ayudando con los protocolos que " "usan diferentes flujos para la señalización y para la transferencia de " "datos. Los datos se envían por puertos que no están relacionados con la " "conexión de control y el cortafuegos los bloquearía sin la ayuda del agente " "de seguimiento." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Defina los puertos o rangos que monitorizará el agente." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configuración directa da mas acceso directo al cortafuegos. Estas " "opciones requieren que el usuario conozca conceptos básicos de iptables, es " "decir, tablas, cadenas, comandos, parámetros y objetivos. La configuración " "directa solo debe ser usada como último recurso cuando no es posible " "utilizar otra característica del cortafuegos." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "El argumento ipv de cada opción debe ser ipv4 o ipv6 o eb. Con ipv4, este " "será para iptables; con ipv6, para ip6tables y con eb, para puentes de red " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Cadenas adicionales para usar con las reglas." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Añadir cadena" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Editar cadena" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Eliminar cadena" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Cadenas" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Añadir regla con argumentos a la cadena en una tabla con prioridad." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La prioridad es usada para ordenar reglas. Prioridad 0 significa agregar la " "regla al inicio de la cadena, con una prioridad más alta la regla será " "añadida más adelante. Las reglas con misma prioridad son del mismo nivel y " "el orden de estas reglas no es fijo y puede cambiar. Si quiere estar seguro " "de que una regla se agrega después de otra, use una prioridad baja para la " "primera, y una prioridad mayor para la siguiente." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Añadir regla" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Editar regla" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Eliminar regla" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Reglas" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Las reglas passthrough se pasan directamente a través del cortafuegos y no " "son puestas en cadenas especiales. Pueden usarse las opciones iptables, " "ip6tables y ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Tenga cuidado con las reglas passthrough para no dañar el cortafuegos." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Añadir regla passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Editar regla passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Eliminar regla passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Reglas passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La característica de bloqueo es una versión simple de políticas de usuario y " "aplicación para firewalld. Limita los cambios al cortafuego. La lista blanca " "de bloqueo puede contener comandos, contextos, usuarios e id de usuarios." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "El contexto es el contexto de seguridad (SELinux) de una aplicación o " "servicio en ejecución. Para obtener el contexto de una aplicación use ps " "-e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Agregar contexto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Editar contexto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Eliminar contexto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextos" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Si una entrada de comando en la lista blanca finaliza con un asterisco '*', " "entondes todas las líneas de comando que inicien con el comando dado " "concidirán. Si el '*' no está ahí, entonces el comando y sus argumentos " "dados deben coincidir tal como fueron dados." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Agregar línea de comandos" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Editar línea de comandos" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Eliminar línea de comandos" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Línea de comandos" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nombres de usuario." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Agregar nombre de usuario" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Editar nombre de usuario" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Eliminar nombre de usuario" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nombres de usuario" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identificadores de usuario." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Agregar Id de usuario" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Editar Id de usuario" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Eliminar Id de usuario" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identificadores de usuario" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona por defecto actual del sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Registro de rechazos:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modo pánico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Agentes automáticos:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Bloqueo:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona por defecto:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Introduzca un nombre de interfaz:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Ajustes básicos de IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configure los ajustes básicos de ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipo:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Tiempo de espera:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Tamaño de hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Número máximo de elementos:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Tiempo de espera en segundos" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Tamaño inicial del hash (valor predeterminado: 1024)" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Máximo número de elementos; valor predeterminado: 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Elija un IPSet" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Introduzca una entrada de ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Registro de rechazos" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Elija un valor para el registro de rechazos:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marca" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Introduzca una marca con una máscara opcional." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Tanto la marca como la máscara son enteros de 32 bits sin signo." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marca:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Máscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Elija un agente netfilter de seguimiento de conexiones" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Elija -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Otro módulo:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Puerto y protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Introduzca el puerto y protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regla directa" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Seleccione ipv, tabla y cadena de prioridad e ingrese los argumentos." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioridad:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Introduzca un protocolo." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Otro protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Reglas ricas" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Introduzca una regla rica." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "Para enlistar o deslistar un equipo o red, desactive el elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origen:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destino:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Aviso:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 e ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertido" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Para activar ésto, Acción debe ser 'reject' y Family 'ipv4' o 'ipv6' (no " "ambas)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "con tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Con límite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefijo:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nivel:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Acción:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Configuración de servicios base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configure los servicios base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Seleccione un servicio." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Introduzca un origen." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID de usuario" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Introduzca un id de usuario." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Introduzca un nombre de usuario." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiqueta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Configuración de zona base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Por favor configure la zona base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Objetivo por defecto:" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Objetivo:" firewalld-0.8.2/po/eu.po0000664007115300711530000013013413641112251016241 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Asier Iturralde Sarasola , 2012 # Mikel Olasagasti Uranga , 2013 # Mikel Olasagasti Uranga , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:43+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Basque (http://www.transifex.com/projects/p/firewalld/" "language/eu/)\n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Suhesiaren applet-a" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Suhesia" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Suhesiaren konfigurazioa" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Gaitu jakinarazpenak" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Editatu suhesiaren ezarpenak..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blokeatu sareko trafiko guztia" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Konexiorik ez." #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentikazioak huts egin du." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "argumentu baliogabea %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktibatuta" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "desaktibatuta" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Huts egin du ikonoak kargatzean." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Zerbitzua" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Ataka" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoloa" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Atakara:" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Helbidera:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp mota" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Iturburua" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Abisua" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Errorea" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "ezikusi" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Helbidea" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Ataka birbidalketa" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP helbidea:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoloa:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Helburua" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Birbidalketa lokala" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Birbidali beste ataka batera" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Izena:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Bertsioa:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Laburra:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Deskribapena:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP mota" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Gehitu sarrera" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fitxategia" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Aukerak" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Birkargatu Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Laguntza" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Zerbitzuak" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Atakara" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Atakak" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP iragazkia" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Gehitu zerbitzua" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editatu zerbitzua" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Kendu zerbitzua" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Kargatu zerbitzu lehenetsiak" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editatu sarrera" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Kendu sarrera" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduluak" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Gehitu ICMP mota" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editatu ICMP mota" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Kendu ICMP mota" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Kargatu ICMP mota lehenetsiak" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Ataka eta protokoloa" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Mesedez sartu ataka bat eta protokoloa." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Beste protokolo bat:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Helburu lehenetsia" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Helburua" firewalld-0.8.2/po/it.po0000664007115300711530000017066413641112251016260 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Andrea La Fauci , 2010 # antonio montagnani , 2013 # Antonio Trande , 2012 # Daniele Catanesi , 2009 # Francesco D'Aluisio , 2011,2013 # Francesco D'Aluisio , 2011 # Francesco Tombolini , 2005-2008,2010 # fvalen , 2004 # Franco Godone , 2008 # fvalen , 2004,2014 # fvalen , 2014 # Germano Massullo , 2013 # Gianluca Sforna , 2012 # Guido Grazioli , 2008 # Luca Ferrari , 2004 # Mario Santagiuliana , 2011 # Massimiliano Tropeano , 2013 # Massimiliano Tropeano , 2013 # Paolo Dona' , 2004 # tavanofabio , 2013 # tavanofabio , 2013 # Gregorio , 2016. #zanata # Terry Chuang , 2016. #zanata # Andrea Masala , 2017. #zanata # Elena Metelli , 2017. #zanata # Thomas Woerner , 2017. #zanata # Elena Metelli , 2018. #zanata # Eric Garver , 2018. #zanata # Milo Casagrande , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:24+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Italian (http://www.transifex.com/projects/p/firewalld/" "language/it/)\n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Applet firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configurazione del firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;rete;sicurezza;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Seleziona zona per l'interfaccia '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona predefinita" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Seleziona la zone per la connessione '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "Impossibile impostare la zona {zone} per la connessione {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Selezionare la zona per il sorgente '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configura Shields Up/Down Zones" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Qui è possibile selezionare le zone usate per Shields Up e Shields Down." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Questa funzione è utile per coloro che usano soprattutto le zone " "predefinite. Per gli utenti che modificano le zone delle connessioni, " "potrebbe essere limitata." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Zona Shields Up:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Ripristina impostazioni predefinite" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Zona Shields Down:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Informazioni su %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Autori" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licenza" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Shields Up" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Abilita Notifiche" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Modifica Impostazioni Firewall..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Cambia Zone di Connessione..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configura Shields UP/Down Zones..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Blocca l'intero traffico di rete" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Informazioni" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Connessioni" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaccia" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sorgente" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorizzazione fallita." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Nome non valido" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Nome già esistente" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona predefinita: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Impossibile ottenere le connessioni da NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nessuna importazione NetworkManager disponibile" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Non connesso al demone firewall" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "L'intero traffico di rete è bloccato." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Zona Predefinita: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona predefinita '{default_zone}' attivata per la connessione '{connection}' " "sull'interfaccia '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' attiva per la connessione '{connection}' sull'interfaccia " "'{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' attiva per l'interfaccia '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' attiva per la sorgente {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Nessuna Zona Attiva." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Connessione a Firewalld stabilita." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Connessione a Firewalld persa." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "Firewalld è stato ricaricato." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona predefinita cambiata a '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Il traffico di rete non è più bloccato." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "attivato" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "disattivato" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zona predefinita '{default_zone}' {activated_deactivated} per la connessione " "'{connection}' sull'interfaccia '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} per la connessione '{connection}' " "sull'interfaccia '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona '{zone}' {activated_deactivated} per l'interfaccia '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' attivata per l'interfaccia '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} per la sorgente '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' attivata per la sorgente '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Connessione a firewalld stabilita." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Tentativo di connessione a firewalld in corso, attendere..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Impossibile connettersi al firewall. Verificare che il servizio sia stato " "avviato correttamente e riprovare." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Modifiche applicate." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Usato dalla connessione di rete '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona predefinita utilizzata dalla connessione di rete '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "abilitato" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "disabilitato" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Caricamento icone fallito." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contesto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Linea di comando" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nome utente" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID utente" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabella" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Catena" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorità" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argomenti" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "In esecuzione" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Salvata" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servizio" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porta" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocollo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Alla porta" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "All'indirizzo" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Associazioni" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Voce" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipologìa Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Famiglia" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Azione" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Controllo" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfaccia" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Commento" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Sorgente" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Attenzione" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Errore" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accetta" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rifiuta" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "rilascio" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "contrassegno" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limita" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servizio" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "porta" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocollo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "mascheramento" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "blocco-icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "porta inoltro" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "porta-sorgente" #: ../src/firewall-config.in:2097 msgid "level" msgstr "livello" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "si" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Zona predefinita: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': Servizio '%s' non disponibile." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Elimina Zona" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignora" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': tipo ICMP '%s' non disponibile." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Zona integrata, impossibile rinominare." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "secondo" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ora" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "giorno" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergenza" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "avviso" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critico" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "errore" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "attenzione" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "avviso" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informazioni" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "L'inoltro ad un altro sistema è utile solo se l'interfaccia è nattata.\n" "Si vuole nattare questa zona?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Servizio integrato, impossibile rinominare." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" "Si prega di inserire un indirizzo ipv4 con la forma indirizzo[/maschera]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "La maschera può essere una maschera di rete o un numero." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" "Si prega di inserire un indirizzo ipv6 con la forma indirizzo[/maschera]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "La maschera è un numero." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Si prega di inserire un indirizzo ipv4 o ipv6 con la forma indirizzo[/" "maschera]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "La maschera può essere una maschera di rete o un numero per ipv4.\n" "La maschera è un numero per ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Ipset integrato, ridenominazione non supportata." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Per favore seleziona un file" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "File di testo" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Tutti i file" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tutte" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Helper integrato, rinominazione non supportata." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Icmp integrato, impossibile rinominare." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Impossibile leggere il file '%s': %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Selezionare la zona per il sorgente %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Indirizzo" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Assistenti Automatici" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Selezionare il valore automatico degli helper:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Inserire il comando." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Inserire il contesto." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Si prega di selezionare la zona predefinita dalla lista sotto." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Catena" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Prego selezionare ipv e tabella e inserire il nome della catena." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Catena:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "sicurezza" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabella:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regola di attraversamento diretto" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Prego selezionare l'ipv e inserire gli argomenti." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argomenti:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Forwarding della porta" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Selezionare le opzioni di sorgente e destinazione in base alle proprie " "esigenze." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porta / Intervallo di porte:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Indirizzo IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocollo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destinazione" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se si abilita il forward locale, si deve specificare una porta. Questa porta " "deve essere diversa dalla porta sorgente." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Forward locale" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Forward verso un'altra porta" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Impostazioni di base per gli helper" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configurare le impostazioni di base per gli helper:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Le voci in grassetto sono obbligatorie, tutte le altre sono opzionali." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versione:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Breve:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrizione:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Famiglia:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modulo:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Helper" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Selezionare un helper:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Impostazioni di base Tipologìa ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configurare le impostazioni di base ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Sezionare il tipo di ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Aggiungi voce" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Aggiungi voci dal file" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Rimuovi la voce selezionata" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Rimuovi tutte le voci" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Rimuovi le voci dal file" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_File" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opzioni" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Ricarica Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Ricarica le regole del firewall. L'attuale configurazione salvata diventerà " "la nuova configurazione in uso. p.e. tutti i cambiamenti fatti prima saranno " "perse con la ricarica se non sono presenti anche nella configurazione " "salvata." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Cambia l'appartenenza ad una zona di una rete." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Cambia Zona Predefinita " #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Cambia la zona predefinita di connessioni o interfacce." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Log di modifica negato" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Valore Log di modifica negato." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurare Assegnazione Assistenti Automatici" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configurare l'impostazione Assegnazione Assistenti Automatici" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Modalità panico significa che tutti i pacchetti in ingresso e uscita " "verranno scartati." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modalità Panico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown blocca la configurazione del firewall in modo che solo le " "applicazioni nella lockdown whitelist possano cambiarla." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lockdown" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Rendi la configurazione di runtime permanente" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime su permanente" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Visualizza" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipi ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Helper" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configurazione Esperta" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Whitelist lockdown" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Associazioni attive" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Aiu_to" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Modifica zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Modifica zona associazione" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Nascondere le associazioni a runtime attive di connessioni, interfacce e " "sorgenti alle zone" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Mostrare le associazioni a runtime attive di connessioni, interfacce e " "sorgenti alle zone" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configurazione:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configurazione attuale visibile. La configurazione runtime è l'attuale " "configurazione attiva. Quella persistente sarà attiva dopo il ricaricamento " "o il riavvìo del servizio o del sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Una zona firewalld definisce il livello di fiducia per le connessioni della " "rete, interfacce e indirizzi della sorgente legati alla zona. La zona " "combina servizi, porte, protocolli, mascheramenti, inoltro porte/pacchetti, " "filtri icmp e regole estese. La zona può essere associata alle interfacce e " "agli indirizzi della sorgente." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Aggiungi Zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Modifica Zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Elimina Zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carica Zona Predefinita" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Qui è possibile definire quali servizi sono fidati nella zona. I servizi " "fidati sono accessibili da tutti gli host e reti che possono raggiungere la " "macchina attraverso connessioni, interfacce e sorgenti associate a questa " "zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servizi" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Aggiungere ulteriori porte o intervalli di porte, che dovranno essere " "accessibili da tutti gli host o reti che possono connettersi alla macchina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Alla porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Modifica Zona" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Elimina Zona" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porte" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Aggiungere i protocolli che si necessita rendere accessibili per tutti gli " "host o reti." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Aggiungi protocollo" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Modifica protocollo" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Rimuovi protocollo" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocolli" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Aggiungere ulteriori porte o intervalli di porte sorgente, che devono essere " "accessibili da tutti gli host o reti che possono connettersi alla macchina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Porte Sorgente" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Il mascheramento (masquerading) permette di impostare un host o un router " "che connette la rete locale ad Internet. La rete locale non sarà visibile e " "gli host appariranno come un singolo indirizzo su Internet. Il mascheramento " "è disponibile solo con IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona Mascherata" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Se si abilta il masquerading, l'IP forwarding sarà abilitato per le reti " "IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Mascheramento" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Aggiungere righe per eseguire il forward delle porte sia da una porta ad " "un'altra sul sistema locale o dal sistema locale ad un altro sistema. " "Eseguire il forward verso un altro sistema è utile solo se l'interfaccia è " "mascherata. Il forwarding delle porte è disponibile solo con IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Aggiungi Forward di porta" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Modifica Forward di porta" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Rimuovi Forward di porta" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "L'Internet Control Message Protocol (ICMP) è principalmente utilizzato per " "inviare messaggi d'errore fra computer in rete, ma anche per messaggi " "informativi come richieste e risposte ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Contrassegnare nell'elenco i tipi ICMP che dovranno essere rifiutati. A " "tutti gli altri tipi ICMP sarà consentito di oltrepassare il firewall. " "L'impostazione predefinita è: nessuna limitazione." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Se l’opzione Inverti filtro è abilitata, le voci ICMP contrassegnate sono " "accettate e le altre respinte. In una zona con DROP destinazione, sono " "scartate." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Inverti filtro" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Qui è possibile impostare le regole estese per la zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Aggiungi Regola Estesa" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr " Modifica Regola Estesa" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Rimuovi Regola Estesa" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regole Estese" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Aggiunta voci per collegare interfacce alla zona. Se l'interfaccia sarà " "utilizzata da una connessione, la zona verrà impostata alla zona specificata " "nella connessione." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Aggiungi Interfaccia" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Modifica Interfaccia" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Rimuovi Interfaccia" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Aggiungere le voci per associare gli indirizzi sorgente o le aree alla zona. " "Si possono anche associare ad un indirizzo sorgente MAC, ma con limitazioni. " "Il port forwarding e il mascheramento non funzioneranno per le associazioni " "ai MAC sorgente." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Aggiungi Sorgente" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Modifica Sorgente" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Rimuovi Sorgente" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zone" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un servizio firewalld è una combinazione di porte, protocolli, moduli e " "indirizzi di destinazione." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Aggiungi Servizio" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Modifica Servizio" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Elimina Servizio" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carica Servizi Predefiniti" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Aggiungere ulteriori porte o intervalli di porte, che devono essere " "accessibili per tutti gli host o reti." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Modifica voce" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Rimuovi voce" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Aggiungere ulteriori porte o intervalli di porte sorgente, che devono essere " "accessibili per tutti gli host o reti." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Porta sorgente" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "I moduli helper sono necessari per alcuni servizi." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduli" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se si specificano indirizzi di destinazione, la voce del servizio sarà " "limitato a quell'indirizzo o al tipo. Se entrambe le voci sono vuote, non ci " "sono limitazioni." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "E' possibile cambiare i servizi solo nella vista configurazione permanente. " "La configurazione runtime dei servizi è fissa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Un IPSet può essere usato per creare liste bianche o nere ed è in grado di " "memorizzare per esempio gli indirizzi IP, numeri di porta o indirizzi MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Aggiungi IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Modifica IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Rimuovi IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Carica impostazioni predefinite IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Voci dell'IPSet. Si è in grado di vedere solamente le voci degli ipset che " "non stanno usando l'opzione timeout, ed anche solamente le voci che sono " "state aggiunte da firewalld. Le voci che sono state aggiunte direttamente " "con il comando ipset non saranno visualizzate qui." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Questo IPSet usa l'opzione timeout, perciò nessuna delle voci è visibile " "qui. Le voci dovrebbero essere prese in considerazione direttamente con il " "comando ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Aggiungere" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Voci" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Gli IPSet possono essere creati o eliminati solo nella vista di " "configurazione permanente." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Un icmptype di firewalld fornisce l'informazione per un tipo di Internet " "Control Message Protocol (ICMP) per firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Aggiungi ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Modifica ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Rimuovi ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carica ICMP Predefiniti" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Definisci se questo tipo di ICMP è disponibile per IPv4 e/o IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "E' possibile cambiare i tipi ICMP solo nella vista configurazione " "permanente. La configurazione runtime dei tipi ICMP è fissa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "È disponibile un helper di controllo per la connessione che consente il " "funzionamento di protocolli che utilizzano flussi diversi per segnalazione e " "trasferimento dati. Per il trasferimento di dati vengono utilizzate porte " "diverse da quelle utilizzate per segnalare la connessione e bloccate dal " "firewall senza helper." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Definire le porte o intervalli di porte, che sono monitorati dall'assistente." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configurazione esperta permette un accesso più profondo al firewall. " "Queste opzioni richiedono all'utente una conoscenza dei concetti base di " "iptables, p.e. tabelle, catene, comandi, parametri e obiettivi. La " "configurazione esperta dovrebbe essere usata solo come ultima possibilità " "quando non è possibile utilizzare gli altri strumenti di firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "L'argomenti ipv di ogni opzione deve essere ipv4 o ipv6 o eb. Se ipv4 sarà " "per iptables, se ipv6 sarà per ip6tables e con eb sarà per i bridge ethernet " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Catene aggiuntive per l'utilizzo con regole." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Aggiungi Catena" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Modifica Catena" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Rimuovi Catena" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Catene" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Aggiungi una regola con gli argomenti args ad una catena in una tabella con " "priorità." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La priorità viene usata per ordinare le regole. Priorità 0 significa " "aggiungere la regola in cima alla catena, con una priorità maggiore la " "regola verrà aggiunta sempre più in basso. Regole con la stessa priorità " "sono allo stesso livello e l'ordine di queste regole non è fisso e può " "cambiare. Se si vuole essere sicuri che una regola venga aggiunta dopo " "un'altra, utilizzare una priorità minore per la prima e maggiore per la " "seconda." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Aggiungi Regola" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Modifica Regola" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Rimuovi Regola" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regole" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Le regole di passthrough vengono inviate direttamente al firewall e non " "vengono inserite in catene speciali. Tutte le opzioni di iptables, ip6tables " "e ebtables possono essere usate." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Siate prudenti con le regole di passthrough per non danneggiare il firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Aggiungi Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Modifica Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Rimuovi Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La funzionalità lockdown è una versione light delle politiche dell'utente e " "dell'applicazione per firewalld. Limita le modifiche del firewall. La " "whitelist lockdown può contenere, comandi, contesti, utenti e user id." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Il contesto è il contesto di sicurezza (SELinux) di un’applicazione o di un " "servizio in esecuzione. Per ottenere il contesto di un’applicazione in " "esecuzione, utilizzare ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Aggiungi Contesto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Modifica Contesto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Rimuovi Contesto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contesti" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Se una voce di comando nella whitelist finisce per asterisco '*', tutti i " "comandi che iniziano per il comando corrisponderanno. Se non c'è '*' il " "comando assoluto compresi argomenti dovrà corrispondere." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Aggiungi Riga di Comando" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Modifica Riga di Comando" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Rimuovi Riga di Comando" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Linee di comando" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nomi utente." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Aggiungi Nome Utente" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Modifica Nome Utente" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Rimuovi Nome Utente" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nomi utenti" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ID utenti." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Aggiungi Id Utente" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Modifica Id Utente" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Rimuovi Id Utente" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ID Utenti" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona predefinita di sistema corrente." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log negato:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modalità Panico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Assistenti Automatici:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lockdown:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona Predefinita:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Immettere un nome per l'interfaccia:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Impostazioni di base IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configurare le impostazioni di base ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipo:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Dimensione hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Elem max:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valore del timeout in secondi" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Dimensione hash iniziale, valore predefinito 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Numero max di elementi, valore predefinito 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Per favore selezionare un ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Immettere una voce IPSet:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log negato" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Selezionare il valore del log negato:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Contrassegno" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Inserire un contrassegno con una maschera opzionale." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Contrassegno e campi del contrassegno sono entrambi numeri senza segno a 32 " "bit." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Contrassegno:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maschera:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Immettere un helper per il controllo della connessione di Netfiler:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Seleziona -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Altro Modulo:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porta e protocollo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Inserire una porta ed un protocollo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regola Diretta" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Prego selezionare l'ipv e la tabella, la priorità della catena e inserire " "gli argomenti." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorità:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Per cortesia scegli un protocollo" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Altro Protocollo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regola Estesa" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Inserire una regola estesa." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "Per host o rete bianca o in lista nera disattivare l'elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Sorgente:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destinazione:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Controllo:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 e ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertito" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Per abilitarlo, Action deve essere 'reject' e Family 'ipv4' o 'ipv6' (non " "entrambi)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "con Tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Con limite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefisso:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Livello" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Azione:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Impostazioni Servizi di Base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configurare le impostazioni del servizio di base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Per favore selezionare un servizio." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Immettere una sorgente." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID utente" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Per favore inserire l'id utente" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Per favore inserire il nome utente" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etichetta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Impostazioni Base Zone" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Impostare la configurazione della base zone:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destinazione Predefinita" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destinazione:" firewalld-0.8.2/po/zh_TW.po0000664007115300711530000016171213641112252016672 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Ben Wu , 2002-2004 # Chester Cheng , 2004-2006,2010,2014 # Chester Cheng , 2004 # Chester Cheng , 2010 # Chester Cheng , 2010 # Terry Chuang , 2008-2009,2014 # Waika Liu , 2005 # Walter Cheuk , 2005 # Cheng-Chia Tseng , 2016. #zanata # Chester Cheng , 2016. #zanata # Terry Chuang , 2016. #zanata # Cheng-Chia Tseng , 2017. #zanata # Eric Garver , 2018. #zanata # Peter Pan , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-11-16 08:29+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" "firewalld/language/zh_TW/)\n" "Language: zh_TW\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "防火牆面板程式" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "防火牆" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "防火牆組態" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "防火牆;網路;安全性;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "選取「%s」介面的界域" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "預設界域" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "選取「%s」連線的界域" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "無法為連線 {connection_name} 設定區域 {zone}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "選取「%s」來源的界域" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "設定防禦展開/卸下界域" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "您可以在這裡選取「防禦展開」與「防禦卸下」所要使用的界域。" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "此功能對於大多數使用預設界域的人來說很有用處。至於更改連線的界域之使用者,這" "可能用處不大。" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "防禦展開界域:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "重設回預設值" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "防禦卸下界域:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "關於 %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "作者" #: ../src/firewall-applet.in:401 msgid "License" msgstr "授權條款" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "防禦展開" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "啟用通知" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "編輯防火牆設定..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "變更連線的界域..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "設定防禦展開/卸下界域..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "封鎖所有網路交通" #: ../src/firewall-applet.in:500 msgid "About" msgstr "關於" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "連線" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "介面" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "來源" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "授權失敗。" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "無效的名稱" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "名稱已經存在" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (界域:{zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (預設界域:{default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "從 NetworkManager 取得連線失敗" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "無可用的 NetworkManager 匯入" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "未有連接防火牆幕後程式的連線" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "所有網路交通已封鎖。" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "預設界域:「%s」" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "預設界域「{default_zone}」使用中:連線「{connection}」,介面「{interface}」" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "界域「{zone}」使用中:連線「{connection}」,介面「{interface}」" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "界域「{zone}」使用中:介面「{interface}」" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "界域「{zone}」使用中:來源 {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "無使用中界域。" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "與 FirewallD 的連線已建立。" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "與 FirewallD 的連線已中斷。" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD 已重新載入。" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "預設界域變更為「%s」。" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "網路交通已不再封鎖。" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "已啟動" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "已停止" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "預設界域「{default_zone}」{activated_deactivated}:連線「{connection}」,介面" "「{interface}」" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "界域「{zone}」{activated_deactivated}:連線「{connection}」,介面" "「{interface}」" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "界域「{zone}」{activated_deactivated}:介面「{interface}」" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "界域「%s」已啟動:介面「%s」" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "界域「{zone}」{activated_deactivated}:來源「{source}」" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "界域「%s」已啟動:來源「%s」" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "連至 firewalld 的連線已建立。" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "正在嘗試連上 firewalld,等待中..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "連接 firewalld 失敗。請確定該服務已正常啟動,然後重試。" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "變更已套用。" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "由「%s」網路連線使用" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "網路連線 '%s' 所使用的預設界域" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "已啟用" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "已停用" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "無法載入圖示。" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "情境" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "指令列" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "使用者名稱" #: ../src/firewall-config.in:244 msgid "User id" msgstr "使用者 ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "表" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "鏈" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "優先程度" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "引數" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "執行時期" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "永久" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "服務" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "連接埠" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "協定" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "至連接埠" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "至位址" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "綁定" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "條目" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp 類型" #: ../src/firewall-config.in:822 msgid "Family" msgstr "家庭" #: ../src/firewall-config.in:826 msgid "Action" msgstr "動作" #: ../src/firewall-config.in:828 msgid "Element" msgstr "元素" #: ../src/firewall-config.in:830 msgid "Src" msgstr "來源" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "目標" #: ../src/firewall-config.in:834 msgid "log" msgstr "記錄" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "稽核" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "介面" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "備註" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "來源" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "警告" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "錯誤" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "接受" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "拒絕" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "丟落" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "標記" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "限制" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "服務" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "接埠" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "協定" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "偽裝" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "等級" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "是" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "界域" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "預設界域:%s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "界域:%s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "界域「%s」:服務「%s」無法使用。" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "移除" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "忽略" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "界域「%s」:ICMP 類型「%s」無法使用。" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "內建界域,不支援重新命名。" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "秒" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "分鐘" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "小時" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "日" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "緊急" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "警示" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "嚴重" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "錯誤" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "警告" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "注意" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "資訊" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "除錯" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "轉送至其他系統的功能僅在介面為偽裝之時才會有用。\n" "您是否想要偽裝此界域?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "內建服務,不支援重新命名。" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "請從格式位址(或遮罩)輸入 IPV4 位址" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "遮罩可以是網路遮罩或數字。" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "請從格式位址(或遮罩)輸入 IPV6 位址" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "遮罩為數字。" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "請從格式位址(或遮罩)輸入 IPV4 或 IPV6 位址。" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "IPv4 遮罩可以是網路遮罩或數字。\n" "IPv6 遮罩是數字。" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "內建 ipset,不支援重新命名。" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "請選擇一個檔案" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "文字檔案" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "所有檔案" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "全部" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "內建輔助器,不支援重新命名。" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "內建 icmp,不支援重新命名。" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "讀取檔案 '%s' 失敗:%s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "選取 %s 來源的界域" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "位址" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "自動輔助器" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "請選取自動輔助器之值:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "請輸入指令列。" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "請輸入情境。" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "請從下列清單中選取預設界域。" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "直接鏈條" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "請選取 ipv 與表格,並輸入鏈條名稱" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "鏈條:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "原始" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "安全性" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "表格:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "直接通透規則" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "請選取 ipv 並輸入引數。" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "引數:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "連接埠轉送" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "請根據您的需求選擇來源以及目的地選項。" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "連接埠 / 連接埠範圍:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP 位址:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "通訊協定:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "目的地" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "若您啟用本地端轉送,您就必須要指定連接埠。這個連接埠必須和來源連接埠不同。" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "本地端轉送" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "轉送至其他連接埠" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "基礎輔助器設定" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "請設定基礎輔助器設定值:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "粗體的條目為強制項目,其他條目則為選用項目。" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "名稱:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "版本:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "簡短:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "描述:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "家庭:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "模組:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "輔助器" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "請選取輔助器:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "基礎 ICMP 類型設定" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "請調整基礎 ICMP 類型設定:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP 類型" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "請選取 ICMP 類型" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "加入條目" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "從檔案新增項目" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "移除選擇的項目" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "移除所有項目" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "從檔案中移除項目" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "檔案(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "選項(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "重新載入 Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "重新載入防火牆規則。目前的永久組態會變成新的執行時期組態。舉例,所有的執行時" "期下的變動直到重新載入前都會有效:只要改變不是設在永久組態中,那麼一旦重新載" "入後所有改動都會消失。" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "變更網路連線所屬的界域。" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "變更預設界域" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "變更連線或介面的預設界域。" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "變更日誌被拒" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "變更 LogDenied 值。" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "設定自動輔助器指派" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "設定自動輔助器指派設定。" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "恐慌模式代表所有連入與傳出封包都會直接丟棄。" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "恐慌模式" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "封鎖管制會鎖上防火牆組態,只有封鎖管制白名單中列出的應用程式可以改動組態。" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "封鎖管制" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "使 runtime 配置永久化" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "使 Runtime 永久化" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "檢視(_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP 類型" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "輔助器" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "直接組態" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "封鎖管制白名單" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "使用中的綁定" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "求助(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "變更區域" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "變更綁定的界域" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "在界域中隱藏連線、介面及來源的使用中執行時期綁定" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "在界域中顯示連線、介面及來源的使用中執行時期綁定" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "組態:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "目前可見的組態。執行時期組態為實際使用中組態。永久組態將在服務或系統重新載入" "或重新啟動之後啟動。" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld 界域所定義的是綁定該界域之網路連線、介面、來源位址的信任等級。界域" "能結合服務、連接埠、協定、偽裝、連接埠/封包轉送、icmp 過濾、豐富規則等。界域" "可以與介面、來源位址等綁定。" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "加入界域" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "編輯界域" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "移除界域" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "載入界域預設值" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "你可以在此處定義該界域中有哪些服務值得信任。只要此界域所綁定之連線、介面、來" "源的主機與網路能觸及本機,則皆可存取這些信任的服務。" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "服務" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "請添加其他連接埠或連接埠範圍,讓所有可連接至本機的主機或網路存取。" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "加入連接埠" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "編輯連接埠" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "移除連接埠" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "連接埠" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "新增通訊協定,並且必須能被所有主機或網路存取。" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "加入協定" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "編輯協定" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "移除協定" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "協定" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "加入其他來源連接埠或連接埠範圍,讓所有可連接至本機的主機或網路存取。" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "來源連接埠" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "偽裝可讓您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路" "不會被看見,且眾主機在網際網路上會顯示成單一位址。偽裝功能僅適用於 IPv4。" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "偽裝界域" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "若您啟用偽裝,將為您的 IPv4 網路啟用 IP 轉送功能。" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "偽裝" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "新增條目來從本地端系統上的一個連接埠轉送至另一個連接埠,或由本地端系統轉送至" "另一部系統。僅在介面卡偽裝時才能轉送至另一部系統。連接埠轉送功能僅適用於 " "IPv4。" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "加入轉送連接埠" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "編輯轉送連接埠" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "移除轉送連接埠" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "網際網路控制訊息通訊協定 (Internet Control Message Protocol, ICMP) 主要用在連" "網電腦間錯誤訊息的傳送,不過也能被用來傳送像是 ping 請求和回應的資訊訊息。" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則允許通過防火牆。預設值" "為無限制。" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "如果啟用了反轉篩選器,系統會接受已標示的 ICMP 項目,但拒絕其他項目。在目標為 " "DROP 的界域中,它們會被丟棄。" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "反轉篩選器" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP 過濾器" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "您可以在這裡設定界域的豐富語言規則。" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "加入豐富規則" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "編輯豐富規則" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "移除豐富規則" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "豐富規則" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "請添加條目來將介面與此界域綁定。如果介面會被某連線使用,則界域將被設為連線中" "所指定的界域。" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "加入介面" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "編輯介面" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "移除介面" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "請添加條目來將來源位址或區域與此界域綁定。您也可以綁定至 MAC 來源位址,但有限" "制。port forwarding 與 masquerading 都無法在 MAC 來源綁定上運作。" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "加入來源" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "編輯來源" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "移除來源" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "界域" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld 服務可由連接埠、協定、模組、目的地位址等組合而成。" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "加入服務" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "編輯服務" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "移除服務" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "載入服務預設值" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "新增額外的通訊埠或通訊埠範圍,並且必須能被所有主機或網路存取。" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "編輯條目" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "移除條目" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "加入其他來源連訊埠或連接埠範圍,讓所有主機或網路均可存取。" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "來源連接埠" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "有些服務必須有 Netfilter 輔助器模組。" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "模組" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "若您指定目標位址,服務條目將限於目的地位址與類型。若兩條目皆空,則沒有限制。" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "服務僅可以在永久組態檢視下更動。服務的執行時期組態是固定不變的。" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet 可以用來建立白名單或黑名單,且可以儲存例如 IP 位址、連接埠號、或 MAC 位" "址等。" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "加入 IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "編輯 IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "移除 IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "載入 IPSet 預設值" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet 的條目。您只能看到未使用逾時選項的 IPset 條目,以及加入 firewalld 的條" "目。已經透過 ipset 指令直接加入的條目不會在此列出。" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "這 IPSet 使用逾時值,因此此處看不到任何條目。這些條目應該直接透過 ipset 指令" "來處理。" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "加入" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "條目" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "IPSet 只能在永久配置檢視下建立或刪除。" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype 為 firewalld 提供網際網路控制訊息協定 (ICMP,Internet " "Control Message Protocol) 類型資訊。" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "加入 ICMP 類型" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "編輯 ICMP 類型" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "移除 ICMP 類型" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "載入 ICMP 類型預設值" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "指明此 ICMP 類型在 IPv4 與/或 IPv6 中是否可用。" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP 類型僅可以在永久組態檢視下更動。ICMP 類型的執行時期組態是固定不變的。" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "連線追蹤輔助器是要輔助使用不同訊號、資料傳輸流向的協定運作。資料傳輸若使用無" "關訊號連線的連接埠,在沒有輔助器的情況下會被防火牆封鎖。" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "定義連接埠或連接埠範圍,由輔助器監控。" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "直接組態讓您可以更直接地存取防火牆。這些選項需要使用者知曉基礎的 iptables 概" "念,例如表格、鏈條、指令、參數、目標等。直接組態應該謹以「最後的避風港」的心" "態對待,只在無法使用其他 firewalld 功能時才使用。" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "每個選項的 ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 " "ip6tables,而 eb 用於乙太網路接橋 (ebtables)。" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "要使用的規則的額外鏈條。" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "加入鏈條" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "編輯鏈條" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "移除鏈條" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "鏈條" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "加入有 args 引數的規則到有優先等級的表格的鏈條中。" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "優先等級用來排序規則。優先等級 0 代表將規則加到鏈條頂端;優先等級數字越高,規" "則會越往後擺放。相同優先等級的規則位在同個等級中,而這些規則的順序並非固定而" "可能變動。如果您想要確保某規則在某個規則之後才加入,前者請使用較低的優先等" "級,後者請使用較高的優先等級。" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "加入規則" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "編輯規則" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "移除規則" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "規則" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "通透規則會直接傳遞給防火牆,而不會放入特殊鏈條中。所有的 iptabls、ip6tables " "與 ebtables 選項皆可使用。" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "使用通透規則時請務必小心以免損壞防火牆。" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "加入通透" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "編輯通透" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "移除通透" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "通透" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "封鎖管制功能是 firewalld 其使用者與應用程式方針的輕量版。它會限制防火牆的更" "動。封鎖管制白名單可以包含指令、情境、使用者與使用者 ID。" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "情境是指執行中應用程式或服務的安全情境 (SELinux 情境)。若要取得執行中應用程式" "的情境,請使用指令 ps -e --context。" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "加入情境" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "編輯情境" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "移除情境" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "情境" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "如果白名單中的指令條目是以米字號「*」結尾,則所有以該指令列開頭的任何指令皆會" "匹配。如果「*」並非結尾,則必須精確符合該指令與相關引數。" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "加入指令列" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "編輯指令列" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "移除指令列" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "指令列" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "使用者名稱。" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "加入使用者名稱" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "編輯使用者名稱" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "移除使用者名稱" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "使用者名稱" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "使用者 ID。" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "加入使用者 ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "編輯使用者 ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "移除使用者 ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "使用者 ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "系統的目前預設界域。" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "已拒絕的日誌:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "恐慌模式:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "自動輔助器:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "封鎖管制:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "預設域:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "請輸入介面名稱:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "基礎 IPSet 設定值" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "請調整基礎 IPSet 設定值組態:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "類型:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "時限:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashsize:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "時限值,單位為秒" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "初始雜湊大小,預設 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "元素最大數,預設 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "請選取 IPset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "請輸入 ipset 項目:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "已拒絕的日誌" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "請選擇已拒絕的日誌值:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "標記" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "請輸入標記與選用的遮罩。" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "標記與遮罩欄位都是 32 位元寬的無正負號數字。" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "標記:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "遮罩:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "請選取 netfilter 連接追蹤輔助器:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- 選取 -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "其他模組:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "連接埠與通訊協定" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "請輸入連接埠與協定。" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "直接規則" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "請選取 ipv 與表格、鏈條優先等級,並輸入引數。" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "優先等級:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "請輸入協定。" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "其他協定:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "豐富規則" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "請輸入豐富規則。" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "主機或網路白名單、黑名單來停用元素。" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "來源:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "目標:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "記錄:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "稽核:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 與 ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "反轉" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "要啟用此功能,「動作」必須是「拒絕」而「家族」必須是「ipv4」或「ipv6」(而非" "兩者)。" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "此類型:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "有限制:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "前綴:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "等級:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "元素:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "動作:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "基礎服務設定" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "請設定基礎服務設定:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "請選取服務。" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "請輸入來源。" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "使用者 ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "請輸入使用者 ID。" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "請輸入使用者名稱。" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "標籤" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "基礎界域設定" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "請設定基礎界域設定:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "預設目標" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "目標:" firewalld-0.8.2/po/POTFILES.skip0000664007115300711530000000000013341016621017372 0ustar00egarveregarver00000000000000firewalld-0.8.2/po/da.po0000664007115300711530000016460013641112250016220 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Christian Rose , 2002 # Keld Simonsen , 2002-2005 # Keld Simonsen , 2005-2006 # Kris Thomsen , 2009-2010 # scootergrisen , 2017. #zanata # scootergrisen , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2018-09-20 10:43+0000\n" "Last-Translator: scootergrisen \n" "Language-Team: Danish (http://www.transifex.com/projects/p/firewalld/" "language/da/)\n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Firewall-applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Konfiguration af firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "firewall;network;security;iptables;netfilter;netværk;sikkerhed;iptabeller;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Vælg zone til grænseflade '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standardzone" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Vælg zone for forbindelse '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Kunne ikke sætte zonen {zone} til forbindelsen {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Vælg zone for kilde '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Konfigurer skjolde op/-ned-zoner" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Her kan du vælge zonerne som bruges til skjolde op og skjolde ned." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Denne facilitet er nyttig for personer som mest bruger standardzonerne. Den " "kan have begrænset anvendelse for brugere som skifter zoner af forbindelser." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Skjolde op-zone:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Nulstil til standard" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Skjolde ned-zone:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "Om %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Forfattere" #: ../src/firewall-applet.in:401 msgid "License" msgstr "Licens" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Skjolde op" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Aktivér notifikationer" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Rediger firewallindstillinger..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Skift zoner af forbindelser..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Konfigurer skjolde op/-ned-zoner..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Bloker al netværkstrafik" #: ../src/firewall-applet.in:500 msgid "About" msgstr "Om" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Forbindelser" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Grænseflader" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Kilder" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentifikation mislykkedes." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Ugyldigt navn" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Navn findes allerede" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (zone: {zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (standardzone: {default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Kunne ikke hente forbindelser fra NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Ingen NetworkManager-importeringer tilgængelige" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "Ingen forbindelse til firewall-dæmon" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "Al netværkstrafik er blokeret." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Standardzone: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standardzone '{default_zone}' aktiv for forbindelse '{connection}' på " "grænseflade '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' aktiv for forbindelse '{connection}' på grænseflade " "'{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' aktiv for grænseflade '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' aktiv for kilde {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "Ingen aktive zoner." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Forbindelse til FirewallD etableret." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Forbindelse til FirewallD tabt." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD er blevet genindlæst." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Standardzone ændret til '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Netværkstrafik er ikke længere blokeret." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "aktiveret" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deaktiveret" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standardzone '{default_zone}' {activated_deactivated} for forbindelse " "'{connection}' på grænseflade '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} for forbindelse '{connection}' på " "grænseflade '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} for grænseflade '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' aktiveret for grænseflade '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} for kilde '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' aktiveret for kilde '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Forbindelse til firewalld etableret." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Prøver at oprette forbindelse til firewalld, venter..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Kunne ikke oprette forbindelse til firewalld. Sørg venligst for at tjenesten " "er blevet startet korrekt og prøv igen." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ændringer anvendt." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Brugt af netværksforbindelse '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standardzone brugt af netværksforbindelse '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aktiveret" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "deaktiveret" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Kunne ikke indlæse ikoner." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Sammenhæng" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Kommandolinje" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Brugernavn" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Bruger-id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabel" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Kæde" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritet" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenter" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Kørselstid" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Tjeneste" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Til port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Til adresse" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindinger" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Punkt" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP-type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familje" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Handling" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Kilde" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Grænseflade" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Kilde" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Advarsel" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fejl" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accepter" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "afvis" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "mærk" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "grænse" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "tjeneste" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-blok" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "videresendelsesport" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "kilde-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "niveau" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ja" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Standardzone: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Tjeneste '%s' er ikke tilgængelig." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Fjern" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignorer" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP-type '%s' er ikke tilgængelig." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Indbygget zone, omdøbning understøttes ikke." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekund" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minut" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "time" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dag" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "nødstilfælde" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritisk" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "fejl" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "advarsel" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notits" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "fejlret" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Videresending til et andet system er kun nyttigt hvis grænsefladen er " "maskeret.\n" "Vil du maskere denne zone?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Indbygget tjeneste, omdøbning understøttes ikke." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Indtast venligst en ipv4-adresse med formadressen[/mask]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "Masken kan være en netværksmaske eller et nummer." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Indtast venligst en ipv6-adresse med formadressen[/mask]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "Masken er et nummer." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Indtast venligst en ipv4- eller ipv6-adresse med formadressen[/mask]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Masken kan være en netværksmaske eller et nummer for ipv4.\n" "Masken er et nummer for ipv6." #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "Indbygget IP-sæt, omdøbning understøttes ikke." #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "Vælg venligst en fil" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "Tekstfiler" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "Alle filer" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alle" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "Indbygget hjælper, omdøbning understøttes ikke." #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Indbygget ICMP, omdøbning understøttes ikke." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "Kunne ikke læse fil '%s': %s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Vælg zone for kilde %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresse" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatiske hjælpere" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Vælg venligst automatisk hjælperværdien:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Indtast venligst kommandolinjen." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Indtast venligst sammenhænget." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Vælg venligst standardzone fra listen nedenfor." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direkte kæde" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Vælg venligst ipv og tabel og indtast kædenavnet." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Kæde:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "rå" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "sikkerhed" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabel:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direkte videregivelsesregel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Vælg venligst ipv og indtast argumenterne." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumenter:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Videresendelse af port" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Vælg venligst kilden og destinationsindstillingerne som passer til dine " "behov." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port/portinterval:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-adresse:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Hvis du aktiverer lokal videresendelse, skal du angive en port. Denne port " "skal være forskellig fra kildeporten." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokal videresendelse" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Videresend til en anden port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Grundlæggende hjælperindstillinger" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Konfigurer venligst grundlæggende hjælperindstillinger:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Punkter med fed skrift er obligatoriske, alle andre er valgfrie." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Navn:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kort:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beskrivelse:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familje:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Hjælper" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Vælg venligst en hjælper:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Grundlæggende ICMP-type-indstillinger" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Konfigurer venligst grundlæggende ICMP-type-indstillinger:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Vælg venligst en ICMP-type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Tilføj punkt" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Tilføj punkter fra fil" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Fjern valgte punkter" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Fjern alle punkter" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Fjern punkter fra fil" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fil" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Valgmuligheder" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Genindlæs firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Genindlæser firewall-regler. Nuværende permanent konfiguration vil blive til " "ny kørselstidskonfiguration. Dvs. alle ændringer som kun er foretaget for " "kørselstid op til genindlæsning mistes ved genindlæsning hvis de ikke også " "har været i permanent konfiguration." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Vælg hvilken zone en netværksforbindelse tilhører." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Skift standardzone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Skift standardzone for forbindelser eller grænseflader." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Skift lognægtelse" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Skift lognægtelsesværdi." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigurer automatisk hjælper tildeling" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigurer automatisk hjælper tildelingsindstilling." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Paniktilstand betyder at alle indkommende og udgående pakker droppes." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Paniktilstand" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Nedlukning låser firewall-konfiguration så kun programmer på " "nedlukningshvidliste kan ændre den." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lukning" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Gør kørselstidskonfiguration permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Kørselstid til permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Vis" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IP-sæt" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-typer" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Hjælpere" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direkte konfiguration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lukningshvidliste" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktive bindinger" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hjælp" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Skift zone" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Skift zone af binding" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Skjul aktive kørselstidsbindinger af forbindelser, grænseflader og kilder " "til zoner" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Vis aktive kørselstidsbindinger af forbindelser, grænseflader og kilder til " "zoner" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Nuværende synlige konfiguration. Kørselstidskonfiguration er den faktiske " "aktive konfiguration. Permanent konfiguration vil være aktiv efter tjeneste " "eller system bliver genindlæst eller genstartet." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "En firewalld-zone angiver niveauet af betroelse for netværksforbindelser, " "grænseflader og kildeadresser bundet til zonen. Zonen kombinerer tjenester, " "porte, protokoller, maskeringer, port-/pakkevideresendelse, ICMP-filtre og " "rigregler. Zonen kan bindes til grænseflader og kildeadresser." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Tilføj zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Rediger zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Fjern zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Indlæs zonestandarder" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Her kan du definere hvilke tjeneser der er betroet i zonen. Betroet tjeneser " "er tilgængelige fra alle værter og netværk der kan nås fra maskinen fra " "forbindelser, grænseflader og kilder bundet til denne zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Tjenester" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Tilføj yderligere porte eller portintervaller som skal være tilgængelige for " "alle værter eller netværk som kan oprette forbindelse til maskinen." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Tilføj port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Rediger port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Fjern port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porte" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Tilføj protokoller som skal være tilgængelig for alle værter eller netværker." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Tilføj protokol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Rediger protokol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Fjern protokol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoller" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Tilføj yderligere kildeporte eller portintervaller som skal være " "tilgængelige for alle værter eller netværk som kan oprette forbindelse til " "maskinen." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Kildeporte" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskering tillader dig at sætte en vært eller en ruter op, som forbinder til " "dit lokale netværk til internettet. Dit lokale netværk vil ikke blive " "synligt og værterne vises som en enkelt adresse på internettet. Maskering er " "kun for IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskeradezone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Hvis du aktiverer maskering vil IP-videresending kun blive aktiveret for " "IPv4-netværk." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskerede" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Tilføj indgange til videresendelsesporte, enten fra en port til en anden på " "det lokale system eller fra det lokale system til et andet system. " "Videresendelse til et anden system er kun brugbart, hvis grænsefladen er " "maskeret. Videresendelse af port er kun for IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Tilføj videresendelsesport" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Rediger videresendelsesport" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Fjern videresendelsesport" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) er hovedsageligt brugt til at sende " "fejlmeddelser mellem computere på netværk, men også til " "informationsmeddelser, som for eksempel, ping-forespørgsler og svar." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markér de ICMP-typer i listen, der skal afvises. Alle andre ICMP-typer er " "tilladt at passere firewallen. Som standard er der ingen begrænsninger." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Hvis omvendt filter er aktiveret, accepteres mærket ICMP-punkter og andre " "afvises. I en zone med målet DROP, droppes de." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Omvend filter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Her kan du sætte rige sprogregler for zonen." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Tilføj rigregel" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Rediger rigregel" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Fjern rigregel" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rigregler" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Tilføj punkter at binde grænseflader til zonen. Hvis grænsefladen bruges af " "en forbindelse, vil zonen blive sat til zonen som er angivet i forbindelsen." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Tilføj grænseflade" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Rediger grænseflade" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Fjern grænseflade" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Tilføj punkter for at binde kildeadresser eller områder til zonen. Du kan " "også binde til en MAC-kildeadresse, men uden begrænsninger. Videresendelse " "af port og maskering virker ikke for MAC-kildebindinger." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Tilføj kilde" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Rediger kilde" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Fjern kilde" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zoner" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "En firewalld-tjeneste er en kombination af porte, protokoller, moduler og " "andre distinationsadresser." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Tilføj tjeneste" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Rediger tjeneste" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Fjern tjeneste" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Indlæs tjenestestandarder" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Tilføj yderligere porte eller portintervaller som skal være tilgængelige for " "alle værter eller netværk." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Rediger punkt" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Fjern punkt" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Tilføj yderligere kildeporte eller portintervaller som skal være " "tilgængelige for alle værter eller netværk." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Kildeport" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-hjælpermoduler kræves af nogle tjenester." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduler" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Hvis du angiver destinationsadresser, vil tjenestepunktet blive begrænset " "til destinationsadressen og typen. Hvis begge punkter er tomme er der ingen " "grænse." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Tjenester kan kun ændres i den permanente konfigurationsvisning. " "Kørselstidskonfigurationen af tjenester er fast." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Et IP-sæt kan bruges til at oprette hvid- og sortlister og er i stand til at " "lagre f.eks. IP-adresser, portnumre eller MAC-adresser. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IP-sæt" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Tilføj IP-sæt" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Rediger IP-sæt" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Fjern IP-sæt" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Indlæs IP-sæt-standarder" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Punkter af IP-sættet. Du vil kun være i stand til at se punkterne af IP-sæt " "som ikke bruger timeout-valgmuligheden, og kun punkter der er blevet " "tilføjet af firewalld. Punkter som er blevet tilføjet direkte med ipset-" "kommandoen vil ikke være listet her." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Dette IP-sæt bruger timout-valgmuligheden, så derfor er der ingen synlige " "punkter her. Punkterne skal tages af direkte men ipset-kommandoen." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Tilføj" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Punkter" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IP-sæt kan kun oprettes eller slettes i den permanente konfigurationsvisning." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "En firewalld icmptype leverer informationen fra en Internet Control Message " "Protocol-type (ICMP) for firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Tilføj ICMP-type" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Rediger ICMP-type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Fjern ICMP-type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Indlæs ICMP-typestandarder" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Angiv hvorvidt denne ICMP-type er tilgængelig til IPv4 og/eller IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-typer kan kun ændres i den permanente konfigurationsvisning. " "Kørselstidskonfiguration af ICMP-typer er fast." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "En forbindelsessporingshjælper assisterer med at få protokoller til at virke " "som bruger andre flows til signalering og dataoverførsler. Dataoverførslerne " "bruger porte som ikke har relation til den signalerende forbindelse og " "derfor er blokeret af firewallen uden hjælperen." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Definer porte eller portintervaller som overvåges af hjælperen." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Den direkte konfiguration giver en mere direkte adgang til firewallen. Disse " "valgmuligheder kræver at brugeren kender til grundlæggende iptables-" "koncepter, dvs. tabeller, kæder, kommandoer, parametre og mål. Direkte " "konfiguration bør kun bruges som en sidste mulighed når det ikke er muligt " "at bruge andre firewalld-faciliteter." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Ipv-argumentet for hver valgmulighed skal være ipv4, ipv6 eller eb. Med ipv4 " "vil den være for iptables, med ipv6 for ip6tables og med eb for ethernet-" "broer (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Yderligere kæder til brug med regler." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Tilføj kæde" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Rediger kæde" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Fjern kæde" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Kæder" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Tilføj en regel med argumenternes argumenter til en kæde i en tabel med en " "prioritet." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Prioriteten bruges til at sætte regler i rækkefølge. Prioritet 0 betyder " "tilføj regel øverst i kæden, med en højere prioritet tilføjes reglen længere " "nede. Regler med den samme prioritet er på samme niveau og rækkefølgen for " "disse regler er ikke fast og kan skifte. Hvis du vil sørge for at en regel " "vil blive tilføjet efter en anden, så bruge en lav prioritet til den første " "og en højere til den efterfølgende." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Tilføj regel" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Rediger regel" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Fjern regel" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regler" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Videregivelsesreglerne videresendes direkte til firewallen og placeres ikke " "i specielle kæder. Alle iptables-, ip6tables- og ebtables-valgmuligheder kan " "bruges." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Pas på med ikke at skade firewallen med videregivelsesregler." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Tilføj videregivelse" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Rediger videregivelse" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Fjern videregivelse" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Videregivelse" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Nedlukningsfaciliteten er en letvægtsversion af bruger- og programpolitikker " "til firewalld. Den begrænser ændringer til firewallen. Nedlukningshvidlisten " "kan indeholde kommandoer, sammenhæng og bruger-ID'er." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Sammenhænget er sikkerhedenssammenhænget (SELinux) af et kørende program " "eller tjeneste. Brug ps -e --context for at få sammenhænget af et " "kørende program." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Tilføj sammenhæng" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Rediger sammenhæng" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Fjern sammenhæng" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Sammenhæng" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Hvis et kommandopunkt på hvidlisten slutter med en stjerne '*', så matches " "alle kommandolinjer som starte med kommandoen. Hvis ikke '*' er der, så skal " "den absolutte kommando matche, inklusiv argumenter." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Tilføj kommandolinje" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Rediger kommandolinje" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Fjern kommandolinje" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Kommandolinjer" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Brugernavne." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Tilføj brugernavn" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Rediger brugernavn" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Fjern brugernavn" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Brugernavne" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Bruger-ID'er." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Tilføj bruger-ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Rediger bruger-ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Fjern bruger-ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Bruger-ID'er" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Systemets nuværende standardzone." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Lognægtelse:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Paniktilstand:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatiske hjælpere:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lukning:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standardzone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Indtast venligst et grænsefladenavn:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Grundlæggende IP-sæt-indstillinger" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Konfigurer venligst grundlæggende IP-sæt-indstillinger:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Type:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashstørrelse:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maks. elem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Timeoutværdi i sekunder" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Indledende hashstørrelse, standard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maks. antal elementer, standard 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Vælg venligst et IP-sæt:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Indtast venligst et ipset-punkt:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Lognægtelse" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Vælg venligst en lognægtelsesværdi:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Mærk" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Indtast venligst et mærke med en valgfri maske." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Mærket og maskefeltet er begge 32 bit brede numre uden fortegn." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Mærke:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maske:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Vælg venligst en netfilter conntrack-hjælper:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Vælg -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Andet module:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port og protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Indtast venligst en port eller protokol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direkte regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Vælg venligst ipv og tabel, kæde, prioritet og indtast argumenterne." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritet:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Indtast venligst en protokol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Anden protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rigregel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Indtast venligst en rigregel." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "" "For værts- eller netværkshvidlistning eller -sortlisting deaktivér elementet." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Kilde:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 og ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "omvendt" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "For at aktivere, skal denne handling være 'afvis' og familje skal enten være " "'ipv4' eller 'ipv6' (ikke begge)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "med type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Med grænse:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Præfiks:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Niveau:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Handling:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Grundlæggende tjenesteindstillinger" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Konfigurer venligst grundlæggende tjenesteindstillinger:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Vælg venligst en tjeneste." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Indtast venligst en kilde." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Bruger-ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Indtast venligst bruger-ID'et." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Indtast venligst brugernavnet." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiket" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Grundlæggende zoneindstillinger" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Konfigurer venligst grundlæggende zoneindstillinger:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Standardmål" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Mål:" firewalld-0.8.2/po/en_US.po0000664007115300711530000015571513641112250016654 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Eric Garver , 2020. msgid "" msgstr "" "Project-Id-Version: firewalld\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Eric Garver \n" "Language-Team: English (United States) \n" "Language: en_US\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "Firewall Applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall Configuration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "Select zone for interface '%s'" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Default Zone" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "Select zone for connection '%s'" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Failed to set zone {zone} for connection {connection_name}" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "Select zone for source '%s'" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "Configure Shields Up/Down Zones" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Here you can select the zones used for Shields Up and Shields Down." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "Shields Up Zone:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "Reset To Default" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "Shields Down Zone:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "About %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "Authors" #: ../src/firewall-applet.in:401 msgid "License" msgstr "License" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "Shields Up" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "Enable Notifications" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "Edit Firewall Settings..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Change Zones of Connections..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "Configure Shields UP/Down Zones..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "Block all network traffic" #: ../src/firewall-applet.in:500 msgid "About" msgstr "About" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "Connections" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sources" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Authorization failed." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "Invalid name" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "Name already exists" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Failed to get connections from NetworkManager" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "No NetworkManager imports available" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "No connection to firewall daemon" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "All network traffic is blocked." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "Default Zone: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' active for interface '{interface}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' active for source {source}" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "No Active Zones." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "Connection to FirewallD established." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "Connection to FirewallD lost." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD has been reloaded." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "Default zone changed to '%s'." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "Network traffic is not blocked anymore." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "activated" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "deactivated" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} for interface '{interface}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' activated for interface '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} for source '{source}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' activated for source '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Connection to firewalld established." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Trying to connect to firewalld, waiting..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Changes applied." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Used by network connection '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Default zone used by network connection '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "enabled" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "disabled" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Failed to load icons." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Context" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Command line" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "User name" #: ../src/firewall-config.in:244 msgid "User id" msgstr "User id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Table" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Chain" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priority" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Args" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "Runtime" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "To Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "To Address" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindings" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entry" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp Type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Family" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Action" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comment" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Source" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "Warning" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accept" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reject" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "mark" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "level" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "yes" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "Default Zone: %s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Service '%s' is not available." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remove" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "Ignore" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP type '%s' is not available." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "Built-in zone, rename not supported." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "second" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minute" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hour" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "day" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "warning" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "Built-in service, rename not supported." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Please enter an ipv4 address with the form address[/mask]." #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "The mask can be a network mask or a number." #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Please enter an ipv6 address with the form address[/mask]." #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "The mask is a number." #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Please enter an ipv4 or ipv6 address with the form address[/mask]." #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "Built-in icmp, rename not supported." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "Select zone for source %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Address" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Please enter the command line." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Please enter the context." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Please select default zone from the list below." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direct Chain" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Please select ipv and table and enter the chain name." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Chain:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "security" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Table:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direct Passthrough Rule" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Please select ipv and enter the args." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port Forwarding" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Please select the source and destination options according to your needs." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Port Range:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP address:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Local forwarding" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Forward to another port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Bold entries are mandatory, all others are optional." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Name:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Short:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Description:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Family:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Base ICMP Type Settings" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Please configure base ICMP type settings:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP Type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Please select an ICMP type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Add Entry" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_File" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Options" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Reload Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Change which zone a network connection belongs to." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Change Default Zone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Change default zone for connections or interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Panic mode means that all incoming and outgoing packets are dropped." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panic Mode" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lockdown" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Make runtime configuration permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime To Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_View" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP Types" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direct Configuration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lockdown Whitelist" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Help" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Add Zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Edit Zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remove Zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Load Zone Defaults" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Add Port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edit Port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remove Port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Masquerade zone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Add Forward Port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edit Forward Port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remove Forward Port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Here you can set rich language rules for the zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Add Rich Rule" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Edit Rich Rule" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Remove Rich Rule" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rich Rules" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Add Interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Edit Interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Remove Interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Add Source" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Edit Source" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Remove Source" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Add Service" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Edit Service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remove Service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Load Service Defaults" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Edit Entry" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remove Entry" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Add ICMP Type" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edit ICMP Type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remove ICMP Type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Load ICMP Type Defaults" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Specify whether this ICMP Type is available for IPv4 and/or IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Additional chains for use with rules." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Add Chain" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edit Chain" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Remove Chain" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Chains" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Add a rule with the arguments args to a chain in a table with a priority." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Add Rule" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Edit Rule" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Remove Rule" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Rules" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Please be careful with passthrough rules to not damage the firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Add Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Edit Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Remove Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Add Context" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Edit Context" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Remove Context" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contexts" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Add Command Line" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Edit Command Line" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Remove Command Line" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Command lines" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "User names." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Add User Name" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Edit User Name" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Remove User Name" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "User names" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "User ids." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Add User Id" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Edit User Id" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Remove User Id" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "User Ids" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Current default zone of the system." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panic Mode:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lockdown:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Default Zone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port and Protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Please enter a port and protocol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direct Rule" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Please select ipv and table, chain priority and enter the args." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priority:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Please enter a protocol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Other Protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rich Rule" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Please enter a rich rule." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "For host or network white or blacklisting deactivate the element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Source:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 and ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverted" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "with Type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "With limit:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Level:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Action:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Base Service Settings" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Please configure base service settings:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Please select a service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "User ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Please enter the user id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Please enter the user name." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Base Zone Settings" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Please configure base zone settings:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Default Target" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Target:" #~ msgid "Please enter the module name." #~ msgstr "Please enter the module name." #~ msgid "You need to be root to run %s." #~ msgstr "You need to be root to run %s." #~ msgid "Fork #1 failed: %d (%s)" #~ msgstr "Fork #1 failed: %d (%s)" #~ msgid "Not starting FirewallD, already running." #~ msgstr "Not starting FirewallD, already running." #~ msgid "Unexpected element '%s'" #~ msgstr "Unexpected element '%s'" #~ msgid "Element '%s': missing '%s' attribute" #~ msgstr "Element '%s': missing '%s' attribute" #~ msgid "Element '%s': unexpected attribute '%s'" #~ msgstr "Element '%s': unexpected attribute '%s'" #~ msgid "Connected." #~ msgstr "Connected." #~ msgid "No connection." #~ msgstr "No connection." #~ msgid "Waiting ..." #~ msgstr "Waiting ..." #~ msgid "Retrying ..." #~ msgstr "Retrying ..." #~ msgid "Add entries to bind source addresses or areas to the zone." #~ msgstr "Add entries to bind source addresses or areas to the zone." #~ msgid "" #~ "Add additional ports or port ranges, which need to be accessible for all " #~ "hosts or networks. You can also add protocols without specific ports." #~ msgstr "" #~ "Add additional ports or port ranges, which need to be accessible for all " #~ "hosts or networks. You can also add protocols without specific ports." #~ msgid "Ports and Protocols" #~ msgstr "Ports and Protocols" #~ msgid "Port and/or Protocol" #~ msgstr "Port and/or Protocol" #~ msgid "Please enter a port and/or a protocol." #~ msgstr "Please enter a port and/or a protocol." #~ msgid "PANIC MODE" #~ msgstr "PANIC MODE" #~ msgid "Firewall-applet" #~ msgstr "Firewall-applet" firewalld-0.8.2/po/zh_CN.po0000664007115300711530000016035113641112252016636 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Alick Zhao , 2013 # Christopher Meng , 2012-2013 # Leah Liu , 2007-2010 # Leah Liu , 2005-2006 # Sarah Wang , 2003-2005 # Tommy He , 2012-2013 # Wei Liu , 2014 # Zamir SUN , 2013-2014 # Zamir SUN , 2013 # Zamir SUN , 2015. #zanata # Leah Liu , 2016. #zanata # Zamir SUN , 2016. #zanata # xhuang , 2016. #zanata # Zamir SUN , 2017. #zanata # Eric Garver , 2018. #zanata # Qiyu Yan , 2018. #zanata # Pany , 2019. #zanata # Pany , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Pany \n" "Language-Team: Chinese (Simplified) \n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "防火墙小程序" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "防火墙" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "防火墙配置" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "防火墙;网络;安全;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "为网卡 '%s' 选择区域" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "默认区域" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "为连接 '%s' 选择区域" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "设置 {connection_name} 的区域 {zone} 失败" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "为来源 '%s' 选择区域" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "配置保护开启/关闭区域" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "在这里您可以选择用于开启保护和关闭保护的区域。" #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "这项功能对于在绝大多数时间里使用默认区域的人有用。对于经常改变连接区域的用户" "来说,用处有限。" #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "开启保护区域:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "重设为默认设置" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "关闭保护区域:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "关于 %s" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "作者" #: ../src/firewall-applet.in:401 msgid "License" msgstr "许可证" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "启动保护" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "启用通知" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "编辑防火墙设置..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "更改连接区域……" #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "配置保护开启/关闭区域……" #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "拦截所有网络传输" #: ../src/firewall-applet.in:500 msgid "About" msgstr "关于" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "连接" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "网卡" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "来源" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "认证失败。" #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "无效的名称" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "名称已存在" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "{entry} (区域:{zone})" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (默认区域:{default_zone})" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "从 NetworkManager 获取连接失败" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "没有可用的 NetworkManager 导入" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "没有与防火墙守护进程的连接" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "拦截所有网络传输。" #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "默认区域: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "网卡 '{interface}' 上的连接 '{connection}' 的活动默认区 '{default_zone}'" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "在网卡 '{interface}' 启用连接 '{connection}' 的区域 '{zone}'" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "在网卡 '{interface}' 启用区域 '{zone}'" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "在来源 {source} 启用区域 '{zone}'" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "没有启用区域。" #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "已建立与 FirewallD 的连接。" #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "已失去与 FirewallD 的连接。" #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD 已重新加载。" #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "默认区域已改为 '%s'。" #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "不再拦截网络传输。" #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "已启用" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "已禁用" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "网卡 '{interface}' 上连接 '{connection}' 的默认区 " "'{default_zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "在网卡 '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 " "'{zone}'" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "在网卡 '{interface}' {activated_deactivated} 区域 '{zone}'" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "在网卡 '%s' 启用区域 '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "在来源 '{source}' {activated_deactivated} 区域 '{zone}'" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "在来源 '%s' 已启用区域 '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "已建立至 firewalld 的连接。" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "试图连接至 firewalld,等待中..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "连接 firewalld 失败。请确保该服务已正常启动,然后重试。" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "变更已生效。" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "被网络连接 '%s' 使用" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "网络连接 '%s' 使用的默认区" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "启用" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "禁用" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "载入图标失败。" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "上下文" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "命令行" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "用户名" #: ../src/firewall-config.in:244 msgid "User id" msgstr "用户 ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "表" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "链" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "优先级" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "自变量" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "运行时" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "永久" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "服务" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "端口" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "协议" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "目的端口" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "目的地址" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "绑定" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "条目" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP 类型" #: ../src/firewall-config.in:822 msgid "Family" msgstr "家族" #: ../src/firewall-config.in:826 msgid "Action" msgstr "操作" #: ../src/firewall-config.in:828 msgid "Element" msgstr "元素" #: ../src/firewall-config.in:830 msgid "Src" msgstr "来源" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "目的" #: ../src/firewall-config.in:834 msgid "log" msgstr "日志" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "审计" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "网卡" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "注释" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "来源" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "警告" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "错误" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "接受" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "拒绝" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "丢弃" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "标记" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "限制" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "服务" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "端口" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "协议" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "伪装" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "ICMP 拦截" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "转发端口" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "等级" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "是" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "区域" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "默认区:%s" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "区:%s" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "区域 '%s': 服务 '%s' 不可用。" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "移除" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "忽略" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "区域 '%s': ICMP 类型 '%s' 不可用。" #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "预置区域,不支持重命名。" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "秒" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "分" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "小时" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "天" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "紧急" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "警告" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "严重" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "错误" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "警告" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "提醒" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "信息" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "除错" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "转发至其他系统仅在网卡伪装时才有用。\n" "您想要伪装该区域吗?" #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "预置服务,不支持重命名。" #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "请输入 ipv4 地址,格式为 address[/mask]。" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "该掩码必须为网络掩码或一个数字。" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "请输入 ipv6 地址,格式为 address[/mask]。" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "该掩码为一个数字。" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "请输入 ipv4 或者 ipv6 地址,格式为 address[/mask]。" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "对于 ipv4 地址,该掩码必须为网络掩码或一个数字。\n" "对于 ipv6 地址,则该掩码为一个数字。" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "内置 ipset,不支持重命名。" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "请选择一个文件" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "文本文件" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "所有文件" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "全部" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "内置帮助程序,不支持重命名。" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "预置 ICMP,不支持重命名。" #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "读取文件 %s 失败:%s" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "选择来源 %s 的区域" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "地址" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "自动帮助程序" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "请选择自动帮助程序的值:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "请输入命令行。" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "请输入上下文。" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "请从下面列表选择默认区域。" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "直接链" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "请选择 IPV 及表并输入链名。" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "链:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "原始" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "安全性" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "表:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "直接穿通规则" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "请选择 IPV 并输入参数。" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "参数:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "端口转发" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "请根据您的需要选择来源和目的选项。" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "端口/端口范围:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP 地址:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "协议:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "目标地址" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "如果您允许本地转发,您必须指定一个端口。 这个端口不能和源端口相同。" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "本地转发" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "转发到另一端口" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "基础帮助程序设置" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "请配置基础帮助程序设置:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "粗体项目为必需,其余为可选。" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "名称:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "版本:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "简称:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "描述:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "产品线:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "模块:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "帮助程序" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "请选择帮助程序:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "基本 ICMP 类型设定" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "请配置基本 ICMP 类型设定:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP 类型" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "请选择ICMP类型" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "添加条目" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "以文件添加条目" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "移除所选条目" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "移除全部项" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "从文件中移除条目" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "文件(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "选项(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "重载防火墙" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "重载防火墙规则。当前永久配置将变成新的运行时配置。例如所有仅在运行时配置所做" "的变更若未在永久配置中操作,将在重载后丢失。" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "更改网络连接所属的区域。" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "改变默认区域" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "更改连接或网卡的默认区域。" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "修改 LogDenied" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "修改 LogDenied 值。" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "配置自动帮助程序指派" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "配置自动帮助程序指派设置。" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "应急模式意味着将丢弃所有传入和传出的包。" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "应急模式" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "锁定可以对防火墙配置进行加锁,只允许锁定白名单上的应用程序进行改动。" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "锁定" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "永久设置运行时配置" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "将 Runtime 设定为永久配置" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "查看(V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP 类型" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "帮助程序" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "直接配置" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "锁定白名单" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "活动的绑定" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "帮助(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "更改区域" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "修改绑定的区" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "对区域隐藏连接、网卡和源服务器的激活的运行时绑定" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "对区域显示连接、网卡和源服务器的激活的运行时绑定" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "配置:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "当前可见配置。运行时配置为实际启用的配置。永久配置则会在服务或系统重载或重启" "时启用。" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "FirewallD 区域定义了绑定的网络连接、网卡以及源地址的可信程度。区域是服务、端" "口、协议、IP伪装、端口/报文转发、ICMP过滤以及富规则的组合。区域可以绑定到网卡" "以及源地址。" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "添加区域" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "编辑区域" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "移除区域" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "载入默认区域" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "可以在这里定义区域中哪些服务是可信的。可连接至绑定到这个区域的连接、网卡和源" "的所有主机和网络及可以访问可信服务。" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "服务" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "添加可让允许访问的主机或者网络访问的附加端口或者端口范围。" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "添加端口" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "编辑端口" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "移除端口" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "端口" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "添加所有主机或网络均可访问的协议。" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "添加协议" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "编辑协议" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "删除协议" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "协议" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "添加额外的源端口或范围,它们对于所有可以连接至这台主机的所有主机或网络都需要" "是可以访问的。" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "源端口" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "如果您要设置一台将您的本地网络连接到互联网的主机或者路由器,伪装是很有用的。" "您的本地网络将不可见,且该主机是以单一地址的形式出现在互联网中。伪装仅适用于 " "IPv4。" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "伪装区域" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "如果您启用伪装,将会为您的 IPv4 网络启用 IP 转发。" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "伪装" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "添加条目来转发端口,可以是从本地系统的一个端口到另一个端口,也可以是从本地系" "统到另一个系统。转发到另一个系统只在网卡伪装时有用。端口转发只适用于 IPv4。" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "添加转发端口" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "编辑转发端口" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "移除转发端口" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "互联网控制报文协议(ICMP)主要用于在联网的计算机间发送出错信息,但也发送类似 " "ping 请求以及回应等信息。" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "在列表中标记应该被拒绝的 ICMP 类型。所有其它 ICMP 类型则被允许通过防火墙。默" "认设置是没有限制。" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "如果启用了反向过滤器(Invert Filter),作了标记的 ICMP 条目都被会被接受,而其" "他条目则会被拒绝。在带有目标 DROP 的区里,它们会被丢弃。" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "反向过滤器" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP 过滤器" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "可以在这里为区域设定富语言规则。" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "添加富规则" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "编辑富规则" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "移除富规则" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "富规则" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "增加入口以将网卡加入区域。若网卡已经被连接占用,区域将被设定为连接所指定的区" "域。" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "添加网卡" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "编辑网卡" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "移除网卡" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "添加条目以便在该区域绑定源地址或范围。还可以绑定到 MAC 源地址,但会有所限制。" "端口转发及伪装不适用于 MAC 源绑定。" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "添加来源" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "编辑来源" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "移除来源" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "区域" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "FirewallD 服务是端口、协议、模块和目的地址的组合。" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "添加服务" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "编辑服务" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "移除服务" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "载入默认服务" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "添加可让所有主机或者网络访问的附加端口或者端口范围。" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "编辑条目" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "删除条目" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "添加可让所有主机或者网络访问的其他源端口或者端口范围。" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "源端口" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "需要对某些服务使用网络过滤帮助程序模块。" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "模块" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "如果您指定了目的地址,服务项目将仅限于目的地址和类型。如果两个项目均为空,则" "没有限制。" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "仅可以在永久配置视图中修改服务。运行时配置中的服务是不可修改的。" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "可使用 IPSet 创建白名单或黑名单,以便保存 IP 地址、端口号或者 MAC 地址。 " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "添加 IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "编辑 IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "删除 IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "载入 IPSet 默认设置" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet 条目。只能看到不使用 timeout 选项的 ipset 条目以及已经由 firewalld 添加" "的条目。这里不会列出直接由 ipset 命令添加的条目。" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "这个 IPSet 使用 timeout 选项,因此在这个看不到。应直接使用 ipset 命令处理该条" "目。" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "新增" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "条目" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "只能在永久配置视图中创建或删除 IPSet。" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "FirewallD ICMP 类型为 firewallD 提供因特网控制报文协议 (ICMP) 的信息。" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "添加 ICMP 类型" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "编辑 ICMP 类型" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "移除 ICMP 类型" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "载入默认 ICMP 类型" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "指定是否该 ICMP 类型可用于 IPv4 和/或 IPv6。" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "仅可以在永久配置视图中修改 ICMP 类型。运行时配置中的 ICMP 类型是固定的。" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "正在指派连接跟踪帮助程序,以确保使用不同信号发送和数据传输流程的协议正常工" "作。数据传输使用的是与信号发送连接不相关的端口,因此若没有该帮助程序将会被防" "火墙拦截。" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "定义帮助程序将监视的端口或端口范围。" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "直接配置给予直接访问防火墙方式。这些选项需要用户了解基本的 iptables 概念,比" "如表、链、命令、参数和目标。直接配置应该仅用于当其他 firewalld 功能都不可用时" "的最后手段。" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "每个操作的 IPV 参数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 " "ip6tables,eb 用于以太网桥接(ebtables)。" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "与规则共同生效的附加链。" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "添加链" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "编辑链" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "移除链" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "链" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "添加一个包含参数的规则至具备优先级信息的表中。" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "优先级用于规则排序。优先级0 代表在链顶端添加规则,更大的优先级将添加到链下" "方。优先级相同的规则将具备相同的级别,排序并不固定并有可能变化。如果您想要确" "保一个规则会在另外一个后添加,需为前者指定低优先级而为后者指定高优先级。" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "添加规则" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "编辑规则" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "移除规则" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "规则" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "穿通规则将被直接传递给防火墙而不会放置到特殊链中。可以使用所有 iptables、" "ip6tables 和 ebtables 选项。" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "请小心使用穿通规则,不要损害防火墙。" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "添加穿通" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "编辑穿通" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "移除穿通" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "穿通" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "锁定功能是适用于 firewalld 的轻量级用户和应用程序规范。它保证变更仅限于防火" "墙。锁定白名单可以包含命令、上下文、用户和用户 ID。" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "上下文是正在运行的应用程序或服务的安全(SELinux)上下文。请使用 ps -e --" "context 获取正在运行的应用程序的上下文。" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "添加上下文" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "编辑上下文" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "移除上下文" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "上下文" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "如果在白名单输入的命令以 '*' 星号结尾,则匹配所有以其开头的命令。如果不含 " "'*' 则命令和其中的参数必须绝对匹配。" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "添加命令行" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "编辑命令行" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "移除命令行" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "命令行" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "用户名。" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "添加用户名" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "编辑用户名" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "移除用户名" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "用户名" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "用户 ID。" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "添加用户 ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "编辑用户 ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "移除用户 ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "用户 ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "当前系统的默认区域。" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "LogDenied:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "应急模式:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "自动帮助程序:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "锁定:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "默认区域:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "请输入网卡名称:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "基础 IPSet 设置" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "请配置基础 ipset 设置:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "类型:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "超时:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "哈希大小:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "最大元素数:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "以秒为单位的超时值" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "起始哈希大小,默认为 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "最大元素数,默认为 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "请选择 ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "请输入 ipset 条目:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "已拒绝的日志" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "请选择 Log Denied 值:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "掩码" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "请输入具有可选掩码的掩码。" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "掩码和掩码字段都是 32 位宽的未签名数字。" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "掩码:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "掩码:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "请选择网络过滤 conntrack 帮助程序:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- 选择 -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "其他模块:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "端口和协议" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "请输入端口和协议。" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "直接规则" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "请选择 IPV 及表、链优先级并输入参数。" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "优先级:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "请输入协议。" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "其他协议:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "富规则" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "请输入富规则(rich rule)。" #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "为主机或网络白或黑名单禁用此元素。" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "源:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "目标:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "日志:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "审计:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 及 IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "反转" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "若启用该项,操作需为'reject'并且家族选择'ipv4'或'ipv6'(但不能同时选择)。" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "及类型:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "包含限制:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "前缀:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "等级:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "元素:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "操作:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "基本服务设定" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "请配置基本服务设定:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "请选择一个服务。" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "请输入来源。" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "用户 ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "请输入用户 ID。" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "请输入用户名。" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "标签" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "基本区域设定" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "请配置基本区域设定:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "默认目标" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "目标:" firewalld-0.8.2/po/gu.po0000664007115300711530000020656613641112251016260 0ustar00egarveregarver00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Ankit Patel , 2014 # Ankit Patel , 2004-2008 # Sweta Kothari , 2008 # sweta , 2008-2011 # sweta , 2013 # sweta , 2013 # sweta , 2013-2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-03-30 09:54-0400\n" "PO-Revision-Date: 2015-02-26 09:45+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Gujarati (http://www.transifex.com/projects/p/firewalld/" "language/gu/)\n" "Language: gu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:416 msgid "Firewall Applet" msgstr "ફાયરવોલ ઍપલેટ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ફાયરવોલ" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ફાયરવોલ રૂપરેખાંકન" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "ફાયરવોસ;નેટવર્ક;સુરક્ષા;iptables;netfilter;" #: ../src/firewall-applet.in:92 ../src/firewall-config.in:7988 #, c-format msgid "Select zone for interface '%s'" msgstr "ઇન્ટરફેસ '%s' માટે વિસ્તારને પસંદ કરો" #: ../src/firewall-applet.in:132 ../src/firewall-applet.in:139 #: ../src/firewall-applet.in:145 ../src/firewall-config.in:2448 #: ../src/firewall-config.in:8033 ../src/firewall-config.in:8041 #: ../src/firewall-config.in:8074 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "મૂળભૂત વિસ્તાર" #: ../src/firewall-applet.in:166 ../src/firewall-config.in:8067 #, c-format msgid "Select zone for connection '%s'" msgstr "જોડાણ '%s' માટે વિસ્તારને પસંદ કરો" #: ../src/firewall-applet.in:176 ../src/firewall-config.in:3927 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:190 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:207 msgid "Configure Shields Up/Down Zones" msgstr "શીલ્ડ અપ/ડાઉન વિસ્તારોને રૂપરેખાંકિત કરો" #: ../src/firewall-applet.in:220 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "શીલ્ડ અપ અને શીલ્ડ ડાઉન માટે વાપરેલ વિસ્તારોને તમે અહિંયા પસંદ કરી શકો છો." #: ../src/firewall-applet.in:226 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "આ લક્ષણ મોટેભાગે મૂળભૂત વિસ્તારોની મદદથી લોકો માટે ઉપયોગી છે. વપરાશકર્તાઓ માટે, જોડાણો " "માટે વિસ્તારોને બદલી રહ્યા છે, તે મર્યાદિત વપરાશ હોઇ શકે છે." #: ../src/firewall-applet.in:235 msgid "Shields Up Zone:" msgstr "શીલ્ડ અપ વિસ્તાર:" #: ../src/firewall-applet.in:244 ../src/firewall-applet.in:257 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:248 msgid "Shields Down Zone:" msgstr "શીલ્ડ ડાઉન વિસ્તાર:" #: ../src/firewall-applet.in:340 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:391 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:401 msgid "License" msgstr "" #: ../src/firewall-applet.in:470 msgid "Shields Up" msgstr "શીલ્ડ અપ" #: ../src/firewall-applet.in:477 msgid "Enable Notifications" msgstr "નોંધણીઓને સક્રિય કરો" #: ../src/firewall-applet.in:483 msgid "Edit Firewall Settings..." msgstr "ફાયરવોલ સુયોજનોમાં ફેરફાર કરો..." #: ../src/firewall-applet.in:487 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "જોડાણોનાં વિસ્તારોને બદલો..." #: ../src/firewall-applet.in:491 msgid "Configure Shields UP/Down Zones..." msgstr "શીલ્ડ અપ/ડાઉન વિસ્તારોને રૂપરેખાંકિત કરો..." #: ../src/firewall-applet.in:495 msgid "Block all network traffic" msgstr "બધા નેટવર્ક ટ્રાફિકને બ્લોક કરો" #: ../src/firewall-applet.in:500 msgid "About" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2389 ../src/firewall-config.in:2670 #: ../src/firewall-config.in:2696 msgid "Connections" msgstr "જોડાણો" #: ../src/firewall-applet.in:512 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2477 ../src/firewall-config.in:2673 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:516 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2508 ../src/firewall-config.in:2676 #: ../src/firewall-config.in:2700 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "સ્ત્રોતો" #: ../src/firewall-applet.in:592 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "સત્તાધિકરણ નિષ્ફળ." #: ../src/firewall-applet.in:594 ../src/firewall-config.in:2291 msgid "Invalid name" msgstr "અયોગ્ય દલીલ %s" #: ../src/firewall-applet.in:598 ../src/firewall-config.in:2295 msgid "Name already exists" msgstr "નામ પહેલેથી જ અસ્તિત્વ ધરાવે છે" #: ../src/firewall-applet.in:690 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:697 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:778 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:790 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:868 msgid "No connection to firewall daemon" msgstr "ફાયરવોલ ડિમન માટે જોડાણ નથી" #: ../src/firewall-applet.in:876 ../src/firewall-applet.in:1014 msgid "All network traffic is blocked." msgstr "બધા નેટવર્ક ટ્રાફિક બ્લોક થયેલ છે." #: ../src/firewall-applet.in:880 #, c-format msgid "Default Zone: '%s'" msgstr "મૂળભૂત વિસ્તાર: '%s'" #: ../src/firewall-applet.in:886 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર '{zone}' સક્રિય" #: ../src/firewall-applet.in:901 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ઇન્ટરફેસ '{interface}' માટે વિસ્તાર '{zone}' સક્રિય" #: ../src/firewall-applet.in:909 msgid "Zone '{zone}' active for source {source}" msgstr "સ્ત્રોત {source} માટે વિસ્તાર '{zone}' સક્રિય" #: ../src/firewall-applet.in:913 msgid "No Active Zones." msgstr "સક્રિય વિસ્તારો નથી." #: ../src/firewall-applet.in:972 msgid "Connection to FirewallD established." msgstr "FirewallD માં જોડાણને સ્થાપિત કરેલ છે." #: ../src/firewall-applet.in:984 msgid "Connection to FirewallD lost." msgstr "FirewallD માં જોડાણ ગુમ થયેલ છે." #: ../src/firewall-applet.in:989 msgid "FirewallD has been reloaded." msgstr "FirewallD ને પુન:લાવી દેવામાં આવ્યુ છે." #: ../src/firewall-applet.in:996 #, c-format msgid "Default zone changed to '%s'." msgstr "'%s' માં મૂળભૂત વિસ્તારને બદલેલ છે." #: ../src/firewall-applet.in:1015 msgid "Network traffic is not blocked anymore." msgstr "નેટવર્ક ટ્રાફિક હવે બ્લોક થયેલ નથી." #: ../src/firewall-applet.in:1041 ../src/firewall-applet.in:1095 msgid "activated" msgstr "સક્રિય" #: ../src/firewall-applet.in:1042 ../src/firewall-applet.in:1096 msgid "deactivated" msgstr "નિષ્ક્રિય" #: ../src/firewall-applet.in:1047 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1052 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ઇન્ટરફેસ '{interface}' પર જોડાણ '{connection}' માટે વિસ્તાર " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1057 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "ઇન્ટરફેસ '{interface}' માટે વિસ્તાર '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1080 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ઇન્ટરફેસ '%s' માટે સક્રિય થયેલ વિસ્તાર '%s'" #: ../src/firewall-applet.in:1097 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "સ્ત્રોત '{source}' માટે વિસ્તાર '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1121 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "સ્ત્રોત '%s' માટે સક્રિય થયેલ વિસ્તાર '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "લાગુ થયેલ ફેરફારો." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "નેટવર્ક જોડાણ '%s' દ્દારા વાપરેલ છે" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "સક્રિય" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "નિષ્ક્રિય" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ચિહ્નોને લાવવામાં નિષ્ફળતા." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "વપરાશકર્તા નામ" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2338 msgid "Runtime" msgstr "રનટાઇમ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "કાયમી" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "સેવા" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "પોર્ટ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "પ્રોટોકોલ" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "પોર્ટ પ્રતિ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "સરનામા પ્રતિ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp પ્રકાર" #: ../src/firewall-config.in:822 msgid "Family" msgstr "કુટુંબ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ક્રિયા" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ઘટક" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "અંતિમ મુકામ" #: ../src/firewall-config.in:834 msgid "log" msgstr "લૉગ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ઓડિટ" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "સ્ત્રોત" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2811 #: ../src/firewall-config.in:2859 msgid "Warning" msgstr "ચેતવણી" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ભૂલ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "સ્વીકારો" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3213 #: ../src/firewall-config.in:3711 ../src/firewall-config.in:3859 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "રદ કરો" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "છોડી દો" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3230 #: ../src/firewall-config.in:3718 ../src/firewall-config.in:3860 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "મર્યાદા" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3165 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3656 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "સેવા" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3171 #: ../src/firewall-config.in:3347 ../src/firewall-config.in:3659 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "પોર્ટ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3176 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3669 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "પ્રોટોકોલ" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3181 #: ../src/firewall-config.in:3686 ../src/firewall-config.in:3872 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "માસ્કરેડ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3184 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3672 #: ../src/firewall-config.in:3887 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3189 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3675 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3194 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3678 #: ../src/firewall-config.in:3880 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3203 #: ../src/firewall-config.in:3364 ../src/firewall-config.in:3688 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "સ્તર" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "હાં" #: ../src/firewall-config.in:2452 ../src/firewall-config.in:2492 #: ../src/firewall-config.in:2522 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "વિસ્તાર" #: ../src/firewall-config.in:2465 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2472 ../src/firewall-config.in:2503 #: ../src/firewall-config.in:2533 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2808 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "વિસ્તાર '%s': સેવા '%s' ઉપલબ્ધ નથી." #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "દૂર કરો" #: ../src/firewall-config.in:2812 ../src/firewall-config.in:2860 msgid "Ignore" msgstr "અવગણો" #: ../src/firewall-config.in:2856 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "વિસ્તાર '%s': ICMP પ્રકાર '%s' ઉપલબ્ધ નથી." #: ../src/firewall-config.in:3011 msgid "Built-in zone, rename not supported." msgstr "બિલ્ટ-ઇન વિસ્તાર, નામ બદલવાનું આધારભૂત નથી." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "સેકંડ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "મિનિટ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "કલાક" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "દિવસ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "તત્કાલ" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "સાવધાન" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "જટિલ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ભૂલ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ચેતવણી" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "સૂચના" #: ../src/firewall-config.in:3136 ../src/firewall-config.in:3636 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "જાણકારી" #: ../src/firewall-config.in:3137 ../src/firewall-config.in:3637 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ડિબગ" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3339 ../src/firewall-config.in:3564 #: ../src/firewall-config.in:3588 ../src/firewall-config.in:3643 #: ../src/firewall-config.in:3778 ../src/firewall-config.in:3825 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5031 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "ફોર્વડીંગ એ ફક્ત બીજી સિસ્ટમ માટે ઉપયોગી છે જો ઇન્ટરફેસ માસ્કરેડ છે. " #: ../src/firewall-config.in:5393 msgid "Built-in service, rename not supported." msgstr "બિલ્ટ-ઇન સેવા, નામ બદલવાનું આધારભૂત નથી." #: ../src/firewall-config.in:5602 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5603 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5605 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5606 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5608 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5609 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5793 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5885 ../src/firewall-config.in:5967 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5892 ../src/firewall-config.in:5974 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5897 ../src/firewall-config.in:5979 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6400 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6401 ../src/firewall-config.in:6429 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6406 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6884 msgid "Built-in icmp, rename not supported." msgstr "બિલ્ટ-ઇન icmp, નામ બદલવાનું આધારભૂત નથી." #: ../src/firewall-config.in:7956 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8089 #, c-format msgid "Select zone for source %s" msgstr "સ્ત્રોત %s માટે વિસ્તારને પસંદ કરો" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "સરનામું" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "મહેરબાની કરીને આદેશ વાક્યને દાખલ કરો." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "મહેરબાની કરીને સંદર્ભને દાખલ કરો." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "મહેરબાની કરીને નીચેની યાદીમાંથી મૂળભૂત વિસ્તારને પસંદ કરો." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "સીધી કતાર" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "મહેરબાની કરીને ipv અને કોષ્ટકને પસંદ કરો અને કતાર નામને દાખલ કરો." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "કતાર:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "કાચુ" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "સુરક્ષા" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "કોષ્ટક:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "સીધા પાસથ્રુ નિયમ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "મહેરબાની કરીને ipv ને પસંદ કરો અને દલીલોને દાખલ કરો." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "દલીલો:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "પોર્ટ ફોરવર્ડીંગ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "મહેરબાની કરીને તમારી જરૂરીયાત અનુસાર સ્રોત અને અંતિમ મુકામ વિકલ્પો પસંદ કરો." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "પોર્ટ / પોર્ટ વિસ્તાર:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP સરનામું:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "પ્રોટોકોલ:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "લક્ષ્ય" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "જો તમે સ્થાનિય આગળ ધપાવવાનું સક્રિય કરો, તો તમારે પોર્ટ સ્પષ્ટ કરવો પડે. આ પોર્ટ સ્રોત " "પોર્ટથી અલગ હોવો જોઈએ." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "સ્થાનિય આગળ ધપાવવાનું" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "અન્ય પોર્ટ આગળ ધપાવો" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "બોલ્ડ પ્રવેશો ફરજિયાત છે, બધુ બીજુ વૈકલ્પિક છે." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "નામ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "આવૃત્તિ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ટૂંકુ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "વર્ણન:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "કુટુંબ:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "મૂળભૂત ICMP પ્રકાર સુયોજનો" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "મહેરબાની કરીને મૂળભૂત ICMP પ્રકાર સુયોજનોને રૂપરેખાંકિત કરો:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP પ્રકાર" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "મહેરબાની કરીને ICMP પ્રકારને પસંદ કરો" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "નોંધણીને ઉમેરો" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ફાઈલ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "વિકલ્પો (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld ને પુન:લાવો" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ફાયરવોલ નિયમોને પુન:લાવો. વર્તમાન કાયમી રૂપરેખાંકન એ નવી રનટાઇમ રૂપરેખાંકન બનાવશે. એટલે " "કે બધી રનટાઇમ એ ફક્ત ફેરફારો પૂર્ણ કર્યા જ્યાં સુધી ફરી લાવવાનું એ ફરી લાવવા સાથે ગુમ થઇ " "જાય જો તેઓ કાયમી રૂપરેખાંકનમાં પણ ન આવ્યા હોય." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "બદલો કે જે વિસ્તાર જે નેટવર્ક જોડાણ સાથે સંકળાય છે." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "મૂળભૂત વિસ્તારને બદલો" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "જોડાણો અથવા ઇન્ટરફેસ માટે મૂળભૂત વિસ્તારને બદલો." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "પેનિક સ્થિતિ એનો મતલબ એ થાય કે આવતા અને જતા પેકેટો એ તૂટી જાય છે." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "પેનિક સ્થિતિ" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "લૉકડાઉન ફાયરવોલ રૂપરેખાંકનને તાળુ મારે છે તેથી ફક્ત લૉકડાઉન સફેદયાદી પર ફક્ત કાર્યક્રમો એ " "તેને બદલવા સક્ષમ છે." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "લોકડાઉન" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "કાયમ માટે રનટાઇમ રૂપરેખાંકનને બનાવો" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "કાયમ કરવા માટે રનટાઇમ" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "દૃશ્ય (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP પ્રકારો" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "સીધુ રૂપરેખાંકન" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "લોકડાઉન વાઇટલીસ્ટ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "મદદ (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "રૂપરેખાંકન:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "હાલમાં દૃશ્યમાન રૂપરેખાંકન. રનટાઇમ રૂપરેખાંકન એ ચોક્કસ સક્રિય રૂપરેખાંકન છે. કાયમી રૂપરેખાંકન " "સેવા પછી સક્રિય થશે અથવા સિસ્ટમ રિલોડ અથવા પુન:શરૂ થાય છે." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld વિસ્તાર એ નેટવર્ક જોડાણો, ઇન્ટરફેસ અને વિસ્તારમાં સરનામાં બાઉન્ડ માટે " "વિસ્તારનાં સ્તરને વ્યાખ્યાયિત કરે છે. વિસ્તાર એ સેવાઓ, પોર્ટ, પ્રોટોકોલ, માસ્કરેડીંગ, પોર્ટ/" "પેકેટ ફોર્વડીંગ, icmp ફિલ્ટરો અને કિંમતી નિયમોને બેગુ કરે છે. વિસ્તાર ઇન્ટરફેસ અને સ્ત્રોત " "સરનામાંને બાઉન્ડ કરી શકે છે." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "વિસ્તારને ઉમેરો" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "વિસ્તારમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "વિસ્તારને દૂર કરો" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "મૂળભૂત વિસ્તારોને લાવો" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "અહિંયા તમે વ્યાખ્યાયત કરી શકો છો કે જે સેવાઓ વિસ્તારમાં વિશ્ર્વાસપાત્ર છે. વિશ્ર્વાસપાત્ર " "સેવાઓ બધા યજમાનો અને નેટવર્કોમાંથી વાપરી શકાય છે કે જે જોડાણો, ઇન્ટરફેસ અને આ વિસ્તારમાં " "સ્ત્રોત બાઉન્ડ સુધી પહોંચી શકાય છે." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "સેવાઓ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "વધારાનાં પોર્ટ અને પોર્ટ સીમાઓને ઉમેરો, કે જે બધા યજમાનો અથવા નેટવર્કો માટે વાપરવાની " "જરૂર છે કે જે મશીન માટે જોડાઇ શકે છે." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "પોર્ટ પ્રતિ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "પોર્ટમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "પોર્ટને દૂર કરો" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "પોર્ટ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "માસ્કરેડીંગ તમને યજમાન અથવા રાઉટર સુયોજીત કરવા માટે પરવાનગી આપે છે કે જે તમારા સ્થાનિક " "નેટવર્કને ઈન્ટરનેટ સાથે જોડે. તમારું સ્થાનિક નેટવર્ક દૃશ્યમાન હશે નહિં અને ઈન્ટરનેટ માટે એક " "યજમાન તરીકે દેખાશે. માસ્કરેડીંગ એ માત્ર IPv4 હોય છે." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "માસ્કરેડ વિસ્તાર" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "જો તમે માસ્કરેડીંગને સક્રિય કરો તો, IP ફોર્વડીંગ એ તમારાં IPv4 નેટવર્કો માટે સક્રિય થશે." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "માસ્કરેડીંગ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "સ્થાનિક સિસ્ટમ પર એક પોર્ટમાંથી અન્ય પર પોર્ટો આગળ ધપાવવા માટે કે સ્થાનિક સિસ્ટમમાંથી " "અન્ય સિસ્ટમ પર આગળ ધપાવવા માટે પ્રવેશો ઉમેરો. અન્ય સિસ્ટમમાં આગળ ધપાવવાનું એ માત્ર ત્યારે " "જ ઉપયોગી છે જો ઈન્ટરફેસ માસ્કરેડ થયેલ હોય. પોર્ટ આગળ ધપાવવાનું એ માત્ર IPv4 છે." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ફોર્વડ પોર્ટને ઉમેરો" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ફોર્વડ પોર્ટમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ફોર્વડ પોર્ટને દૂર કરો" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) એ મુખ્યત્વે નેટવર્ક કમ્પ્યૂટરો વચ્ચે ભૂલ સંદેશાઓ " "મોકલવા માટે વપરાય છે, પરંતુ વધુમાં જાણકારી સંદેશાઓ માટે જેમ કે પીંગ અરજીઓ અને પ્રત્યુત્તરો " "માટે." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ICMP પ્રકારોને યાદીમાં ચિહ્નિત કરો, કે જેઓ નકારાવા જોઈએ. બાકીના બધા ICMP પ્રકારો " "ફાયરવોલ પસાર કરવા માટે માન્ય છે. મૂળભૂત એ કોઈ મર્યાદા નથી." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ગાળક" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "અહિંયા તમે વિસ્તાર માટે કિંમતી ભાષા નિયમોને સુયોજિત કરી શકાય છે." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "મજબૂત નિયમ ઉમેરો" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "મજબૂત નિયમમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "મજબૂત નિયમને દૂર કરો" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "કિંમતી નિયમો" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "વિસ્તારમાં ઇન્ટરફેસને બાઇન્ડ કરવા માટે નોંધણીને ઉમેરો. જો ઇન્ટરફેસ એ જોડાણ દ્દારા વાપરેલ " "હશે, વિસ્તાર એ જોડાણનાં ખાસ વિસ્તારમાં સુયોજિત હશે." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ઇન્ટરફેસને ઉમેરો" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ઇન્ટરફેસમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ઇન્ટરફેસને દૂર કરો" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "સ્ત્રોતને ઉમેરો" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "સ્ત્રોતમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "સ્ત્રોતને દૂર કરો" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "વિસ્તારો" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld સેવા એર પોર્ટ, પ્રોટોકોલ, મોડ્યુલો અને લક્ષ્ય સરનામાંનું સંયોજન છે." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "સેવાને ઉમેરો" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "સેવામાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "સેવાને દૂર કરો" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "સિસ્ટમ મૂળભૂતને લાવો" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "નોંધણી માં પ્રવેશ કરો" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "નોંધણી દૂર કરો" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "મોડ્યુલો" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "જો તમે લક્ષ્ય સરનામાંને સ્પષ્ટ કરો તો, સેવા પ્રવેશ એ લક્ષ્ય સરનામાં અને પ્રકારને મર્યાદિત " "કરશે. જો બંને નોંધણી ખાલી હોય તો, ત્યાં મર્યાદા નથી." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "સેવાઓ ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. સેવાઓની રનટાઇમ રૂપરેખાંકન સુધારેલ છે." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype એ firewalld માટે Internet Control Message Protocol (ICMP) " "પ્રકાર માટે જાણકારીને પૂરુ પાડે છે." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP પ્રકારને ઉમેરો" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP પ્રકારમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP પ્રકારને દૂર કરો" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP પ્રકાર મૂળભૂતોને લાવો" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "સ્પષ્ટ કરો શું આ ICMP પ્રકાર એ IPv4 અને/અથવા IPv6 માટે ઉપલબ્ધ છે." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP પ્રકારો ફક્ત કાયમી રૂપરેખાંકન દૃશ્યમાં બદલી શકાય છે. ICMP પ્રકારોની રનટાઇમ " "રૂપરેખાંકન સુધારેલ છે." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "સીધુ રૂપરેખાંકન એ firewall માં સીધો વપરાશ આપે છે. આ વિકલ્પો એ મૂળ iptables ખ્યાલોને " "જાણવા વપરાશકર્તાને જરૂરી છે એટલે કે કોષ્ટકો, કતારો, આદેશો, પરિમાણો અને લક્ષ્યો. સીધુ " "રૂપરેખાંકન એ છેલ્લા પુન:ક્રમાંકિત તરીકે ફક્ત વાપરવુ જોઇએ જ્યારે તે બીજા firewalld લક્ષણોને " "વાપરવા શક્ય નથી." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "દરેક વિકલ્પની ipv દલીલ એ ipv4 અથવા ipv6 અથવા eb હોવી જ જોઇએ. ipv4 સાથે તે " "iptables માટે હશે, ipv6 સાથે ip6tables માટે હશે અને eb સાથે ઇથરનેટ બ્રિજ માટે હશે " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "નિયમો સાથે વાપરવા માટે વધારાની કતારો." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "કતાર ઉમેરો" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "કતારમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "કતારને દૂર કરો" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "કતારો" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "પ્રાધાન્ય સાથે કોષ્ટકમાં કતાર માટે દલીલો સાથે નિયમને ઉમેરો." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "પ્રાધાન્ય નિયમોને ક્રમાંકિત કરવા વાપરેલ છે. પ્રાધાન્ય 0 નો મતલબ થાય કે કતારની ટોચ પર " "નિયમને ઉમેરો, ઉચ્ચ પ્રાધાન્ય સાથે નિયમ આગળ ઉમેરાશે. એજ પ્રાધાન્ય સાથે નિયમો એજ સ્તર પર છે " "અને આ નિયમોનો ક્રમ સુધારેલ નથી અને બદલી શકાય છે. જો તમે ખાતરી કરવા માંગો તો નિયમ " "બીજા એક પછી ઉમેરાશે, પહેલી માટે નીચા પ્રાધાન્યને વાપરો અને નીચેનાં માટે ઉચ્ચ." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "નિયમને ઉમેરો" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "નિયમમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "નિયમને દૂર કરો" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "નિયમો" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "પાસથ્રુ નિયમો એ સીધુ firewall મારફતે પસાર થયેલ છે અને ખાસ કતારોમાં સ્થિત થયેલ છે. બધા " "iptables, ip6tables અને ebtables વિકલ્પોને વાપરી શકાય છે." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "મહેરબાની કરીને પાસથ્રુ નિયમો એ ફાયરવોલને ઇજા પહોંચાડે નહિં તે રીતે સાચવો." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "પાસથ્રુને ઉમેરો" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "પાસથ્રુમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "પાસથ્રુને દૂર કરો" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "પાસથ્રુ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "લોકડાઉન લક્ષણ એ firewalld માટે વપરાશકર્તા અને કાર્યક્રમ પોલિસીઓની આવૃત્તિ છે. તે " "ફાયરવોલ માટે ફેરફારોને મર્યાદિત કરે છે. લોકડાઉન વાઇટલીસ્ટ એ આદેશો, સંદર્ભો, વપરાશકર્તા " "અને વપરાશકર્તા ids ને સમાવે છે." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "સંદર્ભ ઉમેરો" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "સંદર્ભમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "સંદર્ભ દૂર કરો" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "સંદર્ભ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "જો વાઇટલીસેટ પર આદેશ પ્રવેશ એ એસ્ટ્રીંક '*' સાથે અંત થાય તો, પછી બધા આદેશ સાથે શરૂ થતા " "આદેશ વાક્યો એ બંધબેસશે. જો '*' ત્યાં ન હોય તો ખાસ આદેશ સમાવતી દલીલો બંધબેસવી જ જોઇએ." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "આદેશ વાક્યને ઉમેરો" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "આદેશ વાક્યમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "આદેશ વાક્યને દૂર કરો" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "આદેશ વાક્યો" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "વપરાશકર્તા નામો." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "વપરાશકર્તા નામને ઉમેરો" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "વપરાશકર્તાનામમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "વપરાશકર્તાનામને દૂર કરો" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "વપરાશકર્તા નામો" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "વપરાશકર્તા ids." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "વપરાશકર્તા Id ને ઉમેરો" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "વપરાશકર્તા Id માં ફેરફાર કરો" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "વપરાશકર્તા Id ને દૂર કરો" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "વપરાશકર્તા ids" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "સિસ્ટમનો વર્તમાન મૂળભૂત વિસ્તાર." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "પેનિક સ્થિતિ:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "લોકડાઉન:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "મૂળભૂત વિસ્તાર:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "પોર્ટ અને પ્રોટોકોલ" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "મહેરબાની કરીને પોર્ટ અને પ્રોટોકોલને દાખલ કરો." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "સીધો નિયમ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "મહેરબાની કરીને ipv અને કોષ્ટકને પસંદ કરો, કતાર પ્રાધાન્ય અને દલીલોને દાખલ કરો." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "પ્રાધાન્ય:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "મહેરબાની કરીને પ્રોટોકોલને દાખલ કરો." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "બીજા પ્રોટોકોલ:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "કિંમતી નિયમ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "કિંમતી નિયમ દાખલ કરો." #: ../src/firewall-config.glade.h:255 msgid "For host or network white or blacklisting deactivate the element." msgstr "યજમાન માટે અથવા નેટવર્ક સફેદ અથવા કાળી યાદી ઘટકને નિષ્ક્રિય કરે છે." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "સ્ત્રોત:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "લક્ષ્ય:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "લૉગ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ઓડિટ:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 અને ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ઉલટુ કરાયેલું" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "આને સક્રિય કરવા માટે ક્રિયા 'રદ કરો' હોવી જોઇએ અને પરિવાર પ્રકાર 'ipv4' અથવા " "'ipv6' (બંને નહિ) હોવો જોઇએ." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "પ્રકાર સાથે:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "મર્યાદા સાથે:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "પૂર્વગ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "સ્તર:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ઘટક:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ક્રિયા:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "મૂળભૂત સેવા સુયોજનો" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "મહેરબાની કરીને મૂળભૂત સેવા સુયોજનોને રૂપરેખાંકિત કરો:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "મહેરબાની કરીને સેવાને પસંદ કરો." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "વપરાશકર્તા ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "મહેરબાની કરીને વપરાશકર્તા id ને દાખલ કરો." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "મહેરબાની કરીને વપરાશકર્તા નામને દાખલ કરો." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "મૂળભૂત વિસ્તાર સુયોજનો" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "મહેરબાની કરીને મૂળભૂત વિસ્તાર સુયોજનોને રૂપરેખાંકિત કરો:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "મૂળભૂત લક્ષ્ય" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "લક્ષ્ય:"